Document when a new session ticket gets created on resumption

author Matt Caswell <matt@openssl.org>

Tue, 8 May 2018 15:28:44 +0000 (16:28 +0100)

committer Matt Caswell <matt@openssl.org>

Fri, 11 May 2018 13:51:08 +0000 (14:51 +0100)
author Matt Caswell <matt@openssl.org>
Tue, 8 May 2018 15:28:44 +0000 (16:28 +0100)
committer Matt Caswell <matt@openssl.org>
Fri, 11 May 2018 13:51:08 +0000 (14:51 +0100)
diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod

index c7b51dd16b85404633be7e88c3a8391347629ec9..306653422353ea5f5715cb5faf574a2e4c49e4b0 100644 (file)
--- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod
+++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod
@@ -77,6 +77,12 @@ the key that was used to encrypt the session ticket.
  When the B<gen_cb> callback is invoked, the SSL_get_session() function can be
  used to retrieve the SSL_SESSION for SSL_SESSION_set1_ticket_appdata().
  
+By default, in TLSv1.2 and below, a new session ticket is not issued on a
+successful resumption and therefore B<gen_cb> will not be called. In TLSv1.3 the
+default behaviour is to always issue a new ticket on resumption. In both cases
+this behaviour can be changed if a ticket key callback is in use (see
+L<SSL_CTX_set_tlsext_ticket_key_cb(3)>).
+
  =head1 RETURN VALUES
  
  The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and
author	Matt Caswell <matt@openssl.org>
	Tue, 8 May 2018 15:28:44 +0000 (16:28 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 11 May 2018 13:51:08 +0000 (14:51 +0100)