Re: [openssl-users] Two sessions in a single full handshake

2018-10-01 Thread Matt Caswell 


On 30/09/18 06:05, John Jiang wrote:
> Now that full handshake sends two sessions, does that mean option
> -sess_out saves both of the sessions to a local file?

The last session received is the one in the sess_out file.

Matt


> If so, when resume session via option -sess_in, which session will be
> resumed?
> 
> On Sun, Sep 30, 2018 at 11:47 AM Benjamin Kaduk via openssl-users
> mailto:openssl-users@openssl.org>> wrote:
> 
> s_client has -sess_out and -sess_in options that can be used
> to save session information to a file and read it in for a subsequent
> connection.  Neither is used by default.
> 
> -Ben
> 
> On Sun, Sep 30, 2018 at 11:06:14AM +0800, John Jiang wrote:
> > Does s_client resume any session in the local session file?
> >
> > On Sun, Sep 30, 2018 at 3:19 AM Salz, Rich via openssl-users <
> > openssl-users@openssl.org > wrote:
> >
> > >
> > >    - The debug logs display two "SSL-Session" blocks in a full
> handshake.
> > >
> > > Only one "SSL-Session" block is displayed in a resumption.
> > >
> > > Why does full handshake has two sessions?
> > >
> > >
> > >
> > > This is part of the TLS 1.3 standard.  A server can send back
> multiple
> > > sessions, so that a client may resume with a different session, and
> > > therefore prevent an observer from “linking” two different
> activities.
> > > --
> > > openssl-users mailing list
> > > To unsubscribe:
> https://mta.openssl.org/mailman/listinfo/openssl-users
> > >
> 
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> 
> 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Two sessions in a single full handshake

2018-09-29 Thread Richard 
B I

On Sat, Sep 29, 2018 at 10:06 PM John Jiang 
wrote:

> Now that full handshake sends two sessions, does that mean option
> -sess_out saves both of the sessions to a local file?
> If so, when resume session via option -sess_in, which session will be
> resumed?
>
> On Sun, Sep 30, 2018 at 11:47 AM Benjamin Kaduk via openssl-users <
> openssl-users@openssl.org> wrote:
>
>> s_client has -sess_out and -sess_in options that can be used
>> to save session information to a file and read it in for a subsequent
>> connection.  Neither is used by default.
>>
>> -Ben
>>
>> On Sun, Sep 30, 2018 at 11:06:14AM +0800, John Jiang wrote:
>> > Does s_client resume any session in the local session file?
>> >
>> > On Sun, Sep 30, 2018 at 3:19 AM Salz, Rich via openssl-users <
>> > openssl-users@openssl.org> wrote:
>> >
>> > >
>> > >- The debug logs display two "SSL-Session" blocks in a full
>> handshake.
>> > >
>> > > Only one "SSL-Session" block is displayed in a resumption.
>> > >
>> > > Why does full handshake has two sessions?
>> > >
>> > >
>> > >
>> > > This is part of the TLS 1.3 standard.  A server can send back multiple
>> > > sessions, so that a client may resume with a different session, and
>> > > therefore prevent an observer from “linking” two different activities.
>> > > --
>> > > openssl-users mailing list
>> > > To unsubscribe:
>> https://mta.openssl.org/mailman/listinfo/openssl-users
>> > >
>>
>> > --
>> > openssl-users mailing list
>> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Two sessions in a single full handshake

2018-09-29 Thread John Jiang 
Now that full handshake sends two sessions, does that mean option -sess_out
saves both of the sessions to a local file?
If so, when resume session via option -sess_in, which session will be
resumed?

On Sun, Sep 30, 2018 at 11:47 AM Benjamin Kaduk via openssl-users <
openssl-users@openssl.org> wrote:

> s_client has -sess_out and -sess_in options that can be used
> to save session information to a file and read it in for a subsequent
> connection.  Neither is used by default.
>
> -Ben
>
> On Sun, Sep 30, 2018 at 11:06:14AM +0800, John Jiang wrote:
> > Does s_client resume any session in the local session file?
> >
> > On Sun, Sep 30, 2018 at 3:19 AM Salz, Rich via openssl-users <
> > openssl-users@openssl.org> wrote:
> >
> > >
> > >- The debug logs display two "SSL-Session" blocks in a full
> handshake.
> > >
> > > Only one "SSL-Session" block is displayed in a resumption.
> > >
> > > Why does full handshake has two sessions?
> > >
> > >
> > >
> > > This is part of the TLS 1.3 standard.  A server can send back multiple
> > > sessions, so that a client may resume with a different session, and
> > > therefore prevent an observer from “linking” two different activities.
> > > --
> > > openssl-users mailing list
> > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> > >
>
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Two sessions in a single full handshake

2018-09-29 Thread Benjamin Kaduk via openssl-users 
s_client has -sess_out and -sess_in options that can be used
to save session information to a file and read it in for a subsequent
connection.  Neither is used by default.

-Ben

On Sun, Sep 30, 2018 at 11:06:14AM +0800, John Jiang wrote:
> Does s_client resume any session in the local session file?
> 
> On Sun, Sep 30, 2018 at 3:19 AM Salz, Rich via openssl-users <
> openssl-users@openssl.org> wrote:
> 
> >
> >- The debug logs display two "SSL-Session" blocks in a full handshake.
> >
> > Only one "SSL-Session" block is displayed in a resumption.
> >
> > Why does full handshake has two sessions?
> >
> >
> >
> > This is part of the TLS 1.3 standard.  A server can send back multiple
> > sessions, so that a client may resume with a different session, and
> > therefore prevent an observer from “linking” two different activities.
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> >

> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Two sessions in a single full handshake

2018-09-29 Thread John Jiang 
Does s_client resume any session in the local session file?

On Sun, Sep 30, 2018 at 3:19 AM Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:

>
>- The debug logs display two "SSL-Session" blocks in a full handshake.
>
> Only one "SSL-Session" block is displayed in a resumption.
>
> Why does full handshake has two sessions?
>
>
>
> This is part of the TLS 1.3 standard.  A server can send back multiple
> sessions, so that a client may resume with a different session, and
> therefore prevent an observer from “linking” two different activities.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Two sessions in a single full handshake

2018-09-29 Thread Salz, Rich via openssl-users 
  *   The debug logs display two "SSL-Session" blocks in a full handshake.
Only one "SSL-Session" block is displayed in a resumption.
Why does full handshake has two sessions?

This is part of the TLS 1.3 standard.  A server can send back multiple 
sessions, so that a client may resume with a different session, and therefore 
prevent an observer from “linking” two different activities.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Two sessions in a single full handshake

2018-09-29 Thread John Jiang 
Using OpenSSL 1.1.1.
The debug logs display two "SSL-Session" blocks in a full handshake.
Only one "SSL-Session" block is displayed in a resumption.
Why does full handshake has two sessions?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users