| /openssl/test/ssl-tests/ |
| H A D | 06-sni-ticket.cnf | 5 test-0 = 0-sni-session-ticket
6 test-1 = 1-sni-session-ticket
7 test-2 = 2-sni-session-ticket
8 test-3 = 3-sni-session-ticket
9 test-4 = 4-sni-session-ticket
10 test-5 = 5-sni-session-ticket
11 test-6 = 6-sni-session-ticket
24 [0-sni-session-ticket]
66 [1-sni-session-ticket]
110 [2-sni-session-ticket]
[all …]
|
| H A D | 27-ticket-appdata.cnf | 5 test-0 = 0-session-ticket-app-data12
6 test-1 = 1-session-ticket-app-data12
7 test-2 = 2-session-ticket-app-data13
8 test-3 = 3-session-ticket-app-data13
11 [0-session-ticket-app-data12]
14 [0-session-ticket-app-data12-ssl]
20 [0-session-ticket-app-data12-server]
48 [1-session-ticket-app-data12]
51 [1-session-ticket-app-data12-ssl]
80 [2-session-ticket-app-data13]
[all …]
|
| /openssl/test/recipes/ |
| H A D | 70-test_tlsextms.t | 95 (undef, my $session) = tempfile();
100 $proxy->clientflags("-no_tls1_3 -sess_in ".$session);
103 unlink $session;
112 (undef, $session) = tempfile();
121 unlink $session;
129 (undef, $session) = tempfile();
138 unlink $session;
146 (undef, $session) = tempfile();
155 unlink $session;
163 (undef, $session) = tempfile();
[all …]
|
| H A D | 70-test_sslsessiontick.t | 77 (undef, my $session) = tempfile();
79 $proxy->clientflags("-no_tls1_3 -sess_out ".$session);
82 $proxy->clientflags("-no_tls1_3 -sess_in ".$session);
85 unlink $session;
91 (undef, $session) = tempfile();
96 $proxy->clientflags("-no_tls1_3 -sess_in ".$session);
100 unlink $session;
113 (undef, $session) = tempfile();
119 $proxy->clientflags("-no_tls1_3 -sess_in ".$session." -sess_out ".$session);
126 $proxy->clientflags("-no_tls1_3 -sess_in ".$session);
[all …]
|
| H A D | 70-test_tls13psk.t | 46 (undef, my $session) = tempfile();
47 $proxy->clientflags("-sess_out ".$session);
49 $proxy->sessionfile($session);
56 $proxy->clientflags("-sess_in ".$session);
65 $proxy->clientflags("-sess_in ".$session);
83 $proxy->clientflags("-sess_in ".$session);
106 $proxy->clientflags("-sess_in ".$session);
111 unlink $session;
|
| /openssl/doc/man3/ |
| H A D | SSL_CTX_set_session_cache_mode.pod | 16 SSL_CTX_set_session_cache_mode() enables/disables session caching
28 In order to reuse a session, a client must send the session's id to the
31 session).
33 A server will look up the session in its internal session storage. If the
39 context, the session id context must be set by the server (see
42 The following session cache modes and modifiers are available:
48 No session caching for client or server takes place.
62 session to be reused, the server looks for the corresponding session in (first)
65 server will try to reuse the session. This is the default.
99 session lookups in the external cache (i.e. for session-resume requests) would
[all …]
|
| H A D | SSL_CTX_add_session.pod | 5 SSL_CTX_add_session, SSL_CTX_remove_session - manipulate session cache
17 SSL_CTX_add_session() adds the session B<c> to the context B<ctx>. The
18 reference count for session B<c> is incremented by 1. If a session with
19 the same session id already exists, the old session is removed by calling
27 When adding a new session to the internal session cache, it is examined
28 whether a session with the same session id already exists. In this case
29 it is assumed that both sessions are identical. If the same session is
30 stored in a different SSL_SESSION object, The old session is
31 removed and replaced by the new session. If the session is actually
38 cache will be searched automatically for session-resume requests (the
[all …]
|
| H A D | SSL_set_session.pod | 5 SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect
11 int SSL_set_session(SSL *ssl, SSL_SESSION *session);
15 SSL_set_session() sets B<session> to be used when the TLS/SSL connection
17 When the session is set, the reference count of B<session> is incremented
18 by 1. If the session is not reused, the reference count is decremented
19 again during SSL_connect(). Whether the session was reused can be queried
22 If there is already a session set inside B<ssl> (because it was set with
24 a connection), SSL_SESSION_free() will be called for that session.
25 This is also the case when B<session> is a NULL pointer. If that old
27 session cache (if used). A session is considered open, if L<SSL_shutdown(3)> was
[all …]
|
| H A D | SSL_CTX_sess_set_get_cb.pod | 32 called whenever a new session was negotiated.
