Commit 41b3e51d52 for openssl.org

commit 41b3e51d5235223779a77fa4393a491d8ca225c0
Author: Daiki Ueno <dueno@redhat.com>
Date:   Mon May 25 16:01:26 2026 +0200

    doc: clarify resumption semantics with -anti_replay in s_server

    Signed-off-by: Daiki Ueno <dueno@redhat.com>

    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Wed May 27 07:01:39 2026
    (Merged from https://github.com/openssl/openssl/pull/31291)

diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index 48744484b1..b063a39573 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -784,6 +784,10 @@ has been negotiated, and early data is enabled on the server. A full handshake
 is forced if a session ticket is used a second or subsequent time. Any early
 data that was sent will be rejected.

+Note that the server manages an internal cache of session tickets. If a client
+closes the connection without sending the close_notify alert, the
+corresponding session ticket is removed and a full handshake is forced.
+
 =item B<-tfo>

 Enable acceptance of TCP Fast Open (RFC7413) connections.