From: Matt Caswell <matt@openssl.org>
Date: Tue, 8 May 2018 15:28:44 +0000 (+0100)
Subject: Document when a new session ticket gets created on resumption
X-Git-Tag: OpenSSL_1_1_1-pre7~64
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2448bb8cf71b383d39433f8af891232c60392868;p=oweals%2Fopenssl.git

Document when a new session ticket gets created on resumption

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6198)
---

diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod
index c7b51dd16b..3066534223 100644
--- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod
+++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod
@@ -77,6 +77,12 @@ the key that was used to encrypt the session ticket.
 When the B<gen_cb> callback is invoked, the SSL_get_session() function can be
 used to retrieve the SSL_SESSION for SSL_SESSION_set1_ticket_appdata().
 
+By default, in TLSv1.2 and below, a new session ticket is not issued on a
+successful resumption and therefore B<gen_cb> will not be called. In TLSv1.3 the
+default behaviour is to always issue a new ticket on resumption. In both cases
+this behaviour can be changed if a ticket key callback is in use (see
+L<SSL_CTX_set_tlsext_ticket_key_cb(3)>).
+
 =head1 RETURN VALUES
 
 The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and