[openssl-users] Why openssl is printing session ID where there is none sent by server, when using session ticket?

M K Saravanan mksarav at gmail.com
Tue Jan 15 11:29:08 UTC 2019 

Hi,

When I use openssl s_client to connect to a server which uses session
ticket to resume a session (session ID is turned off), openssl is
still printing a session ID where none is sent by the server (packet
capture shows session ID length = zero in the Server Hello).

==========
New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: 8C7B3863F4B599A10BB83258D0FCE0530CC3C858DC0E2561199599C4806D7457
    Session-ID-ctx:
    Master-Key:
226360F20D74DB3F5FED014C20AD897CF75C21D14FA358BE934BD50FAF4F1696CB9A05A45F6FACDD46D912CDAE060D0F
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - c9 c2 1a de f4 8f 59 1f-2a e1 58 b3 71 9f 9a 5f   ......Y.*.X.q.._
    0010 - 2f eb 0f a6 4c 0a e4 11-d9 db 52 7f 12 f6 0e a6   /...L.....R.....
    0020 - ec 2a c2 9b 3c d3 f5 b0-4e 93 b0 eb 44 12 3d 2b   .*..<...N...D.=+
    0030 - 46 a1 16 4d 4b aa 0d e4-63 68 ae b9 b8 27 16 d5   F..MK...ch...'..
    0040 - 1b d0 00 2c a5 48 5d b4-ba 44 3e 97 40 3e 74 ac   ...,.H]..D>.@>t.
    0050 - 76 94 e4 ae 1b c5 bb 44-48 49 88 65 cc 3c fc 95   v......DHI.e.<..
    0060 - 6e 92 ee 54 44 b1 f0 b1-7e 28 7d 5d 28 d1 00 1a   n..TD...~(}](...
    0070 - 8e f3 53 34 bc d9 c7 7f-e5 21 1c 15 cf 19 21 4f   ..S4.....!....!O
    0080 - 2b 51 b4 7c cf dd de 51-50 ce e2 b9 5f bd 65 55   +Q.|...QP..._.eU
    0090 - c4 0d fc 0f 6f ee 40 08-ac 7c fa 2a fa 9c 07 1d   ....o. at ..|.*....
    00a0 - 60 97 19 fd f5 7f 3e 73-c0 24 0a 51 63 0d db 73   `.....>s.$.Qc..s

    Start Time: 1547551254
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
==========

OpenSSL version:

$ openssl version
OpenSSL 1.1.1a  20 Nov 2018

OS version:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.1 LTS
Release:        18.04
Codename:       bionic
----------------------------------
Is it a bug?

with regards,
Saravanan

More information about the openssl-users mailing list