RFC5077 3.4 paragraph two allows for renewing session tickets. SSL_CTX_set_tlsext_ticket_key_cb facilitates its implemenation on the server side allowing a return value of 2. Unfortunately the client side doesn't recognise the sequence of messages generated and aborts.
I've use the SSL_CTX_set_tlsext_ticket_key_cb returning the value 2 to perform a renew of the session ticket the following implementation in nginx. http://trac.nginx.org/nginx/ticket/120 Running against the test server as described by the test plan here I have a config that expires a session after 20 seconds and after 10 seconds issues a new of certificate to the client. Using the openssl app I ran: ./openssl s_client -connect localhost:4433 -sess_out /tmp/ss.test; sleep 15; ./openssl s_client -connect localhost:4433 -sess_in /tmp/ss.test -msg I then immediately issued a ctrl-D to finish the input on the first command. Using the patch previously sent to the list to display more message types I get the following output from the openssl-1.0.1c version of the app against the nginx server (using openssl library 1.0.0j): WARNING: can't open config file: /usr/local/ssl/openssl.cnf depth=0 CN = localhost verify error:num=18:self signed certificate verify return:1 depth=0 CN = localhost verify return:1 CONNECTED(00000003) --- Certificate chain 0 s:/CN=localhost i:/CN=localhost --- Server certificate -----BEGIN CERTIFICATE----- MIIDdDCCAiygAwIBAgIEUGUQCzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwHhcNMTIwOTI4MDI0ODQ1WhcNMjkwMzAzMDI0ODQ5WjAUMRIwEAYD VQQDEwlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCy RfT8s8xHtUqiQIY4ZlPby3s0u72FiRkjeZJ5LVxL51X3pjlq5lam8LEByKicH1+3 95sAFM9pvVu9W+2nFLFoq6LKfyDj7kreXnhSZ/z3b1X+1ljCM8jE7Zjs7Q01ypZM pLZZmFc/fFM7KI3HkFMjI1hxWYM6tZv4bIrpncm1ufFNHakMAF2396E4Gt44N7WS /nSVRrPFhRO9hRn0UBWhHx5tm6ngrz1vjOtviop18mbMTNyOi+B/84O/kpNMAPbk Hv4jL8VW50ejWCDykHKXwhy2c+vhal1/3rO7244bbM3gK5VzHsaDpAxuKb9S87MX KM1BY9o+P9qHQpsWU3RnAGv6JXmdWXxhCuwMaaReSGqk4NhrdbWRFseNYdp9LGnC 21a/cfugYEFTlkB2LL4tAgMBAAGjbjBsMAwGA1UdEwEB/wQCMAAwJwYDVR0lBCAw HgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDETAUBgNVHREEDTALgglsb2Nh bGhvc3QwHQYDVR0OBBYEFPRgZzW0OdxwnB0fSEfTnvQjsKLgMA0GCSqGSIb3DQEB CwUAA4IBMQCcJeKq4SGNAOFCpahy0Hk0lquhW+RIZpESdt/q1RgDCu3CRe2mIuCm x+MHBmFgB5tKHYzPY33u/vOAUldV/NW+Y4AdKkt6tEJjreEfsbuoZhYbJRnAcUWj hpFFLd7J3rlz2joiG7rFm/dvf/usrR5118ntj1VXmkLkRQD6VU9jC4aKDFHKj745 b4UxPYGJY+N2Vrz4b7SPDfTHZe8URsnxnpbauVRDWaePk9xfdtIInmrV3wE2dbyp 2wIMbQtpEhYeQJpjifEW9L6f+S7R4pCWOhtU9Qu5pWZjjqFb+MkGQT39tV+80Zor hEHTty3syGT83a+YhOPFWw3i3zY2OhjP0ULe8immz57GGVkBa53muTwuPubfl339 T25pVngwAyYRHFjXSkkUdHpqOw1sbd0c -----END CERTIFICATE----- subject=/CN=localhost issuer=/CN=localhost --- Acceptable