It’s a lovely guide. Saves a lot of time vs reading the RFCs when you just want to debug a session state flow/log/packet capture.
The one thing I wish it had was better tracing of branch points like session resumption. It would make walking session state logs simpler.
I ran into this while trying to figure out if the open source Kubernetes nginx ingress supported session resumption on the upstream side (it doesn’t; a deficiency in the lua balancer). While the diversion into nginx source and other sundries was nice, I could have saved that time :)
It’d be a pleasure to see a version for 1.3, but not all Maintained SSL libraries implement it yet, https://github.com/ARMmbed/mbedtls/issues/508 mbedTLS tls for example appears not to have it landed. This is one library often used in IoT environments
As I recall, this came out right on the cusp of TLS 1.3; so TLS 1.2 was what was currently deployed. Timing was awful for me, because I was working on a TLS 1.3 project, and this would have been super useful, but wasn't yet available.
The one thing I wish it had was better tracing of branch points like session resumption. It would make walking session state logs simpler.
I ran into this while trying to figure out if the open source Kubernetes nginx ingress supported session resumption on the upstream side (it doesn’t; a deficiency in the lua balancer). While the diversion into nginx source and other sundries was nice, I could have saved that time :)