If it is a new session don't send the old TLS ticket: send a zero length

ticket to request a new session.

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 401aa5e4ce90df7fabaaf173d09ce546b0bb8e6c..db2bd6b6a8edcbcae412c08dc7e477a78fb2d183 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -365,7 +365,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
        if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
                {
                int ticklen;
-               if (s->session && s->session->tlsext_tick)
+               if (!s->new_session && s->session && s->session->tlsext_tick)
                        ticklen = s->session->tlsext_ticklen;
                else if (s->session && s->tlsext_session_ticket &&
                         s->tlsext_session_ticket->data)