* so the PAC-based session secret is always preserved. It'll be
* overwritten if the server refuses resumption.
*/
- if (s->session->session_id_length > 0
- || (SSL_IS_TLS13(s)
- && s->session->ext.tick_identity
- != TLSEXT_PSK_BAD_IDENTITY)) {
+ if (s->session->session_id_length > 0) {
tsan_counter(&s->session_ctx->stats.sess_miss);
if (!ssl_get_new_session(s, 0)) {
/* SSLfatal() already called */