TLS session resumption

I use Caddy 1.0.3 (webserver written in GO), I have TLS 1.0-TLS 1.2 allowed, and GO supports only the tickets option of session resumption (the TLS session data is stored on the client side).

Now I’m not quite sure about when the TLS resumption should occur. Regardless of ticket lifetime (which I think is a week by default) and Session Ticket Encryption Key (which are rotated every 10 hours and Caddy “remembers” the last 4) - so non of those should be the issue.

As far as I understand the session resumption should occur whenever the ticket is still valid and the browser hasn’t been restarted, which means that even if I changed my IP address, the TLS ticket should still work.
But that’s not the case for me; when I access the webserver (using both Chrome and Firefox) I get a TLS ticket, which remains valid throughout surfs to that webserver, but when I change my IP address (either by proxy or changing WIFI) the ticket is not accepted on the server side and a full TLS handshake is made, in which I get a new ticket.

So my main question: does TLS session resumption only work within a TCP session and whenever a new TCP session is started the former TLS ticket becomes invalid?

I think you identical question on Stack Overflow has been answered:

‘Does TLS session resumption only work within a TCP session’: no, but it only works between the same peers.

Well reverified it on a clean installation and it works well. So I messed something up, this can be closed

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.