20Haz
Do browsers like FireFox, Chrome, Opera, and Tor store TLS 1.3 session tickets on the disk?
- Do browsers save TLS 1.3 session tickets on the disk to resume a TLS session after the browser process has been killed and restarted?
- Are there any glaring security risks of caching TLS 1.3 session tickets on the client side? I believe the session tickets are encrypted with a private key only known to the server.
- If someone gets hold of session tickets cached on disk, can they impersonate you while connecting to a server?
From some reading over the internet, my understanding is that session tickets are only cached in memory and deleted after the browser process is killed; but a lot of these posts were pre-TLS 1.3, so I am looking for an updated answer.