SSL session tickets vs session ids

Question

To improve SSL handshake performance for not retaining(short) connections there are two separate features known widely:

• TLS session ids
• TLS session ticket

Answer 1

With session-ids, the server needs to keep track of previous sessions that could be continued at some point in time. This results in some extra work that the server has to do.

The session-ticket, in contrast, is not an identifier but the session data encrypted by the server (and only the server can decrypt it). When a client want so continue a session, it still knows the pre-master secret but the server does not anymore. So the client sends the session-ticket to the server and only the server is able to decrypt its content. Any information required to continue the session is included in there, so the server can resume the session without keeping any information. All the additional load is done on the client (by keeping the pre-master secret and the session-ticket).