goto err;
}
s->session->session_id_length = sess_len;
+ s->session->not_resumable = 0;
/* This is a standalone message in TLSv1.3, so there is no more to read */
if (SSL_IS_TLS13(s)) {
dtls1_start_timer(s);
}
} else {
- /*
- * In TLSv1.3 we update the cache as part of processing the
- * NewSessionTicket
- */
- if (!SSL_IS_TLS13(s))
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * We encourage applications to only use TLSv1.3 tickets once,
+ * so we remove this one from the cache.
+ */
+ if ((s->session_ctx->session_cache_mode
+ & SSL_SESS_CACHE_CLIENT) != 0)
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ } else {
+ /*
+ * In TLSv1.3 we update the cache as part of processing the
+ * NewSessionTicket
+ */
ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+ }
if (s->hit)
CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard,
s->session_ctx->lock);
if (maxprot == TLS1_3_VERSION) {
/*
* In TLSv1.3 we should have created a new session even though we have
- * resumed.
+ * resumed. Since we attempted a resume we should also have removed the
+ * old ticket from the cache so that we try to only use tickets once.
*/
if (use_ext_cache
&& (!TEST_int_eq(new_called, 1)
- || !TEST_int_eq(remove_called, 0)))
+ || !TEST_int_eq(remove_called, 1)))
goto end;
} else {
/*