Problems with GnuTLS session cache
In !221 (comment 1531788) Gomes noticed:
In GnuTLS: the expiration time is never considered in the lookup operations, so there could be a case that a connection older than 10 minutes is used (even in the store the expiry is only read to test against the monotonic clock if the cache is full so unless it reaches 50 unique connections it'll never expire a ticket - it'll do so if it is used, I think it's assuming everything is TLSv1.3 but that can be after 1 hour for example)
So that's not great. More problems I see: (a) the cache max size is not implemented properly and can be exceeded, (b) the max size is fairly low, (c) the concept of "session ID" is based on IP address because "different hosts serving the same hostname/service will probably not share the same session cache," but this is not true with session tickets because the server does not cache anything anymore.