How to turn off session resumption?

[Rob LoPresti]

Hi, 

I am running Conscrypt 2.5.1 on Android. 

Is there a way to turn off session resumption?

• In openssl we had the options SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION and SSL_SESS_CACHE_OFF.
• I have tried Conscrypt.setClientSessionCache and Conscrypt.setServerSessionCache thinking that it would be related to the session cache, but it still resumes the initial connection.

TIA,

[Yuri Schimke]

Non authoritative response... 

For TLSv1.3 can you use Conscrypt.setUseSessionTickets (in Android 10 it's at android.net.ssl.SSLSockets)

My experience with Conscrypt and sessions in TLSv1.2 is that this isn't yet designed as a public API. So you might find yourself off the beaten track. I would have expected setting the session cache to work though for TLSv1.2 (not not TLSv1.3).

In case it helps, outside the Conscrypt project I have some test code around this area.

Confirming when session reuse *is* working with Conscrypt https://github.com/square/okhttp/pull/6576/files

And more generally some helpers for JSSE if you need to test and understand between JSSE+Conscrypt. https://github.com/square/okhttp/pull/6579

--
You received this message because you are subscribed to the Google Groups "conscrypt" group.
To unsubscribe from this group and stop receiving emails from it, send an email to conscrypt+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/conscrypt/219bbc8f-eefa-4ece-b1e1-f8c00bd6fbadn%40googlegroups.com.

[Rob LoPresti]

Thanks Yuri for the insight, much appreciated.

Agreed, it seemed like session cache should have have worked for TLSv1.2. I replaced both SSLServerSessionCache and SSLClientSessionCache with empty classes. And they don't even get called.

As a side note, it is interesting to see that Conscrypt.setServerSessionCache(SSLContext context, SSLServerSessionCache cache) is a public method, but interface SSLServerSessionCache is left as internal.

Makes it difficult to implement our own cache.