client certificate CA names /CN=localhost --- SSL handshake has read 1817 bytes and written 531 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2432 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: F502AE12E3B1C1B637C8C27551F7349F1ED286F85D4ADF539CE864ED175DF559 Session-ID-ctx: Master-Key: 6BE3F4A99A06BB9CDA5D42092A264F22E99A743B45D687F260B5184BF595D160790BC773E6F85CFC3BEDC48DC6187B41 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket: 0000 - 8d 9c a1 95 0d 0d 52 5c-61 31 3e 0e 5c 49 5b 09 ......R\a1>.\I[. 0010 - 71 cf d0 0d 4c 43 37 a6-8a 61 5a 98 0b 96 3f f6 q...LC7..aZ...?. 0020 - 8b 09 bf d8 91 b3 15 41-5b af 45 6e ed f8 01 99 .......A[.En.... 0030 - 10 e7 b4 47 2a ca c5 41-79 53 34 72 ea e2 29 63 ...G*..AyS4r..)c 0040 - af 49 a5 30 d6 3c 97 04-0b c8 c4 60 40 3c 59 8c .I.0.<.....`@<Y. 0050 - 0f 79 b9 29 78 71 4b 26-76 2d 54 41 cb de 65 2b .y.)xqK&v-TA..e+ 0060 - e8 36 3c af dd 23 0f 00-0a fc d8 94 f9 1f 86 00 .6<..#.......... 0070 - 4f 0a be 35 dc a2 6d c9-d7 5b 77 18 be 44 9e 2f O..5..m..[w..D./ 0080 - 7b e4 41 fa 5d fd 45 a1-6c 67 7a 84 5c f2 0a b2 {.A.].E.lgz.\... 0090 - c8 8b 12 72 2e 5b 11 93-93 5b 29 6b 07 01 45 bd ...r.[...[)k..E. Start Time: 1348972147 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- DONE WARNING: can't open config file: /usr/local/ssl/openssl.cnf CONNECTED(00000003) >>> TLS 1.0 Handshake [length 019e], ClientHello 01 00 01 9a 03 01 50 67 ae 84 2e 51 d8 9f 86 03 e8 d9 b3 dc d3 4d 04 23 64 3e 23 73 26 7f 66 51 0c 84 72 a3 8c 71 20 f5 02 ae 12 e3 b1 c1 b6 37 c8 c2 75 51 f7 34 9f 1e d2 86 f8 5d 4a df 53 9c e8 64 ed 17 5d f5 59 00 68 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 e9 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 a0 8d 9c a1 95 0d 0d 52 5c 61 31 3e 0e 5c 49 5b 09 71 cf d0 0d 4c 43 37 a6 8a 61 5a 98 0b 96 3f f6 8b 09 bf d8 91 b3 15 41 5b af 45 6e ed f8 01 99 10 e7 b4 47 2a ca c5 41 79 53 34 72 ea e2 29 63 af 49 a5 30 d6 3c 97 04 0b c8 c4 60 40 3c 59 8c 0f 79 b9 29 78 71 4b 26 76 2d 54 41 cb de 65 2b e8 36 3c af dd 23 0f 00 0a fc d8 94 f9 1f 86 00 4f 0a be 35 dc a2 6d c9 d7 5b 77 18 be 44 9e 2f 7b e4 41 fa 5d fd 45 a1 6c 67 7a 84 5c f2 0a b2 c8 8b 12 72 2e 5b 11 93 93 5b 29 6b 07 01 45 bd 00 0f 00 01 01 <<< TLS 1.0 Handshake [length 0055], ServerHello 02 00 00 51 03 01 50 67 ae 84 02 84 e1 1e e1 50 a9 cb 7a 15 23 5f b8 d5 4c 9d 6c 7e c8 f9 eb a7 32 0d fc 56 aa 9e 20 f5 02 ae 12 e3 b1 c1 b6 37 c8 c2 75 51 f7 34 9f 1e d2 86 f8 5d 4a df 53 9c e8 64 ed 17 5d f5 59 00 39 00 00 09 ff 01 00 01 00 00 23 00 00 <<< TLS 1.0 Handshake [length 00ca], NewSessionTicket 04 00 00 c6 00 00 00 00 00 c0 a0 b3 3f fd 24 5b 9d fa b2 70 b5 e1 1a 69 aa d5 ac 2d 4c 41 a8 38 f9 e5 03 99 d5 74 43 90 a5 88 43 0a