Hi,
I was trying the following on openssl 1.0.1.:
On Server :
# ./openssl s_server -state -msg
On Client:
# ./openssl s_client -cipher AES256-SHA -tls1_2 -state -msg -sess_out
/tmp/sess
The handshake went on successfully with the following output on client side:
---
SSL handshake has read 1340 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA
Session-ID:
3D983DBF1AE2E8998B757CF4C77A52378F716A93021416AB484A09B5C39AEFF1
Session-ID-ctx:
Master-Key:
BD8A6F3BCC4B13CC1FB1AFF77AC31C67399C10F953D2E693F948001DA5482C8DBF393B40A0CAFDAE7C2A8BD057E2B0AA
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 03 1f 41 3b 2d 48 03 48-94 7d 9b c3 ae 6e 06 dd
..A;-H.H.}...n..
0010 - e2 e3 ec 16 d4 a5 29 b8-fb e7 c5 43 98 24 75 cb
......)....C.$u.
0020 - 4f 6d 43 90 19 ba 2f 64-bb 60 0f 1d 46 8d 06 96
OmC.../d.`..F...
0030 - e3 f7 c0 d0 64 0d bd 3d-e5 a8 4e 57 43 98 ba 9d
....d..=..NWC...
0040 - 7a 40 32 9a f6 d9 b5 06-ed bb 79 12 d5 c5 6b 24 z@2.
......y...k$
0050 - 9f 6f a7 54 57 1a 97 50-b1 97 83 4d d0 36 a3 9c
.o.TW..P...M.6..
0060 - 83 0d 58 63 3b cd bd fb-41 7b 15 18 4b 42 bf 3a
..Xc;...A{..KB.:
0070 - fb a5 fd 87 50 c5 11 0f-fa 5d ef bb 80 67 29 72
....P....]...g)r
0080 - 04 68 b4 95 8f 6e ba 32-75 9f c5 c1 3d e2 d6 2e
.h...n.2u...=...
0090 - 14 05 8f 03 9d 7e 91 ff-0f 63 76 c7 a2 a4 02 ce
.....~...cv.....
Start Time: 1338977697
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
Then i terminated the connection by pressing Ctrl-C from client side. Then
i initiated the handshake by using the -sess_in parameter
On Client:
./openssl s_client -state -msg -sess_in /tmp/sess
The handshake went on successfully again with the following output on
client side:
---
SSL handshake has read 166 bytes and written 588 bytes
---
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA
Session-ID:
3D983DBF1AE2E8998B757CF4C77A52378F716A93021416AB484A09B5C39AEFF1
Session-ID-ctx:
Master-Key:
BD8A6F3BCC4B13CC1FB1AFF77AC31C67399C10F953D2E693F948001DA5482C8DBF393B40A0CAFDAE7C2A8BD057E2B0AA
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 03 1f 41 3b 2d 48 03 48-94 7d 9b c3 ae 6e 06 dd
..A;-H.H.}...n..
0010 - e2 e3 ec 16 d4 a5 29 b8-fb e7 c5 43 98 24 75 cb
......)....C.$u.
0020 - 4f 6d 43 90 19 ba 2f 64-bb 60 0f 1d 46 8d 06 96
OmC.../d.`..F...
0030 - e3 f7 c0 d0 64 0d bd 3d-e5 a8 4e 57 43 98 ba 9d
....d..=..NWC...
0040 - 7a 40 32 9a f6 d9 b5 06-ed bb 79 12 d5 c5 6b 24 z@2.
......y...k$
0050 - 9f 6f a7 54 57 1a 97 50-b1 97 83 4d d0 36 a3 9c
.o.TW..P...M.6..
0060 - 83 0d 58 63 3b cd bd fb-41 7b 15 18 4b 42 bf 3a
..Xc;...A{..KB.:
0070 - fb a5 fd 87 50 c5 11 0f-fa 5d ef bb 80 67 29 72
....P....]...g)r
0080 - 04 68 b4 95 8f 6e ba 32-75 9f c5 c1 3d e2 d6 2e
.h...n.2u...=...
0090 - 14 05 8f 03 9d 7e 91 ff-0f 63 76 c7 a2 a4 02 ce
.....~...cv.....
Start Time: 1338977697
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
After that i initiated a renegotiation from client side i am seeing that
the cipher id is changed to c->id 300c030, which is
ECDHE-RSA-AES256-GCM-SHA384 cipher. Is it the normal behavior or i am
missing something, because doesn't it should use AES256-SHA cipher in the
renegotiation case also?
--
Thanks
Ankur Dwivedi