35 called whenever a session is removed by the SSL engine. For example,
40 whenever a TLS client proposed to resume a session but the session
41 could not be found in the internal session cache (see
53 session cache is realized via callback functions. Inside these callback
60 ssl session B<sess>.
80 L<SSL_CTX_remove_session(3)> after a session has been used.
85 for all sessions in the internal session cache when
90 the session id
92 session caching was disabled. The get_session_cb() is passed the
[all …]
|
| H A D | SSL_CTX_set_generate_session_id.pod | 7 - manipulate generation of SSL session IDs (server only)
24 new session ids for SSL/TLS sessions for B<ctx> to be B<cb>.
27 new session ids for SSL/TLS sessions for B<ssl> to be B<cb>.
29 SSL_has_matching_session_id() checks, whether a session with id B<id>
36 generates a session id. The session id is an arbitrary sequence of bytes.
37 The length of the session id is between 1 and 32 bytes. The session id is not
43 session id from pseudo random numbers of the maximum possible length.
44 Using the callback function, the session id can be changed to contain
74 not the external one. Since the session id is generated before the
77 can occur in that another thread generates the same session id.
[all …]
|
| H A D | SSL_get_session.pod | 5 SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data
28 The ssl session contains all information required to re-establish the
43 sent, or if no session tickets were sent then the session for the current
48 The new session callback is only invoked when a session is actually established,
54 A session will be automatically removed from the session cache and marked as
62 SSL_get0_session() returns a pointer to the actual session. As the
65 L<SSL_free(3)> is called, the session may be removed completely
72 but stays in memory. In order to remove the session
77 list, when being inserted into one SSL_CTX object's session cache.
90 There is no session available in B<ssl>.
[all …]
|
| H A D | SSL_CTX_set_session_id_context.pod | 19 B<sid_ctx_len> within which a session can be reused for the B<ctx> object.
22 B<sid_ctx_len> within which a session can be reused for the B<ssl> object.
28 to re-import a session generated from another context (e.g. another
36 The session id context becomes part of the session. The session id context
41 OpenSSL clients will check the session id context returned by the server
42 when reusing a session.
49 If the session id context is not set on an SSL/TLS server and client
54 If a server returns a different session id context to an OpenSSL client
55 when reusing a session, an error will be flagged and the handshake will
58 a session as described above.
[all …]
|
| H A D | SSL_CTX_sess_set_cache_size.pod | 5 SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size
16 SSL_CTX_sess_set_cache_size() sets the size of the internal session cache
20 SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.
24 The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,
29 If adding the session makes the cache exceed its size, then unused
35 If the size of the session cache is reduced and more sessions are already
36 in the session cache, old session will be removed at the next time a
37 session shall be added. This removal is not synchronized with the
|
| H A D | SSL_session_reused.pod | 5 SSL_session_reused - query whether a reused session was negotiated during handshake
15 Query, whether a reused session was negotiated during the handshake.
19 During the negotiation, a client can propose to reuse a session. The server
20 then looks up the session in its cache. If both client and server agree
21 on the session, it will be reused and a flag is being set that can be
32 A new session was negotiated.
36 A session was reused.
|
| H A D | SSL_CTX_set_session_ticket_cb.pod | 9 SSL_CTX_decrypt_session_ticket_fn - manage session ticket application data
32 with a session, and placed into a session ticket. Either callback function may
41 B<dec_cb> is the application defined callback invoked after session ticket
42 decryption has been attempted and any session ticket application data is
55 the application that a session ticket is about to be generated.
57 SSL_SESSION_get0_ticket_appdata() assigns B<data> to the session ticket
58 application data and assigns B<len> to the length of the session ticket
61 to B<data> and 0 will be assigned to B<len> if there is no session ticket
63 after a session has been created. The B<dec_cb> is provided to notify the
64 application that a session ticket has just been decrypted.
[all …]
|
| H A D | SSL_CTX_set_tlsext_ticket_key_cb.pod | 7 - set a callback for session ticket processing
30 session tickets for the ssl context I<sslctx>. Session tickets, defined in
31 RFC5077 provide an enhanced session resumption capability where the server
32 implementation is not required to maintain per session state. It only applies
36 session when session ticket extension is presented in the TLS hello
45 In order to reuse a session, a TLS client must send the a session ticket
94 continue on those parameters. Additionally it indicates that the session
107 the SSL/TLS session will continue by negotiating a set of cryptographic
144 enable an attacker to obtain the session keys.
164 if (enc) { /* create new session */
[all …]
|
| H A D | SSL_SESSION_set1_id.pod | 7 - get and set the SSL session ID
20 SSL_SESSION_get_id() returns a pointer to the internal session id value for the
21 session B<s>. The length of the id in bytes is stored in B<*len>. The length may
24 SSL_SESSION_set1_id() sets the session ID for the B<ssl> SSL/TLS session
29 SSL_SESSION_get_id() returns a pointer to the session id value.
31 if the supplied session ID length exceeds B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
|
| H A D | SSL_clear.pod | 21 settings are kept, a side effect is the handling of the current SSL session.
