Questions about TLS reuse. (+ One more question about TLS)

Asked 2 years ago, Updated 2 years ago, 56 views

I heard that session tickets are used for TLS reuse.

If the client presents the server with the Session ID value that the server gave during the last connection, Is it a different mechanism than the server skipping the intermediate process and sending Change Cipher Spec, Finished right away?

I want to know if recycling Session ID is called a session ticket or if there is a separate value called Session Ticket.

I have another question After sending Server Hello, Certificate, Server Key Exchange, and Server Hello Done from the server, I have a question because the value of the client sending Client Key Exchange is different from what I learned.

I learned that the Client Key Exchange course delivers RSA Encrypted PreMaster Secret The packet I captured does not contain PreMaster Secret

It only comes out like this.

And after that, I can see something called Encrypted Handshake Massage that I've never learned before Are we exchanging premaster secrets here?

ssl tls

2022-09-22 22:02

1 Answers

1. When I captured the document and packet, Session Ticket and Session ID exist separately.
(See 3.4 at https://www.ietf.org/rfc/rfc5077.txt)

Session ID and Session Ticket for Client Hello

2. In the following document, the RSA encrypted master secret message is 48 bytes, but the Encrypted Handshake Message is the same as 48 bytes, so I think it is the same.

Note: https://www.ipa.go.jp/security/rfc/RFC2246-07EN.html#747


2022-09-22 22:02

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.