version 1.68, 2016/09/03 13:26:55 |
version 1.69, 2016/09/04 19:38:51 |
|
|
will only perform the handshake to establish SSL connections |
will only perform the handshake to establish SSL connections |
but not transfer any payload data. |
but not transfer any payload data. |
.El |
.El |
.\" |
|
.\" SESS_ID |
|
.\" |
|
.Sh SESS_ID |
.Sh SESS_ID |
.nr nS 1 |
.nr nS 1 |
.Nm "openssl sess_id" |
.Nm "openssl sess_id" |
.Bk -words |
|
.Op Fl cert |
.Op Fl cert |
.Op Fl context Ar ID |
.Op Fl context Ar ID |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Cm der | pem |
.Op Fl noout |
.Op Fl noout |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl outform Ar DER | PEM |
.Op Fl outform Cm der | pem |
.Op Fl text |
.Op Fl text |
.Ek |
|
.nr nS 0 |
.nr nS 0 |
.Pp |
.Pp |
The |
The |
.Nm sess_id |
.Nm sess_id |
program processes the encoded version of the SSL session structure and |
program processes the encoded version of the SSL session structure and |
optionally prints out SSL session details |
optionally prints out SSL session details |
.Pq for example the SSL session master key |
(for example the SSL session master key) |
in human readable format. |
in human readable format. |
Since this is a diagnostic tool that needs some knowledge of the SSL |
|
protocol to use properly, most users will not need to use it. |
|
.Pp |
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
|
|
.Fl text |
.Fl text |
option is also present, then it will be printed out in text form. |
option is also present, then it will be printed out in text form. |
.It Fl context Ar ID |
.It Fl context Ar ID |
This option can set the session ID so the output session information uses the |
Set the session |
supplied |
|
.Ar ID . |
.Ar ID . |
The |
The ID can be any string of characters. |
.Ar ID |
|
can be any string of characters. |
|
This option won't normally be used. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
The input file to read from, |
.Ar file |
or standard input if not specified. |
to read session information from, or standard input by default. |
.It Fl inform Cm der | pem |
.It Fl inform Ar DER | PEM |
The input format. |
This specifies the input format. |
.Cm der |
The |
uses an ASN1 DER-encoded format containing session details. |
.Ar DER |
|
argument uses an ASN1 DER-encoded |
|
format containing session details. |
|
The precise format can vary from one version to the next. |
The precise format can vary from one version to the next. |
The |
.Cm pem |
.Ar PEM |
is the default format: it consists of the DER |
form is the default format: it consists of the DER |
|
format base64-encoded with additional header and footer lines. |
format base64-encoded with additional header and footer lines. |
.It Fl noout |
.It Fl noout |
This option prevents output of the encoded version of the session. |
Do not output the encoded version of the session. |
.It Fl out Ar file |
.It Fl out Ar file |
This specifies the output |
The output file to write to, |
.Ar file |
or standard output if not specified. |
to write session information to, or standard |
.It Fl outform Cm der | pem |
output if this option is not specified. |
The output format. |
.It Fl outform Ar DER | PEM |
|
This specifies the output format; the options have the same meaning as the |
|
.Fl inform |
|
option. |
|
.It Fl text |
.It Fl text |
Prints out the various public or private key components in |
Print the various public or private key components in plain text, |
plain text in addition to the encoded version. |
in addition to the encoded version. |
.El |
.El |
.Sh SESS_ID OUTPUT |
|
Typical output: |
|
.Bd -literal |
|
SSL-Session: |
|
Protocol : TLSv1 |
|
Cipher : 0016 |
|
Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED |
|
Session-ID-ctx: 01000000 |
|
Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD |
|
Key-Arg : None |
|
Start Time: 948459261 |
|
Timeout : 300 (sec) |
|
Verify return code 0 (ok) |
|
.Ed |
|
.Pp |
.Pp |
These are described below in more detail. |
The output of |
|
.Nm sess_id |
|
is composed as follows: |
.Pp |
.Pp |
.Bl -tag -width "Verify return code " -compact |
.Bl -tag -width "Verify return code " -offset 3n -compact |
.It Ar Protocol |
.It Protocol |
This is the protocol in use. |
The protocol in use. |
.It Ar Cipher |
.It Cipher |
The cipher used is the actual raw SSL or TLS cipher code; |
The actual raw SSL or TLS cipher code. |
see the SSL or TLS specifications for more information. |
.It Session-ID |
.It Ar Session-ID |
The SSL session ID, in hex format. |
The SSL session ID in hex format. |
.It Session-ID-ctx |
.It Ar Session-ID-ctx |
The session ID context, in hex format. |
The session ID context in hex format. |
.It Master-Key |
.It Ar Master-Key |
The SSL session master key. |
This is the SSL session master key. |
.It Key-Arg |
.It Ar Key-Arg |
|
The key argument; this is only used in SSL v2. |
The key argument; this is only used in SSL v2. |
.It Ar Start Time |
.It Start Time |
This is the session start time, represented as an integer in standard |
The session start time. |
.Ux |
.Ux |
format. |
format. |
.It Ar Timeout |
.It Timeout |
The timeout in seconds. |
The timeout, in seconds. |
.It Ar Verify return code |
.It Verify return code |
This is the return code when an SSL client certificate is verified. |
The return code when a certificate is verified. |
.El |
.El |
.Sh SESS_ID NOTES |
|
The PEM-encoded session format uses the header and footer lines: |
|
.Bd -unfilled -offset indent |
|
-----BEGIN SSL SESSION PARAMETERS----- |
|
-----END SSL SESSION PARAMETERS----- |
|
.Ed |
|
.Pp |
.Pp |
Since the SSL session output contains the master key, it is possible to read |
Since the SSL session output contains the master key, it is possible to read |
the contents of an encrypted session using this information. |
the contents of an encrypted session using this information. |
|
|
application. |
application. |
This is, however, strongly discouraged and should only be used for |
This is, however, strongly discouraged and should only be used for |
debugging purposes. |
debugging purposes. |
.Sh SESS_ID BUGS |
|
The cipher and start time should be printed out in human readable form. |
|
.\" |
.\" |
.\" SMIME |
.\" SMIME |
.\" |
.\" |