[openssl-users] Storing session in file and reusing at client side

Shubham Chauhan shubham13099 at iiitd.ac.in
Mon May 2 20:24:32 UTC 2016


> Is it the server sending the error?

No, it is the client sending the error.


> Is the server running OpenSSL?

Yes, I made the ssl_client and server (a simple chat functionality) scripts.


> Does it happen with the same client running the same software with the
> same IP address
> or does it only happen with different IP addresses?
>
I ran the setup on localhost. it is independent of the IP thing.


> I'm wondering if the server rejects the attempt to resume from different
> IP addresses.

I could reproduce the error on my local machine, so I guess that's not the
issue. What I think is that it is more related to session contexts. Since
every application will be having it's session context, the session_id might
not be compatible across different application implementations

What I was trying to do is to store the session negotiated between client1
and server1 (in a file, using PEM_read_ssl_session), and use the stored
session in client2 and server2- (everything running on the same machine but
different ports right now)
I did the following-
> Client side - read the stored session from the file, used SSL_set_session
to set the session for the connection.
> Server side - read the stored session from the file, used
SSL_CTX_add_session, to add the session to the context.
Observation -
> Client hello - with the session_id from the file
> Server hello - returned the same session_id
> Fatal error (from client to server) - illegal parameter



> Also see if you can reproduce the behaviour with s_client using -sess_out
> and
> -sess_in options.
>
I'll give it a try.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160503/11d87327/attachment.html>


More information about the openssl-users mailing list