Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Introduction
Terminology- Ticket
A ‘TICKET’ is defined as a cryptographically protected data
structure that is created by a server and consumed by it to rebuild
session-specific state.
Protocol
As the word suggests, it is the set of rules which would
specify the mechanism of distribution of encrypted session state
information in the form of a ticket (as defined above).
The ticket is created by the TLS server and sent to the
TLS client, when the TLS client wants to resume a session it presents
the ticket to the TLS server. The ticket is distributed to the client using
the “NewSessionTicket” TLS handshake message, this message is sent
during the TLS handshake before the “ChangeCipherSpec” message,
after the server has successfully verified the client's Finished message.
Overview
If the server wants to use this mechanism, it stores its session state
(such as cipher suite and master secret) to a ticket that is encrypted
and integrity-protected by a key known only to the server.
When the client sends the ticket to the server it includes the
SessionTicket extension with its message, then the server decrypts the
received ticket and verifies the tickets validity, retrieves the current
session state and resumes the client session.
Now, if the server verifies the client’s ticket successfully then it may
renew the ticket by the “NewSessionTicket” Handshake message. It
may also be possible that the server does not want to issue a session
ticket to the client at that point of time, in this case it just finishes the
handshake without issuing a session ticket or a new session ticket.
If the server rejects the ticket, it may still wish to give a new session
ticket after performing the full handshake.
If the server fails to verify the ticket, then it falls back to performing a
full handshake. If the ticket is accepted by the server but the
handshake fails, the client SHOULD delete the ticket.
Expected Execution