I've misjudged. The socket is closed even if the session has not ended (I've set the session timeout to 10 times the resumption cycle).
You can check the tcpdump here: https://imgfly.me/i/66LJY I'm doing exactly what is on the s_server example, without avail. if (SSL_renegotiate(GetSSL()) <= 0) { CSyException Ex("SocketSSL", "SSL_renegotiate() failed. Stopping communication."); Ex.PrintError(); SetShouldClose(TRUE); GetSSLConfig()->uiLastTLSRenegotiation = time1sVal; return FALSE; } if (SSL_do_handshake(GetSSL()) <= 0) { CSyException Ex("SocketSSL", "SSL_do_handshake() has failed. Stopping communication."); Ex.PrintError(); SetShouldClose(TRUE); GetSSLConfig()->uiLastTLSRenegotiation = time1sVal; return FALSE; } Thanks! On Wed, 21 Nov 2018 at 17:45, Filipe Fernandes < filipe.mfgfernan...@gmail.com> wrote: > Hi Viktor, > > I've followed your example, and it looks like the server is doing what > it's supposed to, however, I'm getting a disconnect from the server when > the session expires. Which should not happen, and I can't seem to find a > reason for this to be happening. > > As previously said, I'm developing a server that handles always-on TLS > connections, and I'm trying to perform a session resumption. > > > Thanks! > > > > On Mon, 19 Nov 2018 at 21:02, Viktor Dukhovni <openssl-us...@dukhovni.org> > wrote: > >> On Mon, Nov 19, 2018 at 04:01:35PM +0000, Filipe Fernandes wrote: >> >> > I'm developing a specific SSL Server, in which it's supposed to have an >> > always-on socket connection. So, to be on the safe side, there's >> specific >> > needs that need to be filled on this implementation. One of the needs is >> > that the server must send a resumption request (ServerHello) to the >> client >> > on a cyclic manner. I've tried everything I could, but it seems that the >> > server does not send the ServerHello to the Client. >> >> This is only possible with TLS <= 1.2, TLS 1.3 eliminated renegotiation. >> >> > My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to >> the >> > Client *on demand*? The socket should not close, nor perform a >> > renegotiation. >> >> The relevant code in apps/s_server.c is: >> >> SSL_renegotiate(con); >> i = SSL_do_handshake(con); >> >> this implements the handling of the 'r' magic character, see s_server(1): >> >> CONNECTED COMMANDS >> >> If a connection request is established with an SSL client and >> neither >> the -www nor the -WWW option has been used then normally any data >> received from the client is displayed and any key presses will be >> sent >> to the client. >> >> Certain commands are also recognized which perform special >> operations. >> These commands are a letter which must appear at the start of a >> line. >> They are listed below. >> >> [...] >> >> r Renegotiate the SSL session (TLSv1.2 and below only). >> >> R Renegotiate the SSL session and request a client certificate >> (TLSv1.2 and below only). >> >> -- >> Viktor. >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
