Re: OpenSSL - Session Resumption on an On-going Connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 19, 2018 at 04:01:35PM +0000, Filipe Fernandes wrote:

> I'm developing a specific SSL Server, in which it's supposed to have an
> always-on socket connection. So, to be on the safe side, there's specific
> needs that need to be filled on this implementation. One of the needs is
> that the server must send a resumption request (ServerHello) to the client
> on a cyclic manner. I've tried everything I could, but it seems that the
> server does not send the ServerHello to the Client.

This is only possible with TLS <= 1.2, TLS 1.3 eliminated renegotiation.

> My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to the
> Client *on demand*? The socket should not close, nor perform a
> renegotiation.

The relevant code in apps/s_server.c is:

	SSL_renegotiate(con);
	i = SSL_do_handshake(con);

this implements the handling of the 'r' magic character, see s_server(1):

    CONNECTED COMMANDS

       If a connection request is established with an SSL client and neither
       the -www nor the -WWW option has been used then normally any data
       received from the client is displayed and any key presses will be sent
       to the client.

       Certain commands are also recognized which perform special operations.
       These commands are a letter which must appear at the start of a line.
       They are listed below.

       [...]

       r   Renegotiate the SSL session (TLSv1.2 and below only).

       R   Renegotiate the SSL session and request a client certificate
           (TLSv1.2 and below only).

-- 
	Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux