On 20/06/18 07:11, John Jiang wrote: > 2018-06-19 6:21 GMT+08:00 Matt Caswell <matt@xxxxxxxxxxx > <mailto:matt@xxxxxxxxxxx>>: > > > > On 18/06/18 21:23, Hubert Kario wrote: > > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > >> On 08/06/18 02:48, John Jiang wrote: > >>> Is it possible to check Key/IV update feature via these tools? > >>> Thanks! > >> > >> Yes. See the "CONNECTED COMMANDS" sections of these pages: > >> https://www.openssl.org/docs/manmaster/man1/s_server.html > <https://www.openssl.org/docs/manmaster/man1/s_server.html> > >> https://www.openssl.org/docs/manmaster/man1/s_client.html > <https://www.openssl.org/docs/manmaster/man1/s_client.html> > >> > >> Basically typing "k" or "K" from an s_server/s_client session will issue > >> a KeyUpdate message. Using the capitalised form ("K"), additionally > >> requests a KeyUpdate from the peer. > > > > Are there similar commands to perform or control post-handshake client > > authentication? > > Yes. As mentioned on the above s_server link, type "c" from an s_server > session to send a certificate request to the client. > > With the mentioned pages, I don't get how to test 0-RTT. > But it sounds that OpenSSL already supports this feature. It is on those pages - just not in the "CONNECTED COMMANDS" section. To test 0-RTT early data start s_server with the "-early_data" flag: $ openssl s_server -early_data Obtain a session that can later be used for sending early data: $ openssl s_client -sess_out session.pem Type "Q" in the s_client window to close the connection. Now you can do a 0-RTT handshake and send early data (assuming the existence of a file "myearlydata.dat" containing the early data you want to send): $ openssl s_client -sess_in session.pem -early_data myearlydata.dat Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