c2 91 36 f9 ae 42 32 85 a4 d3 3a 6b d8 9c 6c be 4c 7d bd b0 62 7e e0 a9 dd 7a c7 ee d2 66 f1 1a df 65 a0 74 1e f8 05 fd 7d a4 c9 66 0e ab fd f0 78 a6 00 a8 01 0c e1 af 02 a0 3e 08 fc 8a 69 19 ce 61 0f ea 58 e1 8e c5 90 ac 26 ba 60 a8 69 fd a1 7d 59 48 9c 16 d3 38 9e 42 24 e4 30 6d 57 84 6e 18 f3 6c 28 14 a7 62 29 9a 4b 11 29 d8 69 4b 8e d7 e0 a1 ac e4 0d 27 80 19 b5 eb 60 49 0e 3d 82 a7 f3 89 a3 d0 63 ca 15 ed 12 25 fc b9 1e 8a 04 74 7e 86 b4 fc 83 07 f6 ea 49 1a 9f 7a <<< TLS 1.0 ChangeCipherSpec [length 0001] 01 <<< TLS 1.0 Handshake [length 0010], Finished 14 00 00 0c ab 10 c6 f8 70 64 fb eb 5a 6a 3a 1d >>> TLS 1.0 ChangeCipherSpec [length 0001] 01 >>> TLS 1.0 Handshake [length 0010], Finished 14 00 00 0c f9 f5 a5 cb ec 19 06 79 38 fc 50 ed --- Server certificate -----BEGIN CERTIFICATE----- MIIDdDCCAiygAwIBAgIEUGUQCzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwls b2NhbGhvc3QwHhcNMTIwOTI4MDI0ODQ1WhcNMjkwMzAzMDI0ODQ5WjAUMRIwEAYD VQQDEwlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCy RfT8s8xHtUqiQIY4ZlPby3s0u72FiRkjeZJ5LVxL51X3pjlq5lam8LEByKicH1+3 95sAFM9pvVu9W+2nFLFoq6LKfyDj7kreXnhSZ/z3b1X+1ljCM8jE7Zjs7Q01ypZM pLZZmFc/fFM7KI3HkFMjI1hxWYM6tZv4bIrpncm1ufFNHakMAF2396E4Gt44N7WS /nSVRrPFhRO9hRn0UBWhHx5tm6ngrz1vjOtviop18mbMTNyOi+B/84O/kpNMAPbk Hv4jL8VW50ejWCDykHKXwhy2c+vhal1/3rO7244bbM3gK5VzHsaDpAxuKb9S87MX KM1BY9o+P9qHQpsWU3RnAGv6JXmdWXxhCuwMaaReSGqk4NhrdbWRFseNYdp9LGnC 21a/cfugYEFTlkB2LL4tAgMBAAGjbjBsMAwGA1UdEwEB/wQCMAAwJwYDVR0lBCAw HgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDETAUBgNVHREEDTALgglsb2Nh bGhvc3QwHQYDVR0OBBYEFPRgZzW0OdxwnB0fSEfTnvQjsKLgMA0GCSqGSIb3DQEB CwUAA4IBMQCcJeKq4SGNAOFCpahy0Hk0lquhW+RIZpESdt/q1RgDCu3CRe2mIuCm x+MHBmFgB5tKHYzPY33u/vOAUldV/NW+Y4AdKkt6tEJjreEfsbuoZhYbJRnAcUWj hpFFLd7J3rlz2joiG7rFm/dvf/usrR5118ntj1VXmkLkRQD6VU9jC4aKDFHKj745 b4UxPYGJY+N2Vrz4b7SPDfTHZe8URsnxnpbauVRDWaePk9xfdtIInmrV3wE2dbyp 2wIMbQtpEhYeQJpjifEW9L6f+S7R4pCWOhtU9Qu5pWZjjqFb+MkGQT39tV+80Zor hEHTty3syGT83a+YhOPFWw3i3zY2OhjP0ULe8immz57GGVkBa53muTwuPubfl339 T25pVngwAyYRHFjXSkkUdHpqOw1sbd0c -----END CERTIFICATE----- subject=/CN=localhost issuer=/CN=localhost --- No client certificate CA names sent --- SSL handshake has read 356 bytes and written 478 bytes --- Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2432 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: AAC42A5E57BA51A181A474D01528209E7EF2CAB884E3719F996F95DDC61A0E55 Session-ID-ctx: Master-Key: 6BE3F4A99A06BB9CDA5D42092A264F22E99A743B45D687F260B5184BF595D160790BC773E6F85CFC3BEDC48DC6187B41 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket: 0000 - a0 b3 3f fd 24 5b 9d fa-b2 70 b5 e1 1a 69 aa d5 ..?.$[...p...i.. 0010 - ac 2d 4c 41 a8 38 f9 e5-03 99 d5 74 43 90 a5 88 .