Session ticket renewal regarding RFC 5077 TLS session resumption

Robert Naundorf robenau at
Thu Oct 29 21:23:33 UTC 2020


I have a question on TLS session resumption with client-side session
tickets and its implementation in nginx.

RFC 5077, section 3.3, paragraph 2 reads:
If the server successfully verifies the client's ticket, then it MAY renew
the ticket by including a NewSessionTicket handshake message after the
ServerHello in the abbreviated handshake. The client should start using the
new ticket as soon as possible ...

Which seems very reasonable to me. That way the session could continue
without the need of a costly full handshake. It could continue virtually
forever, as long as the client resumes the session within the time window
configured by ssl_session_timeout.

However, it appears to me that nginx will not issue a new session ticket
proactively before ssl_session_timeout elapses.
So session resumption works fine within ssl_session_timeout and nginx
initiates a full handshake once the timeout has expired.

Searching the interwebs I found an old trac issue ( including a patch, where it was
reported that clients do not seem to support this kind of behavior.
And then there is ticket 1892 (
which is about session ticket renewal on TLS 1.3 (in my case it is TLS 1.2)
but says that the setting ssl_session_ticket_key plays a role for this

So is my expectation and my understanding of RFC 5077 correct? And what is
the current implementation in nginx?

Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list