[openssl-users] Call for testing TLS 1.3
Matt Caswell
matt at openssl.org
Wed Jun 20 09:01:56 UTC 2018
On 20/06/18 07:11, John Jiang wrote:
> 2018-06-19 6:21 GMT+08:00 Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>>:
>
>
>
> On 18/06/18 21:23, Hubert Kario wrote:
> > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote:
> >> On 08/06/18 02:48, John Jiang wrote:
> >>> Is it possible to check Key/IV update feature via these tools?
> >>> Thanks!
> >>
> >> Yes. See the "CONNECTED COMMANDS" sections of these pages:
> >> https://www.openssl.org/docs/manmaster/man1/s_server.html
> <https://www.openssl.org/docs/manmaster/man1/s_server.html>
> >> https://www.openssl.org/docs/manmaster/man1/s_client.html
> <https://www.openssl.org/docs/manmaster/man1/s_client.html>
> >>
> >> Basically typing "k" or "K" from an s_server/s_client session will issue
> >> a KeyUpdate message. Using the capitalised form ("K"), additionally
> >> requests a KeyUpdate from the peer.
> >
> > Are there similar commands to perform or control post-handshake client
> > authentication?
>
> Yes. As mentioned on the above s_server link, type "c" from an s_server
> session to send a certificate request to the client.
>
> With the mentioned pages, I don't get how to test 0-RTT.
> But it sounds that OpenSSL already supports this feature.
It is on those pages - just not in the "CONNECTED COMMANDS" section.
To test 0-RTT early data start s_server with the "-early_data" flag:
$ openssl s_server -early_data
Obtain a session that can later be used for sending early data:
$ openssl s_client -sess_out session.pem
Type "Q" in the s_client window to close the connection. Now you can do
a 0-RTT handshake and send early data (assuming the existence of a file
"myearlydata.dat" containing the early data you want to send):
$ openssl s_client -sess_in session.pem -early_data myearlydata.dat
Matt
More information about the openssl-users
mailing list