<div dir="ltr"><div dir="ltr"><div dir="ltr">I've misjudged. The socket is closed even if the session has not ended (I've set the session timeout to 10 times the resumption cycle).<div><br></div><div>You can check the tcpdump here:</div><div><br></div><div><a href="https://imgfly.me/i/66LJY">https://imgfly.me/i/66LJY</a></div><div><br></div><div>I'm doing exactly what is on the s_server example, without avail.</div><div><br></div><div><div> if (SSL_renegotiate(GetSSL()) <= 0) {</div><div> CSyException Ex("SocketSSL", "SSL_renegotiate() failed. Stopping communication.");</div><div> Ex.PrintError();</div><div> SetShouldClose(TRUE);</div><div> GetSSLConfig()->uiLastTLSRenegotiation = time1sVal;</div><div> return FALSE;</div><div> }</div><div><br></div><div> if (SSL_do_handshake(GetSSL()) <= 0) {</div><div> CSyException Ex("SocketSSL", "SSL_do_handshake() has failed. Stopping communication.");</div><div> Ex.PrintError();</div><div> SetShouldClose(TRUE);</div><div> GetSSLConfig()->uiLastTLSRenegotiation = time1sVal;</div><div> return FALSE;</div><div> }</div></div><div><br></div><div>Thanks!</div><div><br></div><div><br><div><br></div><div><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, 21 Nov 2018 at 17:45, Filipe Fernandes <<a href="mailto:filipe.mfgfernandes@gmail.com">filipe.mfgfernandes@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Viktor,<div><br></div><div>I've followed your example, and it looks like the server is doing what it's supposed to, however, I'm getting a disconnect from the server when the session expires. Which should not happen, and I can't seem to find a reason for this to be happening.</div><div><br></div><div>As previously said, I'm developing a server that handles always-on TLS connections, and I'm trying to perform a session resumption.</div><div><br></div><div><br></div><div>Thanks!</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, 19 Nov 2018 at 21:02, Viktor Dukhovni <<a href="mailto:openssl-users@dukhovni.org" target="_blank">openssl-users@dukhovni.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Mon, Nov 19, 2018 at 04:01:35PM +0000, Filipe Fernandes wrote:<br>
<br>
> I'm developing a specific SSL Server, in which it's supposed to have an<br>
> always-on socket connection. So, to be on the safe side, there's specific<br>
> needs that need to be filled on this implementation. One of the needs is<br>
> that the server must send a resumption request (ServerHello) to the client<br>
> on a cyclic manner. I've tried everything I could, but it seems that the<br>
> server does not send the ServerHello to the Client.<br>
<br>
This is only possible with TLS <= 1.2, TLS 1.3 eliminated renegotiation.<br>
<br>
> My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to the<br>
> Client *on demand*? The socket should not close, nor perform a<br>
> renegotiation.<br>
<br>
The relevant code in apps/s_server.c is:<br>
<br>
SSL_renegotiate(con);<br>
i = SSL_do_handshake(con);<br>
<br>
this implements the handling of the 'r' magic character, see s_server(1):<br>
<br>
CONNECTED COMMANDS<br>
<br>
If a connection request is established with an SSL client and neither<br>
the -www nor the -WWW option has been used then normally any data<br>
received from the client is displayed and any key presses will be sent<br>
to the client.<br>
<br>
Certain commands are also recognized which perform special operations.<br>
These commands are a letter which must appear at the start of a line.<br>
They are listed below.<br>
<br>
[...]<br>
<br>
r Renegotiate the SSL session (TLSv1.2 and below only).<br>
<br>
R Renegotiate the SSL session and request a client certificate<br>
(TLSv1.2 and below only).<br>
<br>
-- <br>
Viktor.<br>
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</blockquote></div>
</blockquote></div>