2018-06-20 17:01 GMT+08:00 Matt Caswell <m...@openssl.org>:
> > > On 20/06/18 07:11, John Jiang wrote: > > 2018-06-19 6:21 GMT+08:00 Matt Caswell <m...@openssl.org > > <mailto:m...@openssl.org>>: > > > > > > > > On 18/06/18 21:23, Hubert Kario wrote: > > > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > > >> On 08/06/18 02:48, John Jiang wrote: > > >>> Is it possible to check Key/IV update feature via these tools? > > >>> Thanks! > > >> > > >> Yes. See the "CONNECTED COMMANDS" sections of these pages: > > >> https://www.openssl.org/docs/manmaster/man1/s_server.html > > <https://www.openssl.org/docs/manmaster/man1/s_server.html> > > >> https://www.openssl.org/docs/manmaster/man1/s_client.html > > <https://www.openssl.org/docs/manmaster/man1/s_client.html> > > >> > > >> Basically typing "k" or "K" from an s_server/s_client session > will issue > > >> a KeyUpdate message. Using the capitalised form ("K"), > additionally > > >> requests a KeyUpdate from the peer. > > > > > > Are there similar commands to perform or control post-handshake > client > > > authentication? > > > > Yes. As mentioned on the above s_server link, type "c" from an > s_server > > session to send a certificate request to the client. > > > > With the mentioned pages, I don't get how to test 0-RTT. > > But it sounds that OpenSSL already supports this feature. > > It is on those pages - just not in the "CONNECTED COMMANDS" section. > > To test 0-RTT early data start s_server with the "-early_data" flag: > > $ openssl s_server -early_data > > Obtain a session that can later be used for sending early data: > > $ openssl s_client -sess_out session.pem > > Type "Q" in the s_client window to close the connection. Now you can do > a 0-RTT handshake and send early data (assuming the existence of a file > "myearlydata.dat" containing the early data you want to send): > > $ openssl s_client -sess_in session.pem -early_data myearlydata.dat > > If s_server doesn't use option -early_data, the NewSessionTicket won't contain early_data extension, and then in the second connection, s_client won't send early data even option -early_data is used. Right? Is it possible to take s_client to send early data, even though the server don't support 0-RTT.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users