]>
Commit | Line | Data |
---|---|---|
cc8709a0 | 1 | =pod |
5e98904c | 2 | {- OpenSSL::safe::output_do_not_edit_headers(); -} |
cc8709a0 DSH |
3 | |
4 | =head1 NAME | |
5 | ||
4b537191 | 6 | openssl-sess_id - SSL/TLS session handling command |
cc8709a0 DSH |
7 | |
8 | =head1 SYNOPSIS | |
9 | ||
10 | B<openssl> B<sess_id> | |
169394d4 | 11 | [B<-help>] |
e8769719 | 12 | [B<-inform> B<DER>|B<PEM>] |
2f0ea936 | 13 | [B<-outform> B<DER>|B<PEM>|B<NSS>] |
e8769719 RS |
14 | [B<-in> I<filename>] |
15 | [B<-out> I<filename>] | |
cc8709a0 | 16 | [B<-text>] |
65718c51 | 17 | [B<-cert>] |
cc8709a0 | 18 | [B<-noout>] |
e8769719 | 19 | [B<-context> I<ID>] |
cc8709a0 DSH |
20 | |
21 | =head1 DESCRIPTION | |
22 | ||
35a810bb RL |
23 | This command processes the encoded version of the SSL session |
24 | structure and optionally prints out SSL session details (for example | |
25 | the SSL session master key) in human readable format. Since this is a | |
26 | diagnostic tool that needs some knowledge of the SSL protocol to use | |
27 | properly, most users will not need to use it. | |
cc8709a0 | 28 | |
777182a0 RS |
29 | The precise format of the data can vary across OpenSSL versions and |
30 | is not documented. | |
31 | ||
3dfda1a6 | 32 | =head1 OPTIONS |
0634424f | 33 | |
cc8709a0 DSH |
34 | =over 4 |
35 | ||
169394d4 MR |
36 | =item B<-help> |
37 | ||
38 | Print out a usage message. | |
39 | ||
777182a0 | 40 | =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>|B<NSS> |
cc8709a0 | 41 | |
777182a0 RS |
42 | The input and output formats; the default is PEM. |
43 | See L<openssl(1)/Format Options> for details. | |
cc8709a0 | 44 | |
777182a0 RS |
45 | For B<NSS> output, the session ID and master key are reported in NSS "keylog" |
46 | format. | |
cc8709a0 | 47 | |
e8769719 | 48 | =item B<-in> I<filename> |
cc8709a0 DSH |
49 | |
50 | This specifies the input filename to read session information from or standard | |
51 | input by default. | |
52 | ||
e8769719 | 53 | =item B<-out> I<filename> |
cc8709a0 | 54 | |
657e60fa | 55 | This specifies the output filename to write session information to or standard |
cc8709a0 DSH |
56 | output if this option is not specified. |
57 | ||
58 | =item B<-text> | |
59 | ||
c4de074e | 60 | Prints out the various public or private key components in |
1bc74519 | 61 | plain text in addition to the encoded version. |
cc8709a0 DSH |
62 | |
63 | =item B<-cert> | |
64 | ||
c4de074e | 65 | If a certificate is present in the session it will be output using this option, |
cc8709a0 DSH |
66 | if the B<-text> option is also present then it will be printed out in text form. |
67 | ||
68 | =item B<-noout> | |
69 | ||
c4de074e | 70 | This option prevents output of the encoded version of the session. |
cc8709a0 | 71 | |
e8769719 | 72 | =item B<-context> I<ID> |
cc8709a0 | 73 | |
c4de074e | 74 | This option can set the session id so the output session information uses the |
60250017 | 75 | supplied ID. The ID can be any string of characters. This option won't normally |
cc8709a0 DSH |
76 | be used. |
77 | ||
78 | =back | |
79 | ||
80 | =head1 OUTPUT | |
81 | ||
82 | Typical output: | |
83 | ||
84 | SSL-Session: | |
85 | Protocol : TLSv1 | |
86 | Cipher : 0016 | |
87 | Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED | |
88 | Session-ID-ctx: 01000000 | |
89 | Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD | |
90 | Key-Arg : None | |
91 | Start Time: 948459261 | |
92 | Timeout : 300 (sec) | |
93 | Verify return code 0 (ok) | |
94 | ||
7fa8bcfe | 95 | These are described below in more detail. |
cc8709a0 DSH |
96 | |
97 | =over 4 | |
98 | ||
99 | =item B<Protocol> | |
100 | ||
322755cc | 101 | This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3. |
cc8709a0 DSH |
102 | |
103 | =item B<Cipher> | |
104 | ||
c4de074e | 105 | The cipher used this is the actual raw SSL or TLS cipher code, see the SSL |
cc8709a0 DSH |
106 | or TLS specifications for more information. |
107 | ||
108 | =item B<Session-ID> | |
109 | ||
c4de074e | 110 | The SSL session ID in hex format. |
cc8709a0 DSH |
111 | |
112 | =item B<Session-ID-ctx> | |
113 | ||
c4de074e | 114 | The session ID context in hex format. |
cc8709a0 DSH |
115 | |
116 | =item B<Master-Key> | |
117 | ||
c4de074e | 118 | This is the SSL session master key. |
cc8709a0 | 119 | |
cc8709a0 DSH |
120 | =item B<Start Time> |
121 | ||
c4de074e P |
122 | This is the session start time represented as an integer in standard |
123 | Unix format. | |
cc8709a0 DSH |
124 | |
125 | =item B<Timeout> | |
126 | ||
c4de074e | 127 | The timeout in seconds. |
cc8709a0 DSH |
128 | |
129 | =item B<Verify return code> | |
130 | ||
c4de074e | 131 | This is the return code when an SSL client certificate is verified. |
cc8709a0 DSH |
132 | |
133 | =back | |
134 | ||
135 | =head1 NOTES | |
136 | ||
c4de074e P |
137 | Since the SSL session output contains the master key it is |
138 | possible to read the contents of an encrypted session using this | |
139 | information. Therefore appropriate security precautions should be taken if | |
140 | the information is being output by a "real" application. This is however | |
141 | strongly discouraged and should only be used for debugging purposes. | |
cc8709a0 DSH |
142 | |
143 | =head1 BUGS | |
144 | ||
145 | The cipher and start time should be printed out in human readable form. | |
146 | ||
147 | =head1 SEE ALSO | |
148 | ||
b6b66573 DMSP |
149 | L<openssl(1)>, |
150 | L<openssl-ciphers(1)>, | |
151 | L<openssl-s_server(1)> | |
cc8709a0 | 152 | |
e2f92610 RS |
153 | =head1 COPYRIGHT |
154 | ||
b6b66573 | 155 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 156 | |
449040b4 | 157 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
158 | this file except in compliance with the License. You can obtain a copy |
159 | in the file LICENSE in the source distribution or at | |
160 | L<https://www.openssl.org/source/license.html>. | |
161 | ||
162 | =cut |