Our Delphi SSL library uses info_callback to check handshake status, in particlar to detect renegotiaton for older TLS protocols.

With TLSv1.3, once the initial handshake is complete, there is a second ICB SSL_handshake_start event, which logging shows precedes a New Session Ticket packet. This ICB breaks our code, because we closed the connection to stop renegotiaton. Fixed by ignoring it for TLSv1.3, but should it be called atall?

11:36:25:844 04326370 Start Ssl ReadBIO
11:36:25:856 04326370 ICB> SSL_handshake_start: where=00000010, state=before SSL initialization
11:36:25:864 04326370 ICB> SSL_CB_HANDSHAKE_START
lots cut
11:36:26:256 04326370 ICB> SSL_handshake_done: where=00000020, state=SSL negotiation finished successfully
11:36:26:264 04326370 ICB> SSL_CB_HANDSHAKE_DONE, Error ok
11:36:26:274 04326370 SslHandshakeDone(0) Error=916. Secure connection with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256 secret bits (256 total), session reused=False
more cut
11:36:26:345 ProtoMsg: TLS 1.3, State: SSL negotiation finished successfully, Recv, DataLen: 1, Data= 16
!!! unexpected ICB follows
11:36:26:356 04326370 ICB> SSL_handshake_start: where=00000010, state=SSL negotiation finished successfully
11:36:26:362 ProtoMsg: TLS 1.3 Handshake: New Session Ticket, State: SSLv3/TLS read server session ticket, Recv, DataLen: 274, Data=xx
11:36:26:372 ProtoMsg: None, State: SSL negotiation finished successfully, Recv, DataLen: 5, Data= 17030319EA
11:36:26:396 ProtoMsg: TLS 1.3, State: SSL negotiation finished successfully, Recv, DataLen: 1, Data= 17

Angus