1 | =pod
|
---|
2 |
|
---|
3 | =head1 NAME
|
---|
4 |
|
---|
5 | openssl-sess_id,
|
---|
6 | sess_id - SSL/TLS session handling utility
|
---|
7 |
|
---|
8 | =head1 SYNOPSIS
|
---|
9 |
|
---|
10 | B<openssl> B<sess_id>
|
---|
11 | [B<-help>]
|
---|
12 | [B<-inform PEM|DER>]
|
---|
13 | [B<-outform PEM|DER|NSS>]
|
---|
14 | [B<-in filename>]
|
---|
15 | [B<-out filename>]
|
---|
16 | [B<-text>]
|
---|
17 | [B<-noout>]
|
---|
18 | [B<-context ID>]
|
---|
19 |
|
---|
20 | =head1 DESCRIPTION
|
---|
21 |
|
---|
22 | The B<sess_id> process the encoded version of the SSL session structure
|
---|
23 | and optionally prints out SSL session details (for example the SSL session
|
---|
24 | master key) in human readable format. Since this is a diagnostic tool that
|
---|
25 | needs some knowledge of the SSL protocol to use properly, most users will
|
---|
26 | not need to use it.
|
---|
27 |
|
---|
28 | =head1 OPTIONS
|
---|
29 |
|
---|
30 | =over 4
|
---|
31 |
|
---|
32 | =item B<-help>
|
---|
33 |
|
---|
34 | Print out a usage message.
|
---|
35 |
|
---|
36 | =item B<-inform DER|PEM>
|
---|
37 |
|
---|
38 | This specifies the input format. The B<DER> option uses an ASN1 DER encoded
|
---|
39 | format containing session details. The precise format can vary from one version
|
---|
40 | to the next. The B<PEM> form is the default format: it consists of the B<DER>
|
---|
41 | format base64 encoded with additional header and footer lines.
|
---|
42 |
|
---|
43 | =item B<-outform DER|PEM|NSS>
|
---|
44 |
|
---|
45 | This specifies the output format. The B<PEM> and B<DER> options have the same meaning
|
---|
46 | and default as the B<-inform> option. The B<NSS> option outputs the session id and
|
---|
47 | the master key in NSS keylog format.
|
---|
48 |
|
---|
49 | =item B<-in filename>
|
---|
50 |
|
---|
51 | This specifies the input filename to read session information from or standard
|
---|
52 | input by default.
|
---|
53 |
|
---|
54 | =item B<-out filename>
|
---|
55 |
|
---|
56 | This specifies the output filename to write session information to or standard
|
---|
57 | output if this option is not specified.
|
---|
58 |
|
---|
59 | =item B<-text>
|
---|
60 |
|
---|
61 | Prints out the various public or private key components in
|
---|
62 | plain text in addition to the encoded version.
|
---|
63 |
|
---|
64 | =item B<-cert>
|
---|
65 |
|
---|
66 | If a certificate is present in the session it will be output using this option,
|
---|
67 | if the B<-text> option is also present then it will be printed out in text form.
|
---|
68 |
|
---|
69 | =item B<-noout>
|
---|
70 |
|
---|
71 | This option prevents output of the encoded version of the session.
|
---|
72 |
|
---|
73 | =item B<-context ID>
|
---|
74 |
|
---|
75 | This option can set the session id so the output session information uses the
|
---|
76 | supplied ID. The ID can be any string of characters. This option won't normally
|
---|
77 | be used.
|
---|
78 |
|
---|
79 | =back
|
---|
80 |
|
---|
81 | =head1 OUTPUT
|
---|
82 |
|
---|
83 | Typical output:
|
---|
84 |
|
---|
85 | SSL-Session:
|
---|
86 | Protocol : TLSv1
|
---|
87 | Cipher : 0016
|
---|
88 | Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
|
---|
89 | Session-ID-ctx: 01000000
|
---|
90 | Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
|
---|
91 | Key-Arg : None
|
---|
92 | Start Time: 948459261
|
---|
93 | Timeout : 300 (sec)
|
---|
94 | Verify return code 0 (ok)
|
---|
95 |
|
---|
96 | These are described below in more detail.
|
---|
97 |
|
---|
98 | =over 4
|
---|
99 |
|
---|
100 | =item B<Protocol>
|
---|
101 |
|
---|
102 | This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3.
|
---|
103 |
|
---|
104 | =item B<Cipher>
|
---|
105 |
|
---|
106 | The cipher used this is the actual raw SSL or TLS cipher code, see the SSL
|
---|
107 | or TLS specifications for more information.
|
---|
108 |
|
---|
109 | =item B<Session-ID>
|
---|
110 |
|
---|
111 | The SSL session ID in hex format.
|
---|
112 |
|
---|
113 | =item B<Session-ID-ctx>
|
---|
114 |
|
---|
115 | The session ID context in hex format.
|
---|
116 |
|
---|
117 | =item B<Master-Key>
|
---|
118 |
|
---|
119 | This is the SSL session master key.
|
---|
120 |
|
---|
121 | =item B<Start Time>
|
---|
122 |
|
---|
123 | This is the session start time represented as an integer in standard
|
---|
124 | Unix format.
|
---|
125 |
|
---|
126 | =item B<Timeout>
|
---|
127 |
|
---|
128 | The timeout in seconds.
|
---|
129 |
|
---|
130 | =item B<Verify return code>
|
---|
131 |
|
---|
132 | This is the return code when an SSL client certificate is verified.
|
---|
133 |
|
---|
134 | =back
|
---|
135 |
|
---|
136 | =head1 NOTES
|
---|
137 |
|
---|
138 | The PEM encoded session format uses the header and footer lines:
|
---|
139 |
|
---|
140 | -----BEGIN SSL SESSION PARAMETERS-----
|
---|
141 | -----END SSL SESSION PARAMETERS-----
|
---|
142 |
|
---|
143 | Since the SSL session output contains the master key it is
|
---|
144 | possible to read the contents of an encrypted session using this
|
---|
145 | information. Therefore appropriate security precautions should be taken if
|
---|
146 | the information is being output by a "real" application. This is however
|
---|
147 | strongly discouraged and should only be used for debugging purposes.
|
---|
148 |
|
---|
149 | =head1 BUGS
|
---|
150 |
|
---|
151 | The cipher and start time should be printed out in human readable form.
|
---|
152 |
|
---|
153 | =head1 SEE ALSO
|
---|
154 |
|
---|
155 | L<ciphers(1)>, L<s_server(1)>
|
---|
156 |
|
---|
157 | =head1 COPYRIGHT
|
---|
158 |
|
---|
159 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
---|
160 |
|
---|
161 | Licensed under the OpenSSL license (the "License"). You may not use
|
---|
162 | this file except in compliance with the License. You can obtain a copy
|
---|
163 | in the file LICENSE in the source distribution or at
|
---|
164 | L<https://www.openssl.org/source/license.html>.
|
---|
165 |
|
---|
166 | =cut
|
---|