1 (edited by cxenof03 2021-03-22 16:14:46)

Topic: Session ticket creation in TLS 1.3 handshake with resumption

Hello,
I am using the server client example of the wolfssl library and I am currently trying to implement a custom NewSessionTicketin the handshake procedure with resumption.
I am running my server/client with

server/client -v 4 -r -s

commands.
According to the official TLS 1.3 documentation: https://tools.ietf.org/html/rfc8446#section-2.2 the NewSessionTicket ticket is sent at the fourth message of the server. Thus I was not able to locate at which exact point of the code the new session ticket is created so I could deploy there my custom session ticket. The only thing that I was able to observe is that the msgType becomes 4 which maps to session_ticket after the 6th message of the handshake. Additionally, this ticket will be created when a custom psk_key_exchange_modes is sent by the client. I have created this custo exchange mode as you can see in figure [img]psk_key_exchange_mode.PNG[/img].

At which part of the code should I implement the new custom NewSessionTicket ? How does the server choose a psk_key_exchange_mode in general, so I could use it to create that custom session ticket ?

Thank you in advance

Post's attachments

psk_key_exchange_mode.PNG
psk_key_exchange_mode.PNG 17.42 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: Session ticket creation in TLS 1.3 handshake with resumption

Hi Christos,

I'd be interested to hear about you new key exchange mode!

The function that creates the NewSessionTicket is SendTls13NewSessionTicket() and the function that parses it is DoTls13NewSessionTicket() in wolfssl/src/tls13.c

Key exchange modes are handled on the server in DoPreSharedKeys() in wolfssl/src/tls13.c.

Try calling wolfSSL_set_group_messages() and this will send fewer messages which may then line up the packets sent with what you expect.
Detailed logging can be produced with wolfSSL TLS 1.3 with WOLFSSL_DEBUG_TLS.
Note you will need to enable logging output.

Sean
--
Sean Parkinson, wolfSSL

Share

Re: Session ticket creation in TLS 1.3 handshake with resumption

Thank you Sean,

Your answer was helpful indeed. Therefore to be honest I did not understand what you mean exactly with the

Try calling wolfSSL_set_group_messages() and this will send fewer messages which may then line up the packets sent with what you expect

Best,
Chris

Share