Hi Viktor, I've followed your example, and it looks like the server is doing what it's supposed to, however, I'm getting a disconnect from the server when the session expires. Which should not happen, and I can't seem to find a reason for this to be happening.
As previously said, I'm developing a server that handles always-on TLS connections, and I'm trying to perform a session resumption. Thanks! On Mon, 19 Nov 2018 at 21:02, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > On Mon, Nov 19, 2018 at 04:01:35PM +0000, Filipe Fernandes wrote: > > > I'm developing a specific SSL Server, in which it's supposed to have an > > always-on socket connection. So, to be on the safe side, there's specific > > needs that need to be filled on this implementation. One of the needs is > > that the server must send a resumption request (ServerHello) to the > client > > on a cyclic manner. I've tried everything I could, but it seems that the > > server does not send the ServerHello to the Client. > > This is only possible with TLS <= 1.2, TLS 1.3 eliminated renegotiation. > > > My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to > the > > Client *on demand*? The socket should not close, nor perform a > > renegotiation. > > The relevant code in apps/s_server.c is: > > SSL_renegotiate(con); > i = SSL_do_handshake(con); > > this implements the handling of the 'r' magic character, see s_server(1): > > CONNECTED COMMANDS > > If a connection request is established with an SSL client and > neither > the -www nor the -WWW option has been used then normally any data > received from the client is displayed and any key presses will be > sent > to the client. > > Certain commands are also recognized which perform special > operations. > These commands are a letter which must appear at the start of a > line. > They are listed below. > > [...] > > r Renegotiate the SSL session (TLSv1.2 and below only). > > R Renegotiate the SSL session and request a client certificate > (TLSv1.2 and below only). > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
