Re: how is it possible to confirm that a TLS ticket was used?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Feb 04, 2019 at 03:54:48PM -0800, Sam Roberts wrote:

> And is it possible that this is different for TLS1.2 and 1.3?

The resumption API is the same.  However, because in TLS 1.3, session
tickets are sent *after* the completion of the handshake, it is
possible that the session handle you're saving is the one that does
not yet have any associated tickets, because they've not yet been
received.  Session ticket resumption is working with Postfix and
TLS 1.3.

    $ posttls-finger -c -Lsummary,cache,ssl-debug -r 4 smtp.dukhovni.org
    posttls-finger: looking for session [100.2.39.101]:25&4A46567FCBCF5C0617FE221FA66FD0CB8F240EB24DB6BD261D53255FC8C9BE94 in memory cache
    posttls-finger: smtp.dukhovni.org[100.2.39.101]:25: SNI hostname: smtp.dukhovni.org
    posttls-finger: SSL_connect:before SSL initialization
    posttls-finger: SSL_connect:SSLv3/TLS write client hello
    posttls-finger: SSL_connect:SSLv3/TLS write client hello
    posttls-finger: SSL_connect:SSLv3/TLS read server hello
    posttls-finger: SSL_connect:TLSv1.3 read encrypted extensions
    posttls-finger: SSL_connect:SSLv3/TLS read server certificate
    posttls-finger: SSL_connect:TLSv1.3 read server certificate verify
    posttls-finger: SSL_connect:SSLv3/TLS read finished
    posttls-finger: SSL_connect:SSLv3/TLS write change cipher spec
    posttls-finger: SSL_connect:SSLv3/TLS write finished
    posttls-finger: Verified TLS connection established to smtp.dukhovni.org[100.2.39.101]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
    posttls-finger: SSL_connect:SSL negotiation finished successfully
    posttls-finger: SSL_connect:SSL negotiation finished successfully
    posttls-finger: save session [100.2.39.101]:25&4A46567FCBCF5C0617FE221FA66FD0CB8F240EB24DB6BD261D53255FC8C9BE94 to memory cache
    posttls-finger: SSL_connect:SSLv3/TLS read server session ticket
    posttls-finger: Reconnecting after 4 seconds
    posttls-finger: looking for session [100.2.39.101]:25&4A46567FCBCF5C0617FE221FA66FD0CB8F240EB24DB6BD261D53255FC8C9BE94 in memory cache
    posttls-finger: reloaded session [100.2.39.101]:25&4A46567FCBCF5C0617FE221FA66FD0CB8F240EB24DB6BD261D53255FC8C9BE94 from memory cache
    posttls-finger: smtp.dukhovni.org[100.2.39.101]:25: SNI hostname: smtp.dukhovni.org
    posttls-finger: SSL_connect:before SSL initialization
    posttls-finger: SSL_connect:SSLv3/TLS write client hello
    posttls-finger: SSL_connect:SSLv3/TLS write client hello
    posttls-finger: SSL_connect:SSLv3/TLS read server hello
    posttls-finger: SSL_connect:TLSv1.3 read encrypted extensions
    posttls-finger: SSL_connect:SSLv3/TLS read finished
    posttls-finger: SSL_connect:SSLv3/TLS write change cipher spec
    posttls-finger: SSL_connect:SSLv3/TLS write finished
    posttls-finger: smtp.dukhovni.org[100.2.39.101]:25: Reusing old session
    posttls-finger: Verified TLS connection established to smtp.dukhovni.org[100.2.39.101]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
    posttls-finger: Found a previously used server.  Done reconnecting.

-- 
	Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux