3. Protocol

This specification describes a mechanism to distribute encrypted session-state information to the client in the form of a ticket and a mechanism to present the ticket back to the server. The ticket is created by a TLS server and sent to a TLS client. The TLS client presents the ticket to the TLS server to resume a session. Implementations of this specification are expected to support both mechanisms.

3.1. Overview

The client indicates that it supports this mechanism by including a SessionTicket TLS extension in the ClientHello message. The extension will be empty if the client does not already possess a ticket for the server. The server sends an empty SessionTicket extension to indicate that it will send a new session ticket using the NewSessionTicket handshake message.

3.2. SessionTicket TLS Extension

The SessionTicket TLS extension is based on [RFC4366]. The format of the ticket is an opaque structure used to carry session-specific state information.

3.3. NewSessionTicket Handshake Message

This message is sent by the server during the TLS handshake before the ChangeCipherSpec message. This message MUST be sent if the server included a SessionTicket extension in the ServerHello.

3.4. Interaction with TLS Session ID

If a server is planning to issue a NewSessionTicket, it SHOULD include an empty Session ID in the ServerHello. If the server includes a non-empty session ID, then it is indicating intent to use stateful session resume.

3.1. Overview​

3.2. SessionTicket TLS Extension​

3.3. NewSessionTicket Handshake Message​

3.4. Interaction with TLS Session ID​

3.1. Overview

3.2. SessionTicket TLS Extension

3.3. NewSessionTicket Handshake Message

3.4. Interaction with TLS Session ID