[openssl-users] Session params output fails via cron
Matt Caswell
matt at openssl.org
Thu Jan 3 11:02:10 UTC 2019
On 03/01/2019 10:31, Neil Craig wrote:
> Hi all
>
> Does anyone know why openssl (silently) fails to write session data to a file
> when run from cron? (It works fine running manually) via e.g.: /path/to/openssl
> s_client -connect <host>:443 -servername <hostname> -tls1_3 –sess_out
>
> Running the same command but with –tls1_2 works fine from cron. This feels like
> it might be a bug? Or am I missing something? There’s nothing obvious in the
> output that suggests failure.
>
> Any help would be much appreciated, happy to provide more info and/or do more
> testing.
TLSv1.3 sessions work differently to TLSv1.2 sessions. Significantly a TLSv1.2
session is established during the handshake. In TLSv1.3 the handshake completes
first. At that point data can be exchanged. At some later point (usually
immediately after the handshake has completed) the server may send to the client
new session ticket messages to create a session for later resumption.
When s_client is run non-interactively it will connect to the server and
complete the handshake. It will then read any data from stdin and send it to the
server. It will keep doing this until it hits EOF from stdin and then close the
connection.
My guess is that s_client is closing the connection before the server has had a
chance to send its new session tickets.
You might want to experiment with the -ign_eof option to s_client. This will
keep s_client running even after having hit EOF from stdin.
Matt
More information about the openssl-users
mailing list