221 lines
7.2 KiB
HTML
221 lines
7.2 KiB
HTML
<?xml version="1.0" ?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>sess_id</title>
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
|
<link rev="made" href="mailto:root@localhost" />
|
|
</head>
|
|
|
|
<body style="background-color: white">
|
|
|
|
|
|
<!-- INDEX BEGIN -->
|
|
<div name="index">
|
|
<p><a name="__index__"></a></p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#name">NAME</a></li>
|
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
|
<li><a href="#description">DESCRIPTION</a></li>
|
|
<li><a href="#options">OPTIONS</a></li>
|
|
<li><a href="#output">OUTPUT</a></li>
|
|
<li><a href="#notes">NOTES</a></li>
|
|
<li><a href="#bugs">BUGS</a></li>
|
|
<li><a href="#see_also">SEE ALSO</a></li>
|
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
|
</ul>
|
|
|
|
<hr name="index" />
|
|
</div>
|
|
<!-- INDEX END -->
|
|
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="name">NAME</a></h1>
|
|
<p>openssl-sess_id,
|
|
sess_id - SSL/TLS session handling utility</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
|
<p><strong>openssl</strong> <strong>sess_id</strong>
|
|
[<strong>-help</strong>]
|
|
[<strong>-inform PEM|DER</strong>]
|
|
[<strong>-outform PEM|DER|NSS</strong>]
|
|
[<strong>-in filename</strong>]
|
|
[<strong>-out filename</strong>]
|
|
[<strong>-text</strong>]
|
|
[<strong>-noout</strong>]
|
|
[<strong>-context ID</strong>]</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="description">DESCRIPTION</a></h1>
|
|
<p>The <strong>sess_id</strong> process the encoded version of the SSL session structure
|
|
and optionally prints out SSL session details (for example the SSL session
|
|
master key) in human readable format. Since this is a diagnostic tool that
|
|
needs some knowledge of the SSL protocol to use properly, most users will
|
|
not need to use it.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="options">OPTIONS</a></h1>
|
|
<dl>
|
|
<dt><strong><a name="help" class="item"><strong>-help</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>Print out a usage message.</p>
|
|
</dd>
|
|
<dt><strong><a name="inform_der_pem" class="item"><strong>-inform DER|PEM</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This specifies the input format. The <strong>DER</strong> option uses an ASN1 DER encoded
|
|
format containing session details. The precise format can vary from one version
|
|
to the next. The <strong>PEM</strong> form is the default format: it consists of the <strong>DER</strong>
|
|
format base64 encoded with additional header and footer lines.</p>
|
|
</dd>
|
|
<dt><strong><a name="outform_der_pem_nss" class="item"><strong>-outform DER|PEM|NSS</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This specifies the output format. The <strong>PEM</strong> and <strong>DER</strong> options have the same meaning
|
|
and default as the <strong>-inform</strong> option. The <strong>NSS</strong> option outputs the session id and
|
|
the master key in NSS keylog format.</p>
|
|
</dd>
|
|
<dt><strong><a name="in_filename" class="item"><strong>-in filename</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This specifies the input filename to read session information from or standard
|
|
input by default.</p>
|
|
</dd>
|
|
<dt><strong><a name="out_filename" class="item"><strong>-out filename</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This specifies the output filename to write session information to or standard
|
|
output if this option is not specified.</p>
|
|
</dd>
|
|
<dt><strong><a name="text" class="item"><strong>-text</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>Prints out the various public or private key components in
|
|
plain text in addition to the encoded version.</p>
|
|
</dd>
|
|
<dt><strong><a name="cert" class="item"><strong>-cert</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>If a certificate is present in the session it will be output using this option,
|
|
if the <strong>-text</strong> option is also present then it will be printed out in text form.</p>
|
|
</dd>
|
|
<dt><strong><a name="noout" class="item"><strong>-noout</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This option prevents output of the encoded version of the session.</p>
|
|
</dd>
|
|
<dt><strong><a name="context_id" class="item"><strong>-context ID</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This option can set the session id so the output session information uses the
|
|
supplied ID. The ID can be any string of characters. This option won't normally
|
|
be used.</p>
|
|
</dd>
|
|
</dl>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="output">OUTPUT</a></h1>
|
|
<p>Typical output:</p>
|
|
<pre>
|
|
SSL-Session:
|
|
Protocol : TLSv1
|
|
Cipher : 0016
|
|
Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
|
|
Session-ID-ctx: 01000000
|
|
Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
|
|
Key-Arg : None
|
|
Start Time: 948459261
|
|
Timeout : 300 (sec)
|
|
Verify return code 0 (ok)</pre>
|
|
<p>These are described below in more detail.</p>
|
|
<dl>
|
|
<dt><strong><a name="protocol" class="item"><strong>Protocol</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3.</p>
|
|
</dd>
|
|
<dt><strong><a name="cipher" class="item"><strong>Cipher</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>The cipher used this is the actual raw SSL or TLS cipher code, see the SSL
|
|
or TLS specifications for more information.</p>
|
|
</dd>
|
|
<dt><strong><a name="session_id" class="item"><strong>Session-ID</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>The SSL session ID in hex format.</p>
|
|
</dd>
|
|
<dt><strong><a name="session_id_ctx" class="item"><strong>Session-ID-ctx</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>The session ID context in hex format.</p>
|
|
</dd>
|
|
<dt><strong><a name="master_key" class="item"><strong>Master-Key</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This is the SSL session master key.</p>
|
|
</dd>
|
|
<dt><strong><a name="start_time" class="item"><strong>Start Time</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This is the session start time represented as an integer in standard
|
|
Unix format.</p>
|
|
</dd>
|
|
<dt><strong><a name="timeout" class="item"><strong>Timeout</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>The timeout in seconds.</p>
|
|
</dd>
|
|
<dt><strong><a name="verify_return_code" class="item"><strong>Verify return code</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>This is the return code when an SSL client certificate is verified.</p>
|
|
</dd>
|
|
</dl>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="notes">NOTES</a></h1>
|
|
<p>The PEM encoded session format uses the header and footer lines:</p>
|
|
<pre>
|
|
-----BEGIN SSL SESSION PARAMETERS-----
|
|
-----END SSL SESSION PARAMETERS-----</pre>
|
|
<p>Since the SSL session output contains the master key it is
|
|
possible to read the contents of an encrypted session using this
|
|
information. Therefore appropriate security precautions should be taken if
|
|
the information is being output by a "real" application. This is however
|
|
strongly discouraged and should only be used for debugging purposes.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="bugs">BUGS</a></h1>
|
|
<p>The cipher and start time should be printed out in human readable form.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
|
<p><em>ciphers(1)</em>, <em>s_server(1)</em></p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
|
<p>Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.</p>
|
|
<p>Licensed under the OpenSSL license (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
|
|
|
</body>
|
|
|
|
</html>
|