Skip to main content
HashnodeDog Tera

Command Palette

Search for a command to run...

Test TLS Resumption

Updated
2 min read
G
Gu

Session Ticket Resumption

new connection

Session parameter will be saved in /tmp/ssl_s 

openssl s_client -connect t3.fastly.work:443 -sess_out /tmp/ssl_s -servername t3.fastly.work

output 

---
SSL handshake has read 4654 bytes and written 304 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    Session-ID: 401ABB1C964A75FC5DBC283F963B841AC567FF5CAAC2EEA7645989DB8174A362
    Session-ID-ctx:
    Master-Key: 9C76B3A6773C989D0E092F154C8212F0297EB7D2B7AF5886836D770B4CB3912E521847EE4B878CE88CD44D59C4CC3F51
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:

Issue a http command (extra newline needed) to verify if https works

GET /status/200 HTTP/1.1
Host: t3.fastly.work

resumption

Session parameter saved in /tmp/ssl_s will be used

openssl s_client -connect t3.fastly.work:443 -sess_in /tmp/ssl_s -servername t3.fastly.work

output

---
SSL handshake has read 129 bytes and written 470 bytes
---
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    Session-ID: 401ABB1C964A75FC5DBC283F963B841AC567FF5CAAC2EEA7645989DB8174A362
    Session-ID-ctx:
    Master-Key: 9C76B3A6773C989D0E092F154C8212F0297EB7D2B7AF5886836D770B4CB3912E521847EE4B878CE88CD44D59C4CC3F51
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:

Notice only 129 bytes is read for resumption, compared to 4654 bytes for new connection

Issue a http command (extra newline needed) to verify if https still works. (and YES)

GET /status/200 HTTP/1.1
Host: t3.fastly.work

Session ID Resumption

we can add -no_ticket to test session ID resumption like below.

new connection

openssl s_client -connect t3.fastly.work:443 -no_ticket -sess_out /tmp/ssl_s -servername t3.fastly.work

resumption

openssl s_client -connect t3.fastly.work:443 -no_ticket -sess_in /tmp/ssl_s -servername t3.fastly.work

Reference

https://serverfault.com/questions/345891/how-should-i-check-if-ssl-session-resumption-is-working-or-not

#tls#https

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Dog Tera

7 posts

Cat is a tech blog with has nothing to do with cat.