]>
Commit | Line | Data |
---|---|---|
cc8709a0 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | sess_id - SSL/TLS session handling utility | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<sess_id> | |
169394d4 | 10 | [B<-help>] |
cc8709a0 | 11 | [B<-inform PEM|DER>] |
189ae368 | 12 | [B<-outform PEM|DER|NSS>] |
cc8709a0 DSH |
13 | [B<-in filename>] |
14 | [B<-out filename>] | |
15 | [B<-text>] | |
16 | [B<-noout>] | |
17 | [B<-context ID>] | |
18 | ||
19 | =head1 DESCRIPTION | |
20 | ||
21 | The B<sess_id> process the encoded version of the SSL session structure | |
22 | and optionally prints out SSL session details (for example the SSL session | |
23 | master key) in human readable format. Since this is a diagnostic tool that | |
24 | needs some knowledge of the SSL protocol to use properly, most users will | |
25 | not need to use it. | |
26 | ||
3dfda1a6 | 27 | =head1 OPTIONS |
0634424f | 28 | |
cc8709a0 DSH |
29 | =over 4 |
30 | ||
169394d4 MR |
31 | =item B<-help> |
32 | ||
33 | Print out a usage message. | |
34 | ||
cc8709a0 DSH |
35 | =item B<-inform DER|PEM> |
36 | ||
37 | This specifies the input format. The B<DER> option uses an ASN1 DER encoded | |
38 | format containing session details. The precise format can vary from one version | |
39 | to the next. The B<PEM> form is the default format: it consists of the B<DER> | |
40 | format base64 encoded with additional header and footer lines. | |
41 | ||
189ae368 | 42 | =item B<-outform DER|PEM|NSS> |
cc8709a0 | 43 | |
189ae368 | 44 | This specifies the output format. The B<PEM> and B<DER> options have the same meaning |
7477c83e TM |
45 | and default as the B<-inform> option. The B<NSS> option outputs the session id and |
46 | the master key in NSS keylog format. | |
cc8709a0 DSH |
47 | |
48 | =item B<-in filename> | |
49 | ||
50 | This specifies the input filename to read session information from or standard | |
51 | input by default. | |
52 | ||
53 | =item B<-out filename> | |
54 | ||
657e60fa | 55 | This specifies the output filename to write session information to or standard |
cc8709a0 DSH |
56 | output if this option is not specified. |
57 | ||
58 | =item B<-text> | |
59 | ||
c4de074e | 60 | Prints out the various public or private key components in |
1bc74519 | 61 | plain text in addition to the encoded version. |
cc8709a0 DSH |
62 | |
63 | =item B<-cert> | |
64 | ||
c4de074e | 65 | If a certificate is present in the session it will be output using this option, |
cc8709a0 DSH |
66 | if the B<-text> option is also present then it will be printed out in text form. |
67 | ||
68 | =item B<-noout> | |
69 | ||
c4de074e | 70 | This option prevents output of the encoded version of the session. |
cc8709a0 DSH |
71 | |
72 | =item B<-context ID> | |
73 | ||
c4de074e | 74 | This option can set the session id so the output session information uses the |
60250017 | 75 | supplied ID. The ID can be any string of characters. This option won't normally |
cc8709a0 DSH |
76 | be used. |
77 | ||
78 | =back | |
79 | ||
80 | =head1 OUTPUT | |
81 | ||
82 | Typical output: | |
83 | ||
84 | SSL-Session: | |
85 | Protocol : TLSv1 | |
86 | Cipher : 0016 | |
87 | Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED | |
88 | Session-ID-ctx: 01000000 | |
89 | Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD | |
90 | Key-Arg : None | |
91 | Start Time: 948459261 | |
92 | Timeout : 300 (sec) | |
93 | Verify return code 0 (ok) | |
94 | ||
95 | Theses are described below in more detail. | |
96 | ||
97 | =over 4 | |
98 | ||
99 | =item B<Protocol> | |
100 | ||
c4de074e | 101 | This is the protocol in use TLSv1.2, TLSv1.1, TLSv1 or SSLv3. |
cc8709a0 DSH |
102 | |
103 | =item B<Cipher> | |
104 | ||
c4de074e | 105 | The cipher used this is the actual raw SSL or TLS cipher code, see the SSL |
cc8709a0 DSH |
106 | or TLS specifications for more information. |
107 | ||
108 | =item B<Session-ID> | |
109 | ||
c4de074e | 110 | The SSL session ID in hex format. |
cc8709a0 DSH |
111 | |
112 | =item B<Session-ID-ctx> | |
113 | ||
c4de074e | 114 | The session ID context in hex format. |
cc8709a0 DSH |
115 | |
116 | =item B<Master-Key> | |
117 | ||
c4de074e | 118 | This is the SSL session master key. |
cc8709a0 | 119 | |
cc8709a0 DSH |
120 | =item B<Start Time> |
121 | ||
c4de074e P |
122 | This is the session start time represented as an integer in standard |
123 | Unix format. | |
cc8709a0 DSH |
124 | |
125 | =item B<Timeout> | |
126 | ||
c4de074e | 127 | The timeout in seconds. |
cc8709a0 DSH |
128 | |
129 | =item B<Verify return code> | |
130 | ||
c4de074e | 131 | This is the return code when an SSL client certificate is verified. |
cc8709a0 DSH |
132 | |
133 | =back | |
134 | ||
135 | =head1 NOTES | |
136 | ||
137 | The PEM encoded session format uses the header and footer lines: | |
138 | ||
139 | -----BEGIN SSL SESSION PARAMETERS----- | |
140 | -----END SSL SESSION PARAMETERS----- | |
141 | ||
c4de074e P |
142 | Since the SSL session output contains the master key it is |
143 | possible to read the contents of an encrypted session using this | |
144 | information. Therefore appropriate security precautions should be taken if | |
145 | the information is being output by a "real" application. This is however | |
146 | strongly discouraged and should only be used for debugging purposes. | |
cc8709a0 DSH |
147 | |
148 | =head1 BUGS | |
149 | ||
150 | The cipher and start time should be printed out in human readable form. | |
151 | ||
152 | =head1 SEE ALSO | |
153 | ||
9b86974e | 154 | L<ciphers(1)>, L<s_server(1)> |
cc8709a0 | 155 | |
e2f92610 RS |
156 | =head1 COPYRIGHT |
157 | ||
c4de074e | 158 | Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 RS |
159 | |
160 | Licensed under the OpenSSL license (the "License"). You may not use | |
161 | this file except in compliance with the License. You can obtain a copy | |
162 | in the file LICENSE in the source distribution or at | |
163 | L<https://www.openssl.org/source/license.html>. | |
164 | ||
165 | =cut |