I am learning TLS Session Resumption.
What I got is session resumption can reduce 1 RTT for TLS 1.2 by reusing MasterSecret. Both the client and server needn’t to run key exchange algorithm.
My questions are:
- Whether session resumption reuses symmetric encryption keys (to encrypt TLS records).
- What factors affect whether to reuse symmetric encryption keys?
I searched around Google, but cannot find a authoritative answer. Here is what I got:
- Do not reuse encryption keys. Refer to SSL session key usage when browser opens multiple sockets to same server.
- Reuse encryption keys. Refer to https://wiki.openssl.org/index.php/SSL_and_TLS_Protocols#Session_Resumption
Any ideas are welcome.