-LA.8.....tC... 0020 - 43 0a c2 91 36 f9 ae 42-32 85 a4 d3 3a 6b d8 9c C...6..B2...:k.. 0030 - 6c be 4c 7d bd b0 62 7e-e0 a9 dd 7a c7 ee d2 66 l.L}..b~...z...f 0040 - f1 1a df 65 a0 74 1e f8-05 fd 7d a4 c9 66 0e ab ...e.t....}..f.. 0050 - fd f0 78 a6 00 a8 01 0c-e1 af 02 a0 3e 08 fc 8a ..x.........>... 0060 - 69 19 ce 61 0f ea 58 e1-8e c5 90 ac 26 ba 60 a8 i..a..X.....&.`. 0070 - 69 fd a1 7d 59 48 9c 16-d3 38 9e 42 24 e4 30 6d i..}YH...8.B$.0m 0080 - 57 84 6e 18 f3 6c 28 14-a7 62 29 9a 4b 11 29 d8 W.n..l(..b).K.). 0090 - 69 4b 8e d7 e0 a1 ac e4-0d 27 80 19 b5 eb 60 49 iK.......'....`I 00a0 - 0e 3d 82 a7 f3 89 a3 d0-63 ca 15 ed 12 25 fc b9 .=......c....%.. 00b0 - 1e 8a 04 74 7e 86 b4 fc-83 07 f6 ea 49 1a 9f 7a ...t~.......I..z Start Time: 1348972147 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- >>> TLS 1.0 Handshake [length 00ed], ClientHello 01 00 00 e9 03 01 50 67 ae 84 71 39 94 47 1c 81 d0 57 ac ee ee 66 99 2a b5 a8 50 ce 3f 16 0e d4 16 36 8f 72 31 3f 00 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 01 00 00 5a ff 01 00 0d 0c f9 f5 a5 cb ec 19 06 79 38 fc 50 ed 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 <<< TLS 1.0 Handshake [length 00ca], NewSessionTicket 04 00 00 c6 00 00 00 00 00 c0 a0 b3 3f fd 24 5b 9d fa b2 70 b5 e1 1a 69 aa d5 1d fa cd fe 55 85 9b 01 64 01 a0 a0 af a5 37 27 91 db e8 f2 41 6d a4 f7 80 1b 95 ed 33 79 75 e9 f6 8f 70 35 28 d1 1a 66 ea 9b af ec 3a 17 d2 4e f2 8c a5 00 5f 92 f3 65 cd 36 38 70 0d 08 65 cd 41 1d b3 c0 51 20 19 99 05 9c 11 72 79 2e ae 15 03 b7 8a 8b 1c ed cb 2b 65 cd bc 1c ac 7f 74 2c b7 f5 60 39 7c 19 69 9e 57 26 06 46 47 fb da 0f fe b1 61 73 8a 3d 88 1e 06 5c 0f a6 68 98 0d 09 81 e5 8c e2 ee 79 72 1b 15 84 b8 80 48 80 1d ab 42 fc 0f 9a ea 40 50 39 53 46 cd 74 4b 3c 28 e1 98 2d bc e3 ba 1b cc 27 d4 38 d2 e0 3e 22 7c ba >>> TLS 1.0 Alert [length 0002], fatal unexpected_message 02 0a 140460452914880:error:14092072:SSL routines:SSL3_GET_SERVER_HELLO:bad message type:s3_clnt.c:862: This alert shouldn't have been generated as the server is doing a legal activity as per the rfc. The new session ticket data should be stored aside in the openssl implemenation and replace this as the session data after this client negotiation is finished. The output generated in the patched nginx logs is: 2012/09/30 12:28:04 [debug] 14977#0: *19 tlsext_ticket_key_cb (in): key_name: E0F1FD0000000000E0F1FD0000000000 iv: 48810000000000005F6AC2083A000000 enc 1 2012/09/30 12:28:04 [debug] 14977#0: *19 SSL session ticket current key expired - generating 2012/09/30 12:28:04 [info] 14977#0: *19 New ssl session ticket generated while SSL handshaking, client: 127.0.0.1, server: localhost 2012/09/30 12:28:04 [debug] 14977#0: *19 New key/hmac