TLS session resumption

I use Caddy 1.0.3, I have TLS 1.0-TLS 1.2 allowed, and GO supports only the tickets option of session resumption (the TLS session data is stored on the client side).

Now I’m not quite sure about when the TLS resumption should occur. Regardless of ticket lifetime (which I think is a week by default) and Session Ticket Encryption Key (which are rotated every 10 hours and Caddy “remembers” the last 4) - so non of those should be the issue.

As far as I understand the session resumption should occur whenever the ticket is still valid and the browser hasn’t been restarted, which means that even if I changed my IP address, the TLS ticket should still work.
But that’s not the case for me; when I access the webserver (using both Chrome and Firefox) I get a TLS ticket, which remains valid throughout surfs to that webserver, but when I change my IP address (either by proxy or changing WIFI) the ticket is not accepted on the server side and a full TLS handshake is made, in which I get a new ticket.

So my main question: does TLS session resumption only work within a TCP session and whenever a new TCP session is started the former TLS ticket becomes invalid?

It seems like a GO issue and not specifically Caddy, so gonna continue it here: TLS session resumption - Getting Help - Go Forum

You seem to be multi-posted:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.