Hello,

I am trying to test a device’s conformance to IEC62351-3 which defines some rules about TLS implementations, in particular im wondering if it’s possible to:

Use mbedtls on a TLS server to accept a session resumption when a client sends a ClientHello message with a session ID in an ongoing TLS session.

Also RFC 5246 says this about resumption for tls v1.2:

The ClientHello message includes a variable-length session
identifier. If not empty, the value identifies a session between the
same client and server whose security parameters the client wishes to
reuse. The session identifier MAY be from an earlier connection,
this connection, or from another currently active connection.

so it should be possible to resume in an ongoing session but:

I already have a working implementation of a TLS 1.2 server using mbedtls 2.28, but if a client sends a clienthello with a session ID in an ongoing session, the server always responds with a renegotiation by default.

Taking a look at the library code i tried to change the function:

static void ssl_handle_id_based_session_resumption(mbedtls_ssl_context *ssl)

found in the file ssl_srv.c in mbedtls 2.28,

and removed a check which skipped resumption if a client hello was received during a session, this does not work properly however because the server closes the connection after sending the finished message due to a MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR.

Im wondering if there is anyway to allow resumption in this manner using mbedtls or if im doing something wrong? If you require further information please let me know and i will try to add as much as i can!