This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 90%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
I have read through many forums and the process as I understand it is this
-> create DWORD key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters named EnableSslSessionTicket with value 1
-> create session ticket key
$Password = Read-Host -AsSecureString
New-TlsSessionTicketKey -Password $Password -Path 'C:\KeyConfig\TlsSessionTicketKey.config'
-> enable session ticket key
$Password = Read-Host -AsSecureString
Enable-TlsSessionTicketKey -Password $Password -Path 'C:\KeyConfig\TlsSessionTicketKey.config' -ServiceAccountName System
-> reboot
This does not work, I am testing with openssl s_client
openssl s_client -connect sub.domain.tld:443 -reconnect
but I see
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
on every reconnect.
Suggestions?
It would seem forcing tls 1.2 (with -tls1_2) session resumption does seem to work fine even without the registry key and the listed powershell commands
Just tls 1.3 session resumption does not work
Ok, now im confused, s_client -reconnect may have a bug with tls 1.3, If I run the following commands one after another
openssl s_client -connect domain.tld:443 -no_ticket -sess_out ./ssl_s
openssl s_client -connect domain.tld:443 -no_ticket -sess_in ./ssl_s
I see
Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
So then, I guess it really is working? Seems very weird, ssllabs reports
Session resumption (caching) No (IDs assigned but not accepted)