[openssl-users] OpenSSL - Session Resumption on an On-going Connection

Filipe Fernandes filipe.mfgfernandes at gmail.com
Wed Nov 21 17:45:19 UTC 2018

Hi Viktor,

I've followed your example, and it looks like the server is doing what it's
supposed to, however, I'm getting a disconnect from the server when the
session expires. Which should not happen, and I can't seem to find a reason
for this to be happening.

As previously said, I'm developing a server that handles always-on TLS
connections, and I'm trying to perform a session resumption.


On Mon, 19 Nov 2018 at 21:02, Viktor Dukhovni <openssl-users at dukhovni.org>

> On Mon, Nov 19, 2018 at 04:01:35PM +0000, Filipe Fernandes wrote:
> > I'm developing a specific SSL Server, in which it's supposed to have an
> > always-on socket connection. So, to be on the safe side, there's specific
> > needs that need to be filled on this implementation. One of the needs is
> > that the server must send a resumption request (ServerHello) to the
> client
> > on a cyclic manner. I've tried everything I could, but it seems that the
> > server does not send the ServerHello to the Client.
> This is only possible with TLS <= 1.2, TLS 1.3 eliminated renegotiation.
> > My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to
> the
> > Client *on demand*? The socket should not close, nor perform a
> > renegotiation.
> The relevant code in apps/s_server.c is:
>         SSL_renegotiate(con);
>         i = SSL_do_handshake(con);
> this implements the handling of the 'r' magic character, see s_server(1):
>        If a connection request is established with an SSL client and
> neither
>        the -www nor the -WWW option has been used then normally any data
>        received from the client is displayed and any key presses will be
> sent
>        to the client.
>        Certain commands are also recognized which perform special
> operations.
>        These commands are a letter which must appear at the start of a
> line.
>        They are listed below.
>        [...]
>        r   Renegotiate the SSL session (TLSv1.2 and below only).
>        R   Renegotiate the SSL session and request a client certificate
>            (TLSv1.2 and below only).
> --
>         Viktor.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181121/a5e37c93/attachment-0001.html>

More information about the openssl-users mailing list