Janos Follath Janos.Follath@arm.com wrote on 2026-04-23 at 07:32:44:
When mbedtls_ssl_read() returns MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET it signals to the caller that we have received a new session ticket and gives the opportunity to save it for reuse later. An example of how this could be done is in the sample program ssl_client2.c: https://github.com/Mbed-TLS/mbedtls/blob/v4.1.0/programs/ssl/ssl_client2.c#L....
mbedtls_ssl_write() calls mbedtls_ssl_handshake() whenever the handshake state is not MBEDTLS_SSL_HANDSHAKE_OVER and thus in theory still might end up reading data and receiving a new session ticket.
Long story short: MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET is a non-fatal error and it is safe to ignore if you are not using session tickets.
Thanks for the quick reply and your explanation, Janos.
Privoxy currently doesn't use session tickets and waits for the TLS handshake to complete before calling mbedtls_ssl_write() so it seems that I don't have to handle MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET as expected return code for mbedtls_ssl_write().
Fabian