From 8b579bc7d021e3276ab31e74380eade556e923ff Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 5 Sep 2021 22:26:45 +0900
Subject: [PATCH] nghttpx: Always renew TLS ticket for TLSv1.3

---
 src/shrpx_tls.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc
index 5fef6cae..f7b3986a 100644
--- a/src/shrpx_tls.cc
+++ b/src/shrpx_tls.cc
@@ -560,6 +560,12 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
                nullptr);
   EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key.data(), iv);
 
+  // If ticket_key_cb is not set, OpenSSL always renew ticket for
+  // TLSv1.3.
+  if (SSL_version(ssl) == TLS1_3_VERSION) {
+    return 2;
+  }
+
   return i == 0 ? 1 : 2;
 }
 } // namespace