aws
Rust bindings for supporting session resumption with 1.2 + 1.3 as a client
Problem:
For clients wanting to support session resumption with tickets, you could use the api
conf_builder.set_session_ticket_callback(SessionTicketCallback)?;
today. However, this doesn't take into account TLS 1.2 servers that implement SessionIds.
One workaround would be to use conn.session_ticket() but that returns either a SessionId or SessionTicket or none (TLS 1.3) which have overlaps with the session ticket callback mechanism.
Solution:
Option 1. Provide a callback like for SessionTicket but for SessionId Option 2. Provide a function that returns SessionId without session ticket.
Summarizing some offline discussion: conn.session_ticket does work, but it is a confusing experience for customers. Customers want an explicitly mechanism to support session_ids, which shouldn't rely on internal implementation details and should be clearly documented.
Option 1: a new callback to working with SessionIDs Option 2: a new function that returns SessionIDs (and would never return session tickets)
In the case of Option 2, we should consider changing the behavior of conn.session_ticket() to never return a session id.
Example confusion: A TLS 1.2 server does not return session tickets, but does have a session ID. This session ID is not resumable. A client calls conn.session_ticket() which returns something. They think that have a session ticket, and therefore session resumption will work. But conn.session_ticket() was actually just returning the session ID, which has a much lower change of supporting resumption. This is confusing for the customer.
This is likely something that we could address in https://github.com/aws/s2n-tls/issues/5154