Hi Matt, Got it! Thanks very much for your reply! Best Regards Nan Xiao On Fri, Jul 2, 2021 at 5:46 PM Matt Caswell <matt@xxxxxxxxxxx> wrote: > > > > On 02/07/2021 10:09, Nan Xiao wrote: > > Hi OpenSSL users, > > > > Greetings from me! From this article > > (https://www.qacafe.com/resources/examples-of-tls-1-3/) and pcap file > > (https://www.cloudshark.org/captures/64d433b1585a), I know we can use > > s_server and s_client to simulate "TLS 1.3 Session Resumption". I > > tried following command: > > > > echo | openssl s_client -tls1_3 -connect tls13.cloudflare.com:443 -reconnect > > > > That looks like you've stumbled across an s_client bug. This should > work, but it doesn't appear to. I just raised an issue for it: > > https://github.com/openssl/openssl/issues/15979 > > > > > But it seems not to work since there is no "pre_shared_key" extension, > > and every time s_client just initiated a new connection instead of > > resumption. > > > > Could anybody advise how to simulate "TLS 1.3 Session Resumption" > > through OpenSSL tools? Thanks very much in advance! > > You can do this another way. Create an initial connection (add > "-connect" option as appropriate): > > openssl s_client -tls1_3 -sess_out sess.pem > > And then resume like this: > > openssl s_client -tls1_3 -sess_in sess.pem > > However, note that with TLSv1.3 the session data doesn't arrive until > post-handshake. In the case of the cloudflare server it doesn't send any > session tickets until it has received some application data from the > client. So in order to get a valid resumable session you will have to > type some HTTP command into s_client once it has created its initial > connection. This should cause the cloudflare server to respond with a > session ticket, which will get saved to the sess.pem file. You can then > use that in the subsequent resumption attempt. > > Matt >
