[openssl-users] OpenSSL - Session Resumption on an On-going Connection

Matt Caswell matt at openssl.org
Thu Nov 22 11:56:23 UTC 2018 


On 22/11/2018 11:15, Filipe Fernandes wrote:
>>   You seem to be confused, and have not explained your requirements
>>   clearly.  What is your *goal*?
> 
> My goal is to have the Openssl to "perform the TLS Resumption (initiated by the
> Hello Request message from the server or
> the Client Hello message from the client), in an ongoing TLS Session." (it's
> specifically stated on the spec, like this).

I think you need to get this spec clarified. It makes no sense. It seems to be
describing renegotiation, but uses the term resumption for it which has a
different meaning.

A handshake occurs between a client and a server at the start of a connection
and establishes the cryptographic parameters to be used for that connection
(including certificates/keys etc). Resumption refers to a type of handshake.
Resumptions handshakes are abbreviated forms of a full handshake. They are based
on the parameters established during a previous connection. So for example a
certificate is not exchanged because the same cert is used from the previous
connection.

Renegotiation refers to the process of starting a new handshake over an existing
TLS connection between a client and a server. Typically the objective is usually
either to update the keys, or to request a client certificate. Like any other
handshake it may be a full one or a resumption one.

Only a client can ever initiate a handshake. A server can *request* a
renegotiation by sending a HelloRequest message, but the client does not have to
honour it. A server cannot request a resumption.


> 
>>   What does "always on" mean to you?  
> 
> Always on, means that the socket connection is up for as long as it is possible,
> meaning that the socket is not closed and it keeps exchanging information all
> the time (server<->client)

Resumption does not give you this. Renegotiation does.

> 
>>   Only clients can resume previous
>>   sessions, when reconnecting to a server.  Is that what you're trying
>>   to do? (Implement a server with a session cache for client resumption?
> 
> I'm developing the server side with OpenSSL 1.0.2. And it supports cache (I've
> activated it on the method SSL_CTX_set_session_cache_mode).   
> 
>>   Support session tickets? Is there just one server or a server "farm"?
>>   Do the clients support resumption?)
> 
> There's only 1 server, not a farm.
> 
> How can I tell if the client supports resumption?
> 
> 
>>   Or are you trying to periodically rekey a long-running connection?
> 
> Maybe this is it. 
> 
> For me, Renegotiation is request "everything" (new pubkey, certificates, etc)

A renegotiation is a new handshake over an existing connection. It may use a
full handshake (certificates exchanged etc), or an abbreviated resumption
handshake (e.g. doesn't exchange certificates again). Only the client gets to
decide whether to attempt a resumption.


> Resumption, is just to refresh the keys? I'm a little confused here.

No. Resumption is an abbreviated handshake. It may be used at the start of a new
connection or as part of a renegotiation handshake. In either case it is
abbreviated because it is based on the parameters established during an earlier
connection.

Matt


> 
>>   
>>   Or something else?  
> 
> I think this is it :)
> 
> 
> On Wed, 21 Nov 2018 at 23:12, Viktor Dukhovni <openssl-users at dukhovni.org
> <mailto:openssl-users at dukhovni.org>> wrote:
> 
>     On Wed, Nov 21, 2018 at 05:45:19PM +0000, Filipe Fernandes wrote:
> 
>     > I've followed your example, and it looks like the server is doing what it's
>     > supposed to, however, I'm getting a disconnect from the server when the
>     > session expires. Which should not happen, and I can't seem to find a reason
>     > for this to be happening.
>     >
>     > As previously said, I'm developing a server that handles always-on TLS
>     > connections, and I'm trying to perform a session resumption.
> 
>     I thought you wanted renegotiation, not resumption, servers can't
>     do "resumption", because resumption is what you do to avoid a full
>     handshake on a *new* connection, and only the client can reconnect.
> 
>     You seem to be confused, and have not explained your requirements
>     clearly.  What is your *goal*?
> 
>     What does "always on" mean to you?  Only clients can resume previous
>     sessions, when reconnecting to a server.  Is that what you're trying
>     to do? (Implement a server with a session cache for client resumption?
>     Support session tickets? Is there just one server or a server "farm"?
>     Do the clients support resumption?)
> 
>     Or are you trying to periodically rekey a long-running connection?
> 
>     Or something else?
> 
>     -- 
>             Viktor.
>     -- 
>     openssl-users mailing list
>     To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
>

More information about the openssl-users mailing list