Re: [TLS] Extensions and session resumption

[<Pasi.Eronen at nokia.com>]

Mike wrote:
> 
> It's late, so I might be missing something, but I can't find any
> information about what clients and servers should put into hello
> extensions when they intend to resume a previous session.  It is
> implied that all that is necessary is for the session ID to match
> that of the previous session (and the client MUST include the
> particular cipher suite and compression algorithm), but nothing is
> said about whether the client needs to specify the same list of
> extensions (with the same values presumably), or if the server must
> include them in the server hello response.
> 
> My code wants at least the server name extension to be in the client
> hello in order for the server to easily find the cached session
> (since you can set up multiple session caches).  But it also makes
> some sense to require the inclusion of truncated HMAC, for example.

Since the client can't know whether the server will actually resume
the session, or start a full handshake, it needs to include all the
extensions in the Client Hello to achieve correct behavior.

For example, if the client omitted server_name (although it had
included it previously), the full handshake might fail because
the server might pick a different identity (certificate).

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls