The NewSessionTicket message is not optional. Per RFC 4507, section 3.3: This message [NewSessionTicket] MUST be sent if the server included a SessionTicket extension in the ServerHello. This message MUST NOT be sent if the server did not include a SessionTicket extension in the ServerHello. The presence of the NewSessionTicket message should be determined entirely from the ServerHello without probing. RT#4389 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4ede88e..8da3e9b 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c
@@ -341,9 +341,11 @@ break; case TLS_ST_CW_FINISHED: - if (mt == SSL3_MT_NEWSESSION_TICKET && s->tlsext_ticket_expected) { - st->hand_state = TLS_ST_CR_SESSION_TICKET; - return 1; + if (s->tlsext_ticket_expected) { + if (mt == SSL3_MT_NEWSESSION_TICKET) { + st->hand_state = TLS_ST_CR_SESSION_TICKET; + return 1; + } } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) { st->hand_state = TLS_ST_CR_CHANGE; return 1;