[openssl-users] OpenSSL - Session Resumption on an On-going Connection

Filipe Fernandes filipe.mfgfernandes at gmail.com
Wed Nov 21 18:46:51 UTC 2018


I've misjudged. The socket is closed even if the session has not ended
(I've set the session timeout to 10 times the resumption cycle).

You can check the tcpdump here:

https://imgfly.me/i/66LJY

I'm doing exactly what is on the s_server example, without avail.

        if (SSL_renegotiate(GetSSL()) <= 0) {
            CSyException Ex("SocketSSL", "SSL_renegotiate() failed.
Stopping communication.");
            Ex.PrintError();
            SetShouldClose(TRUE);
            GetSSLConfig()->uiLastTLSRenegotiation = time1sVal;
            return FALSE;
        }

        if (SSL_do_handshake(GetSSL()) <= 0) {
            CSyException Ex("SocketSSL", "SSL_do_handshake() has failed.
Stopping communication.");
            Ex.PrintError();
            SetShouldClose(TRUE);
            GetSSLConfig()->uiLastTLSRenegotiation = time1sVal;
            return FALSE;
        }

Thanks!





On Wed, 21 Nov 2018 at 17:45, Filipe Fernandes <
filipe.mfgfernandes at gmail.com> wrote:

> Hi Viktor,
>
> I've followed your example, and it looks like the server is doing what
> it's supposed to, however, I'm getting a disconnect from the server when
> the session expires. Which should not happen, and I can't seem to find a
> reason for this to be happening.
>
> As previously said, I'm developing a server that handles always-on TLS
> connections, and I'm trying to perform a session resumption.
>
>
> Thanks!
>
>
>
> On Mon, 19 Nov 2018 at 21:02, Viktor Dukhovni <openssl-users at dukhovni.org>
> wrote:
>
>> On Mon, Nov 19, 2018 at 04:01:35PM +0000, Filipe Fernandes wrote:
>>
>> > I'm developing a specific SSL Server, in which it's supposed to have an
>> > always-on socket connection. So, to be on the safe side, there's
>> specific
>> > needs that need to be filled on this implementation. One of the needs is
>> > that the server must send a resumption request (ServerHello) to the
>> client
>> > on a cyclic manner. I've tried everything I could, but it seems that the
>> > server does not send the ServerHello to the Client.
>>
>> This is only possible with TLS <= 1.2, TLS 1.3 eliminated renegotiation.
>>
>> > My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to
>> the
>> > Client *on demand*? The socket should not close, nor perform a
>> > renegotiation.
>>
>> The relevant code in apps/s_server.c is:
>>
>>         SSL_renegotiate(con);
>>         i = SSL_do_handshake(con);
>>
>> this implements the handling of the 'r' magic character, see s_server(1):
>>
>>     CONNECTED COMMANDS
>>
>>        If a connection request is established with an SSL client and
>> neither
>>        the -www nor the -WWW option has been used then normally any data
>>        received from the client is displayed and any key presses will be
>> sent
>>        to the client.
>>
>>        Certain commands are also recognized which perform special
>> operations.
>>        These commands are a letter which must appear at the start of a
>> line.
>>        They are listed below.
>>
>>        [...]
>>
>>        r   Renegotiate the SSL session (TLSv1.2 and below only).
>>
>>        R   Renegotiate the SSL session and request a client certificate
>>            (TLSv1.2 and below only).
>>
>> --
>>         Viktor.
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181121/9c956a69/attachment.html>


More information about the openssl-users mailing list