[openssl-users] OpenSSL - Session Resumption on an On-going Connection
Filipe Fernandes
filipe.mfgfernandes at gmail.com
Wed Nov 21 17:45:19 UTC 2018
Hi Viktor,
I've followed your example, and it looks like the server is doing what it's
supposed to, however, I'm getting a disconnect from the server when the
session expires. Which should not happen, and I can't seem to find a reason
for this to be happening.
As previously said, I'm developing a server that handles always-on TLS
connections, and I'm trying to perform a session resumption.
Thanks!
On Mon, 19 Nov 2018 at 21:02, Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:
> On Mon, Nov 19, 2018 at 04:01:35PM +0000, Filipe Fernandes wrote:
>
> > I'm developing a specific SSL Server, in which it's supposed to have an
> > always-on socket connection. So, to be on the safe side, there's specific
> > needs that need to be filled on this implementation. One of the needs is
> > that the server must send a resumption request (ServerHello) to the
> client
> > on a cyclic manner. I've tried everything I could, but it seems that the
> > server does not send the ServerHello to the Client.
>
> This is only possible with TLS <= 1.2, TLS 1.3 eliminated renegotiation.
>
> > My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to
> the
> > Client *on demand*? The socket should not close, nor perform a
> > renegotiation.
>
> The relevant code in apps/s_server.c is:
>
> SSL_renegotiate(con);
> i = SSL_do_handshake(con);
>
> this implements the handling of the 'r' magic character, see s_server(1):
>
> CONNECTED COMMANDS
>
> If a connection request is established with an SSL client and
> neither
> the -www nor the -WWW option has been used then normally any data
> received from the client is displayed and any key presses will be
> sent
> to the client.
>
> Certain commands are also recognized which perform special
> operations.
> These commands are a letter which must appear at the start of a
> line.
> They are listed below.
>
> [...]
>
> r Renegotiate the SSL session (TLSv1.2 and below only).
>
> R Renegotiate the SSL session and request a client certificate
> (TLSv1.2 and below only).
>
> --
> Viktor.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181121/a5e37c93/attachment-0001.html>
More information about the openssl-users
mailing list