encryption – Whether TLS session resumption reuse the symmetric keys?

I am learning TLS Session Resumption.

What I got is session resumption can reduce 1 RTT for TLS 1.2 by reusing MasterSecret. Both the client and server needn’t to run key exchange algorithm.

My questions are:

  1. Whether session resumption reuses symmetric encryption keys (to encrypt TLS records).
  2. What factors affect whether to reuse symmetric encryption keys?

I searched around Google, but cannot find a authoritative answer. Here is what I got:

  1. Do not reuse encryption keys. Refer to SSL session key usage when browser opens multiple sockets to same server.
  2. Reuse encryption keys. Refer to https://wiki.openssl.org/index.php/SSL_and_TLS_Protocols#Session_Resumption

Any ideas are welcome.

tls – Failed to establish SSL handshake due to change of IP address and session resumption

Is the use of the source IP address to generate session ID by servers common? I have seen this behavior with a banking website. You visit the website with IP 1.1.1.1, the SSL session is generated and used by the browser to resume the SSL session. Now if your IP address changes to 1.1.1.2, and if you just refresh the page, the browser will exit in error. Firefox will complain about BAD_RECORD_MAC, Chrome will just say an SSL error. I still don't understand exactly why this is happening, because according to the RFC if the session is not recognized, a full handshake should be started but here everything fails.

Using Firefox with disabled SSL session identifiers doesn't have this problem, which is why I think the server is using the source IP to create the session.