Thanks the great help from OpenSSL community, I finally can simulate an TLS 1.3 “Session Resumption”. The Operation System I used is OmniOS, and OpenSSL version is 1.1.1k, but I think the methods here can also be applied to other platforms:
(1) Open one terminal to launch tcpdump to capture TLS packets:
$ pfexec /opt/ooce/sbin/tcpdump -w tls.pcap port 443
(2) Open another terminal to initiate the first TLS 1.3 session:
$ openssl s_client -connect cloudflare.com:443 -tls1_3 -sess_out sess.pem -keylogfile keys1.txt
......
Once the connection is established, input “GET /” to trigger TLS 1.3 Server to send “New Session Ticket” message, and this will be saved in sess.pem file.
(3) Initiate another TLS 1.3 session to reuse the saved “Session Ticket“:
$ echo | openssl s_client -connect cloudflare.com:443 -tls1_3 -sess_in sess.pem -keylogfile keys2.txt
(4) Stop the tcpdump process.
(5) Combine two keys file into one:
$ cat keys1.txt keys2.txt > keys.txt
Then the keys.txt can be used to decrypt the two TLS 1.3 sessions (refer Use Wireshark to decrypt TLS flows).
Thank you!!