[openssl-users] OpenSSL - Session Resumption on an On-going Connection
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Nov 19 21:02:32 UTC 2018
On Mon, Nov 19, 2018 at 04:01:35PM +0000, Filipe Fernandes wrote:
> I'm developing a specific SSL Server, in which it's supposed to have an
> always-on socket connection. So, to be on the safe side, there's specific
> needs that need to be filled on this implementation. One of the needs is
> that the server must send a resumption request (ServerHello) to the client
> on a cyclic manner. I've tried everything I could, but it seems that the
> server does not send the ServerHello to the Client.
This is only possible with TLS <= 1.2, TLS 1.3 eliminated renegotiation.
> My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to the
> Client *on demand*? The socket should not close, nor perform a
> renegotiation.
The relevant code in apps/s_server.c is:
SSL_renegotiate(con);
i = SSL_do_handshake(con);
this implements the handling of the 'r' magic character, see s_server(1):
CONNECTED COMMANDS
If a connection request is established with an SSL client and neither
the -www nor the -WWW option has been used then normally any data
received from the client is displayed and any key presses will be sent
to the client.
Certain commands are also recognized which perform special operations.
These commands are a letter which must appear at the start of a line.
They are listed below.
[...]
r Renegotiate the SSL session (TLSv1.2 and below only).
R Renegotiate the SSL session and request a client certificate
(TLSv1.2 and below only).
--
Viktor.
More information about the openssl-users
mailing list