]>
Commit | Line | Data |
---|---|---|
cc8709a0 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
b6b66573 | 5 | openssl-sess_id - SSL/TLS session handling utility |
cc8709a0 DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<sess_id> | |
169394d4 | 10 | [B<-help>] |
e8769719 | 11 | [B<-inform> B<DER>|B<PEM>] |
2f0ea936 | 12 | [B<-outform> B<DER>|B<PEM>|B<NSS>] |
e8769719 RS |
13 | [B<-in> I<filename>] |
14 | [B<-out> I<filename>] | |
cc8709a0 DSH |
15 | [B<-text>] |
16 | [B<-noout>] | |
e8769719 | 17 | [B<-context> I<ID>] |
cc8709a0 DSH |
18 | |
19 | =head1 DESCRIPTION | |
20 | ||
35a810bb RL |
21 | This command processes the encoded version of the SSL session |
22 | structure and optionally prints out SSL session details (for example | |
23 | the SSL session master key) in human readable format. Since this is a | |
24 | diagnostic tool that needs some knowledge of the SSL protocol to use | |
25 | properly, most users will not need to use it. | |
cc8709a0 | 26 | |
777182a0 RS |
27 | The precise format of the data can vary across OpenSSL versions and |
28 | is not documented. | |
29 | ||
3dfda1a6 | 30 | =head1 OPTIONS |
0634424f | 31 | |
cc8709a0 DSH |
32 | =over 4 |
33 | ||
169394d4 MR |
34 | =item B<-help> |
35 | ||
36 | Print out a usage message. | |
37 | ||
777182a0 | 38 | =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>|B<NSS> |
cc8709a0 | 39 | |
777182a0 RS |
40 | The input and output formats; the default is PEM. |
41 | See L<openssl(1)/Format Options> for details. | |
cc8709a0 | 42 | |
777182a0 RS |
43 | For B<NSS> output, the session ID and master key are reported in NSS "keylog" |
44 | format. | |
cc8709a0 | 45 | |
e8769719 | 46 | =item B<-in> I<filename> |
cc8709a0 DSH |
47 | |
48 | This specifies the input filename to read session information from or standard | |
49 | input by default. | |
50 | ||
e8769719 | 51 | =item B<-out> I<filename> |
cc8709a0 | 52 | |
657e60fa | 53 | This specifies the output filename to write session information to or standard |
cc8709a0 DSH |
54 | output if this option is not specified. |
55 | ||
56 | =item B<-text> | |
57 | ||
c4de074e | 58 | Prints out the various public or private key components in |
1bc74519 | 59 | plain text in addition to the encoded version. |
cc8709a0 DSH |
60 | |
61 | =item B<-cert> | |
62 | ||
c4de074e | 63 | If a certificate is present in the session it will be output using this option, |
cc8709a0 DSH |
64 | if the B<-text> option is also present then it will be printed out in text form. |
65 | ||
66 | =item B<-noout> | |
67 | ||
c4de074e | 68 | This option prevents output of the encoded version of the session. |
cc8709a0 | 69 | |
e8769719 | 70 | =item B<-context> I<ID> |
cc8709a0 | 71 | |
c4de074e | 72 | This option can set the session id so the output session information uses the |
60250017 | 73 | supplied ID. The ID can be any string of characters. This option won't normally |
cc8709a0 DSH |
74 | be used. |
75 | ||
76 | =back | |
77 | ||
78 | =head1 OUTPUT | |
79 | ||
80 | Typical output: | |
81 | ||
82 | SSL-Session: | |
83 | Protocol : TLSv1 | |
84 | Cipher : 0016 | |
85 | Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED | |
86 | Session-ID-ctx: 01000000 | |
87 | Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD | |
88 | Key-Arg : None | |
89 | Start Time: 948459261 | |
90 | Timeout : 300 (sec) | |
91 | Verify return code 0 (ok) | |
92 | ||
93 | Theses are described below in more detail. | |
94 | ||
95 | =over 4 | |
96 | ||
97 | =item B<Protocol> | |
98 | ||
322755cc | 99 | This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3. |
cc8709a0 DSH |
100 | |
101 | =item B<Cipher> | |
102 | ||
c4de074e | 103 | The cipher used this is the actual raw SSL or TLS cipher code, see the SSL |
cc8709a0 DSH |
104 | or TLS specifications for more information. |
105 | ||
106 | =item B<Session-ID> | |
107 | ||
c4de074e | 108 | The SSL session ID in hex format. |
cc8709a0 DSH |
109 | |
110 | =item B<Session-ID-ctx> | |
111 | ||
c4de074e | 112 | The session ID context in hex format. |
cc8709a0 DSH |
113 | |
114 | =item B<Master-Key> | |
115 | ||
c4de074e | 116 | This is the SSL session master key. |
cc8709a0 | 117 | |
cc8709a0 DSH |
118 | =item B<Start Time> |
119 | ||
c4de074e P |
120 | This is the session start time represented as an integer in standard |
121 | Unix format. | |
cc8709a0 DSH |
122 | |
123 | =item B<Timeout> | |
124 | ||
c4de074e | 125 | The timeout in seconds. |
cc8709a0 DSH |
126 | |
127 | =item B<Verify return code> | |
128 | ||
c4de074e | 129 | This is the return code when an SSL client certificate is verified. |
cc8709a0 DSH |
130 | |
131 | =back | |
132 | ||
133 | =head1 NOTES | |
134 | ||
c4de074e P |
135 | Since the SSL session output contains the master key it is |
136 | possible to read the contents of an encrypted session using this | |
137 | information. Therefore appropriate security precautions should be taken if | |
138 | the information is being output by a "real" application. This is however | |
139 | strongly discouraged and should only be used for debugging purposes. | |
cc8709a0 DSH |
140 | |
141 | =head1 BUGS | |
142 | ||
143 | The cipher and start time should be printed out in human readable form. | |
144 | ||
145 | =head1 SEE ALSO | |
146 | ||
b6b66573 DMSP |
147 | L<openssl(1)>, |
148 | L<openssl-ciphers(1)>, | |
149 | L<openssl-s_server(1)> | |
cc8709a0 | 150 | |
e2f92610 RS |
151 | =head1 COPYRIGHT |
152 | ||
b6b66573 | 153 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 154 | |
449040b4 | 155 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
156 | this file except in compliance with the License. You can obtain a copy |
157 | in the file LICENSE in the source distribution or at | |
158 | L<https://www.openssl.org/source/license.html>. | |
159 | ||
160 | =cut |