| version 1.68, 2016/09/03 13:26:55 |
version 1.69, 2016/09/04 19:38:51 |
|
|
| will only perform the handshake to establish SSL connections |
will only perform the handshake to establish SSL connections |
| but not transfer any payload data. |
but not transfer any payload data. |
| .El |
.El |
| .\" |
|
| .\" SESS_ID |
|
| .\" |
|
| .Sh SESS_ID |
.Sh SESS_ID |
| .nr nS 1 |
.nr nS 1 |
| .Nm "openssl sess_id" |
.Nm "openssl sess_id" |
| .Bk -words |
|
| .Op Fl cert |
.Op Fl cert |
| .Op Fl context Ar ID |
.Op Fl context Ar ID |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Cm der | pem |
| .Op Fl noout |
.Op Fl noout |
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Op Fl outform Ar DER | PEM |
.Op Fl outform Cm der | pem |
| .Op Fl text |
.Op Fl text |
| .Ek |
|
| .nr nS 0 |
.nr nS 0 |
| .Pp |
.Pp |
| The |
The |
| .Nm sess_id |
.Nm sess_id |
| program processes the encoded version of the SSL session structure and |
program processes the encoded version of the SSL session structure and |
| optionally prints out SSL session details |
optionally prints out SSL session details |
| .Pq for example the SSL session master key |
(for example the SSL session master key) |
| in human readable format. |
in human readable format. |
| Since this is a diagnostic tool that needs some knowledge of the SSL |
|
| protocol to use properly, most users will not need to use it. |
|
| .Pp |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
|
|
| .Fl text |
.Fl text |
| option is also present, then it will be printed out in text form. |
option is also present, then it will be printed out in text form. |
| .It Fl context Ar ID |
.It Fl context Ar ID |
| This option can set the session ID so the output session information uses the |
Set the session |
| supplied |
|
| .Ar ID . |
.Ar ID . |
| The |
The ID can be any string of characters. |
| .Ar ID |
|
| can be any string of characters. |
|
| This option won't normally be used. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input |
The input file to read from, |
| .Ar file |
or standard input if not specified. |
| to read session information from, or standard input by default. |
.It Fl inform Cm der | pem |
| .It Fl inform Ar DER | PEM |
The input format. |
| This specifies the input format. |
.Cm der |
| The |
uses an ASN1 DER-encoded format containing session details. |
| .Ar DER |
|
| argument uses an ASN1 DER-encoded |
|
| format containing session details. |
|
| The precise format can vary from one version to the next. |
The precise format can vary from one version to the next. |
| The |
.Cm pem |
| .Ar PEM |
is the default format: it consists of the DER |
| form is the default format: it consists of the DER |
|
| format base64-encoded with additional header and footer lines. |
format base64-encoded with additional header and footer lines. |
| .It Fl noout |
.It Fl noout |
| This option prevents output of the encoded version of the session. |
Do not output the encoded version of the session. |
| .It Fl out Ar file |
.It Fl out Ar file |
| This specifies the output |
The output file to write to, |
| .Ar file |
or standard output if not specified. |
| to write session information to, or standard |
.It Fl outform Cm der | pem |
| output if this option is not specified. |
The output format. |
| .It Fl outform Ar DER | PEM |
|
| This specifies the output format; the options have the same meaning as the |
|
| .Fl inform |
|
| option. |
|
| .It Fl text |
.It Fl text |
| Prints out the various public or private key components in |
Print the various public or private key components in plain text, |
| plain text in addition to the encoded version. |
in addition to the encoded version. |
| .El |
.El |
| .Sh SESS_ID OUTPUT |
|
| Typical output: |
|
| .Bd -literal |
|
| SSL-Session: |
|
| Protocol : TLSv1 |
|
| Cipher : 0016 |
|
| Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED |
|
| Session-ID-ctx: 01000000 |
|
| Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD |
|
| Key-Arg : None |
|
| Start Time: 948459261 |
|
| Timeout : 300 (sec) |
|
| Verify return code 0 (ok) |
|
| .Ed |
|
| .Pp |
.Pp |
| These are described below in more detail. |
The output of |
| |
.Nm sess_id |
| |
is composed as follows: |
| .Pp |
.Pp |
| .Bl -tag -width "Verify return code " -compact |
.Bl -tag -width "Verify return code " -offset 3n -compact |
| .It Ar Protocol |
.It Protocol |
| This is the protocol in use. |
The protocol in use. |
| .It Ar Cipher |
.It Cipher |
| The cipher used is the actual raw SSL or TLS cipher code; |
The actual raw SSL or TLS cipher code. |
| see the SSL or TLS specifications for more information. |
.It Session-ID |
| .It Ar Session-ID |
The SSL session ID, in hex format. |
| The SSL session ID in hex format. |
.It Session-ID-ctx |
| .It Ar Session-ID-ctx |
The session ID context, in hex format. |
| The session ID context in hex format. |
.It Master-Key |
| .It Ar Master-Key |
The SSL session master key. |
| This is the SSL session master key. |
.It Key-Arg |
| .It Ar Key-Arg |
|
| The key argument; this is only used in SSL v2. |
The key argument; this is only used in SSL v2. |
| .It Ar Start Time |
.It Start Time |
| This is the session start time, represented as an integer in standard |
The session start time. |
| .Ux |
.Ux |
| format. |
format. |
| .It Ar Timeout |
.It Timeout |
| The timeout in seconds. |
The timeout, in seconds. |
| .It Ar Verify return code |
.It Verify return code |
| This is the return code when an SSL client certificate is verified. |
The return code when a certificate is verified. |
| .El |
.El |
| .Sh SESS_ID NOTES |
|
| The PEM-encoded session format uses the header and footer lines: |
|
| .Bd -unfilled -offset indent |
|
| -----BEGIN SSL SESSION PARAMETERS----- |
|
| -----END SSL SESSION PARAMETERS----- |
|
| .Ed |
|
| .Pp |
.Pp |
| Since the SSL session output contains the master key, it is possible to read |
Since the SSL session output contains the master key, it is possible to read |
| the contents of an encrypted session using this information. |
the contents of an encrypted session using this information. |
|
|
| application. |
application. |
| This is, however, strongly discouraged and should only be used for |
This is, however, strongly discouraged and should only be used for |
| debugging purposes. |
debugging purposes. |
| .Sh SESS_ID BUGS |
|
| The cipher and start time should be printed out in human readable form. |
|
| .\" |
.\" |
| .\" SMIME |
.\" SMIME |
| .\" |
.\" |
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl