3.6.2 SSL Session Reuse

As of MySQL 8.0.29, the server supports SSL session reuse by default, but only within a configurable timeout period after a user enables the feature. All MySQL client applications support session reuse. For a description of server-side and client-side operations, see Reusing SSL Sessions.

This section describes how C applications can use the C API capabilities to enable session reuse for encrypted connections.

SSL session reuse works as follows:

  1. With an active SSL connection ongoing, your application can request the current SSL session data by calling mysql_get_ssl_session_data(). The call returns a pointer to an in-memory object, which is currently the PEM serialization of the session as an ASCII string.

  2. Your application then passes the pointer to mysql_options() with the MYSQL_OPT_SSL_SESSION_DATA option for use in the new connection it is building (during the pre-connect phase).

  3. At runtime, the application connects as it normally does. At this point the prior session has to potential to be reused. Your application can determine whether a session is being reused for the new connection by calling mysql_get_ssl_session_reused(). The call returns TRUE if there was a session and it was reused.

  4. After your application no longer needs the pointer, it is important to free it with a call to mysql_free_ssl_session_data().

MySQL uses a random TLS context-related context ID, which also applies to session reuse. With TLS 1.3, when the previously described call sequence occurs, OpenSSL uses pre-shared keys for session reuse. In contrast, with TLS 1.2, OpenSSL uses session tickets.