22 If a session is still B<open>, it is considered bad and will be removed
23 from the session cache, as required by RFC2246. A session is considered open,
28 If a session was closed cleanly, the session object will be kept and all
30 used during the session will be kept for the next handshake. So if the
31 session was a TLSv1 session, a SSL client object will use a TLSv1 client
51 if session reuse is not desired).
|
| H A D | SSL_SESSION_get_time.pod | 8 - retrieve and manipulate session time and timeout settings
26 SSL_SESSION_get_time() returns the time at which the session B<s> was
30 SSL_SESSION_set_time() replaces the creation time of the session B<s> with
33 SSL_SESSION_get_timeout() returns the timeout value set for session B<s>
36 SSL_SESSION_set_timeout() sets the timeout value for session B<s> in seconds
45 Both are set at creation time of the session to the actual time and the
49 of the session.
58 If any of the function is passed the NULL pointer for the session B<s>,
|
| H A D | SSL_CTX_set_timeout.pod | 5 SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching
23 Whenever a new session is created, it is assigned a maximum lifetime. This
24 lifetime is specified by storing the creation time of the session and the
26 time plus timeout, the session is not reused.
29 valid at the time of the session negotiation. Changes of the timeout value
32 The expiration time of a single session can be modified using the
35 Expired sessions are removed from the internal session cache, whenever
40 The default value for session timeout is decided on a per protocol
45 This timeout value is used as the ticket lifetime hint for stateless session
|
| /openssl/doc/man1/ |
| H A D | openssl-sess_id.pod.in | 6 openssl-sess_id - SSL/TLS session handling command
23 This command processes the encoded version of the SSL session
24 structure and optionally prints out SSL session details (for example
25 the SSL session master key) in human readable format. Since this is a
70 This option prevents output of the encoded version of the session.
74 This option can set the session id so the output session information uses the
110 The SSL session ID in hex format.
114 The session ID context in hex format.
118 This is the SSL session master key.
137 Since the SSL session output contains the master key it is
[all …]
|
| /openssl/util/perl/TLSProxy/ |
| H A D | ServerHello.pm | 40 $self->{session} = "";
58 my $session = "";
61 $session = substr($self->data, $ptr, $session_id_len);
114 $self->session($session);
148 $data .= $self->session;
194 sub session subroutine
198 $self->{session} = shift;
200 return $self->{session};
|
| H A D | ClientHello.pm | 35 $self->{session} = "";
55 my $session = substr($self->data, $ptr, $session_id_len);
86 $self->session($session);
140 $data .= $self->session;
192 sub session subroutine
196 $self->{session} = shift;
198 return $self->{session};
|
| /openssl/ssl/statem/ |
| H A D | statem_clnt.c | 1109 SSL_SESSION *sess = s->session; in tls_construct_client_hello()
1213 assert(s->session->session_id_length <= sizeof(s->session->session_id)); in tls_construct_client_hello()
1359 s->session->cipher_id = s->session->cipher->id; in set_client_ciphersuite()
1871 s->session->peer_chain = NULL; in tls_process_server_certificate()
1946 X509_free(s->session->peer); in tls_post_process_server_certificate()
1948 s->session->peer = x; in tls_post_process_server_certificate()
2542 s->session = new_sess; in tls_process_new_session_ticket()
2549 s->session->ext.tick = NULL; in tls_process_new_session_ticket()
2550 s->session->ext.ticklen = 0; in tls_process_new_session_ticket()
3065 peer_cert = s->session->peer; in tls_construct_cke_gost()
[all …]
|
| H A D | extensions_clnt.c | 283 ticklen = s->session->ext.ticklen; in tls_construct_ctos_session_ticket()
292 memcpy(s->session->ext.tick, in tls_construct_ctos_session_ticket()
294 s->session->ext.ticklen = ticklen; in tls_construct_ctos_session_ticket()
855 edsess = s->session->ext.max_early_data != 0 ? s->session : psksess; in tls_construct_ctos_early_data()
1034 if (s->session->ext.ticklen != 0) { in tls_construct_ctos_psk()
1036 if (s->session->cipher == NULL) { in tls_construct_ctos_psk()
1652 s->session->ext.alpn_selected = in tls_parse_stoc_alpn()
1860 SSL_SESSION_free(s->session); in tls_parse_stoc_key_share()
1861 s->session = new_sess; in tls_parse_stoc_key_share()
2015 SSL_SESSION_free(s->session); in tls_parse_stoc_psk()
[all …]
|
