Follow-up to Tad's question above, we have tried to use Network.framework (indirectly via the use of SwiftNIO Transport Services), which allows us to access the TLSOptions configuration. I am using the following APIs in Security.framework. https://developer.apple.com/documentation/security/sec_protocol_options_set_tls_resumption_enabled(::) https://developer.apple.com/documentation/security/sec_protocol_options_set_tls_tickets_enabled(::) When enabling both options above, (TLS 1.2) session resumptions work, but the session ticket is only reused once (the pattern is consistent across multiple requests in our testing). Using the same setup but setting the minimum TLS version to 1.3, session resumption does not work at all (the client never sends the pre_shared_key extension in the ClientHello packet with the necessary information for resumption). Our goal is to make session resumption work for TLS 1.3. Here is the simple HTTP Client that we are experimenting with. final class NIOPlayerSession { private let bootstrap: NIOTSConnectionBootstrap private let tlsOptions: NWProtocolTLS.Options public static let shared = NIOPlayerSession() init() { self.tlsOptions = { let tlsOptions = NWProtocolTLS.Options() sec_protocol_options_set_min_tls_protocol_version(tlsOptions.securityProtocolOptions, .TLSv13) sec_protocol_options_set_max_tls_protocol_version(tlsOptions.securityProtocolOptions, .TLSv13) sec_protocol_options_set_tls_resumption_enabled(tlsOptions.securityProtocolOptions, true) sec_protocol_options_set_tls_tickets_enabled(tlsOptions.securityProtocolOptions, true) sec_protocol_options_set_verify_block(tlsOptions.securityProtocolOptions, { _, _, sec_protocol_verify_complete in sec_protocol_verify_complete(true) }, DispatchQueue.main) return tlsOptions }() // This is the prefered event loop group for iOS bootstrap = NIOTSConnectionBootstrap(group: NIOSingletons.transportServicesEventLoopGroup) .connectTimeout(.connectionTimeout) .channelOption(NIOTSChannelOptions.allowLocalEndpointReuse, value: true) .channelOption(NIOTSChannelOptions.waitForActivity, value: true) .tlsOptions(tlsOptions) .channelInitializer { channel in // 4 channel.eventLoop.makeCompletedFuture { try channel.pipeline.syncOperations.addHTTPClientHandlers() try channel.pipeline.syncOperations.addHandler(HTTP1ToHTTPClientCodec()) } } } } Also from the earlier answer, does the version of HTTP in use affect the outcome of TLS session resumption? Our servers only speak HTTP 1.1. Thanks

To provide some more context, we also have the constraint that the server is connected to via IP address. According to TLS 1.3 Spec, it seems that a value for Server Name Identification (hostname) is needed for TLS session resumption to work correctly.