We have a WCF client, using HttpTransportSecurity, so the communication uses TLS.
Starting from Windows 8, the underlying client-side implementation advertises support for TLS session tickets (RFC5077). In our case, this causes problems, since there are appliances in the network path that misbehave in the presence of TLS tickets and we cannot have the server disabling it either.
I would like to disable the use of TLS session tickets in the client, but cannot find a way to do so.
Is there a way to do this in the client?
As far as I know, there is no way to disable this per-process or client instance; it can only be disabled globally for the machine by disabling the SSL session cache in SCHANNEL, as per https://support.microsoft.com/en-us/kb/247658/en-us.
Unfortunately, this will also disable regular TLS session resumption (based on the session ID), so you will always end up negotiating TLS sessions from scratch (expensive), which will add latency all around.