How to simulate "TLS 1.3 Session Resumption" through OpenSSL tools?
xiaonan830818 at gmail.com
Sun Jul 4 11:01:25 UTC 2021
Got it! Thanks very much for your reply!
On Fri, Jul 2, 2021 at 5:46 PM Matt Caswell <matt at openssl.org> wrote:
> On 02/07/2021 10:09, Nan Xiao wrote:
> > Hi OpenSSL users,
> > Greetings from me! From this article
> > (https://www.qacafe.com/resources/examples-of-tls-1-3/) and pcap file
> > (https://www.cloudshark.org/captures/64d433b1585a), I know we can use
> > s_server and s_client to simulate "TLS 1.3 Session Resumption". I
> > tried following command:
> > echo | openssl s_client -tls1_3 -connect tls13.cloudflare.com:443 -reconnect
> That looks like you've stumbled across an s_client bug. This should
> work, but it doesn't appear to. I just raised an issue for it:
> > But it seems not to work since there is no "pre_shared_key" extension,
> > and every time s_client just initiated a new connection instead of
> > resumption.
> > Could anybody advise how to simulate "TLS 1.3 Session Resumption"
> > through OpenSSL tools? Thanks very much in advance!
> You can do this another way. Create an initial connection (add
> "-connect" option as appropriate):
> openssl s_client -tls1_3 -sess_out sess.pem
> And then resume like this:
> openssl s_client -tls1_3 -sess_in sess.pem
> However, note that with TLSv1.3 the session data doesn't arrive until
> post-handshake. In the case of the cloudflare server it doesn't send any
> session tickets until it has received some application data from the
> client. So in order to get a valid resumable session you will have to
> type some HTTP command into s_client once it has created its initial
> connection. This should cause the cloudflare server to respond with a
> session ticket, which will get saved to the sess.pem file. You can then
> use that in the subsequent resumption attempt.
More information about the openssl-users