for SSL session ticket key 0 name A8FBA1221BF11F7141764E46D2805E44 aes_key 00A0DBDD899E8FBBCC33928C4CD82E24 hmac_key A8EACDD3E0EE0FBBB68E81353CB1005C 2012/09/30 12:28:04 [debug] 14977#0: *19 New SSL session ticket 0 with name A8FBA1221BF11F7141764E46D2805E44 aes_key 00A0DBDD899E8FBBCC33928C4CD82E24 hmac_key A8EACDD3E0EE0FBBB68E81353CB1005C 2012/09/30 12:28:05 [debug] 14977#0: *19 peer shutdown SSL cleanly 2012/09/30 12:28:20 [debug] 14977#0: *20 http check ssl handshake 2012/09/30 12:28:20 [debug] 14977#0: *20 https ssl handshake: 0x16 2012/09/30 12:28:20 [debug] 14977#0: *20 tlsext_ticket_key_cb (in): key_name: A8FBA1221BF11F7141764E46D2805E44 iv: A4F35183B5B60D9C1704A1556E344DAD enc 0 2012/09/30 12:28:20 [debug] 14977#0: *20 Resumed SSL session ticket 0 with iv A4F35183B5B60D9C1704A1556E344DAD aes_key 00A0DBDD899E8FBBCC33928C4CD82E24 hmac_key A8EACDD3E0EE0FBBB68E81353CB1005C renew yes 2012/09/30 12:28:20 [debug] 14977#0: *20 tlsext_ticket_key_cb (out): key_name: A8FBA1221BF11F7141764E46D2805E44 iv: A4F35183B5B60D9C1704A1556E344DAD enc 0 ret 2 2012/09/30 12:28:20 [debug] 14977#0: *20 tlsext_ticket_key_cb (in): key_name: 804BFD0000000000F0C8F80000000000 iv: 50E8FD00000000007D4CC2083A000000 enc 1 2012/09/30 12:28:20 [debug] 14977#0: *20 session ticket key valid but in renew period - use new key 2012/09/30 12:28:20 [info] 14977#0: *20 New ssl session ticket generated while SSL handshaking, client: 127.0.0.1, server: localhost 2012/09/30 12:28:20 [debug] 14977#0: *20 New key/hmac for SSL session ticket key 1 name DC56391DD492A6675F3C8D3E9BBCE883aes_key 35ED38E8593C0B5EE55E4C76DC8550B2 hmac_key 6188D8DAD889ED43AC1820E9D9897E35 2012/09/30 12:28:20 [debug] 14977#0: *20 New SSL session ticket 1 with name DC56391DD492A6675F3C8D3E9BBCE883 aes_key 35ED38E8593C0B5EE55E4C76DC8550B2 hmac_key 6188D8DAD889ED43AC1820E9D9897E35 2012/09/30 12:28:20 [debug] 14977#0: *20 SSL handshake handler: 0 2012/09/30 12:28:20 [debug] 14977#0: *20 tlsext_ticket_key_cb (in): key_name: 00000000000000000000000000000000 iv: 00000000000000001400000000000000 enc 1 2012/09/30 12:28:20 [warn] 14977#0: *20 current ticket sufficient while SSL handshaking, client: 127.0.0.1, server: localhost 2012/09/30 12:28:20 [debug] 14977#0: *20 New SSL session ticket 1 with name DC56391DD492A6675F3C8D3E9BBCE883 aes_key 35ED38E8593C0B5EE55E4C76DC8550B2 hmac_key 6188D8DAD889ED43AC1820E9D9897E35 2012/09/30 12:28:20 [debug] 14977#0: *20 SSL handshake handler: 0 2012/09/30 12:28:20 [info] 14977#0: *20 SSL_do_handshake() failed (SSL: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message) while SSL handshaking, client: 127.0.0.1, server: localhost -- Daniel Black ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
