SSL_new_session_ticket Support for QUIC

[nibanks]

It seems SSL_new_session_ticket needs some updated to make it work with QUIC. It should allow QUIC servers to manually trigger a new session ticket to be sent.

[nibanks]

@kaduk any idea how complicated this change would be? Is it something I (with extremely limited knowledge of OpenSSL) would be able to figure out? How big of a change would it be? I think this is the last thing that we'd need for complete 0-RTT support in MsQuic.

[kaduk]

Hey @nibanks thanks for checking back -- it's been a crazy week here!
I expect that the core of the change is just going to be kaduk@a2c9d10 but I want to come up with some way of testing that it works as intended before putting it in a PR. That said, if MSQuic finds it usable, that's a pretty good indication...

[nibanks]

Thanks @kaduk. That's a pretty simple change. :) So, how exactly is this expected to work. Do I call SSL_new_session_ticket and that should directly trigger my add_handshake_data handler? Or do I need to call SSL_process_quic_post_handshake afterwards?

[kaduk]

My expectation (again, untested), is that you call SSL_new_session_ticket(.); SSL_do_handshake(.) and that will provide the encoded ticket to the server's add_handshake_data() routine and kick off whatever bits are needed to send it to the client in a CRYPTO frame. The client would then process the contents of the CRYPTO frame with its add_handshake_data() function before calling SSL_process_quic_post_handshake() to do the TLS processing of the ticket.

[nibanks]

@kaduk I just started looking at this, and it seem this is 3.0 specific code? Is there something I can CP to 1.1.1 to get the prereq first?

[kaduk]

@nibanks Yes, this is only in 3.0 at the moment.
The three commits in openssl#11416 should be the only ones that are relevant. The first two look to cherry-pick cleanly (did not build-test) and the last one is just make update, which can be re-run in the 1.1.1 tree to get the needed artifacts.

[nibanks]

After I manually integrates those changes into 1.1.1 and wired up MsQuic to call SSL_new_session_ticket it seems to be working. I just need to get the receive side wired up now. Thanks @kaduk. Any chance of that PR getting cherry-picked to 1.1.1 quictls?

[kaduk]

I expect that we can put the whole thing in 1.1.1 quictls once this last bit lands on 3.0.0 quictls, yes.
My default plan would be to try to get this two-line change into stock openssl before putting it in quictls, but I'm not actually tied to that if it's helpful to get it in quictls faster.

[nibanks]

I have everything working except getting the callback on the server side when a ticket is received. I call SSL_CTX_set_session_ticket_cb with just a dec_cb (gen_cb is NULL), but it's never getting called. I'm getting my set_encryption_secrets callback triggered for ssl_encryption_early_data secrets, so it must be using the ticket, right? Any suggestions on next steps?

[nibanks]

Oh, wait. I was calling SSL_CTX_set_session_ticket_cb in the wrong place I think. Let me try something else.

[nibanks]

Sorry for the false alarm. Everything is working now! As I mentioned before, I manually integrated the changes from openssl#11416 and kaduk/openssl@a2c9d10 locally. Then I wired up everything in MsQuic as necessary. All client and server functionality seems to be working as expected.

It'd be great if we can get these officially integrated into quictls 1.1.1 as soon as possible.

[kaduk]

as soon as possible

To set some expectations, I unepxectedly had to take Monday off and am playing catch-up yesterday/today. I expect to have useful progress by the end of the week.

[nibanks]

as soon as possible

To set some expectations, I unepxectedly had to take Monday off and am playing catch-up yesterday/today. I expect to have useful progress by the end of the week.

That sounds great! Really appreciate all the support you continue to provide! Please let me know when you have something and I can help send it through our pipeline to validate.

[kaduk]

I believe that once #26 was cherry-picked to 1.1.1k+quic as a6e9d76, this issue is resolved for 1.1.1 as well, so closing.