TLS session reuse/resumption

[yanshay]

@AnthonyGrondin , @ivmarkov Hi, really need your help and guidance with this issue.

I need to connect to an ftp server that require TLS session reuse/resumption.
The way I understand it work, is that after doing the work with the ftp on the control channel, I need to take the TLS session in some way and use it on another socket/port that the server provides me (this is ftp passive mode).

I know that mbedtls supports that, but couldn't find how to do that with the rust crate.
The challenges I can see here:

1. How do I get the session information to pass it to another session? Maybe I can replace the socket in the session (not sure that's correct to do for session reuse)
2. If I need to keep the control socket open (don't know yet, but theoretically in ftp that's required if I get it right), I couldn't find a way to get the socket from the Session (this is missing in general if indeed not there, in case I want to keep the socket open due to server behavior but not waste memory on socket that isn't in really use TLS wise)

As I started diving into this I saw there is mbedtls_ssl_get_session and mbedtls_ssl_set_session, so thought maybe I need to add a get_ssl_session and connect_resume_ssl_session to get the info from previous session and use that info instead of info that's already there?
Or maybe add this as parameter to the new already so can pass it to init_ssl instead of initializing new ssl_conext?

Also, how is memory manged in mbedtls? If I get the session do I get ownership of the memory or do I need to copy it? Same when I give it to the various functions?

And I don't know if anything more than that is required. I've seen there are more than a single technique for resuming TLS sessions.

Any guidance would be highly appreciated.

[pleasantone]

Agreed, RFC 5077 is pretty complicated and the documentation is sparse.