sess_id.pod revision 325337
1 2=pod 3 4=head1 NAME 5 6openssl-sess_id, 7sess_id - SSL/TLS session handling utility 8 9=head1 SYNOPSIS 10 11B<openssl> B<sess_id> 12[B<-inform PEM|DER>] 13[B<-outform PEM|DER>] 14[B<-in filename>] 15[B<-out filename>] 16[B<-text>] 17[B<-noout>] 18[B<-context ID>] 19 20=head1 DESCRIPTION 21 22The B<sess_id> process the encoded version of the SSL session structure 23and optionally prints out SSL session details (for example the SSL session 24master key) in human readable format. Since this is a diagnostic tool that 25needs some knowledge of the SSL protocol to use properly, most users will 26not need to use it. 27 28=over 4 29 30=item B<-inform DER|PEM> 31 32This specifies the input format. The B<DER> option uses an ASN1 DER encoded 33format containing session details. The precise format can vary from one version 34to the next. The B<PEM> form is the default format: it consists of the B<DER> 35format base64 encoded with additional header and footer lines. 36 37=item B<-outform DER|PEM> 38 39This specifies the output format, the options have the same meaning as the 40B<-inform> option. 41 42=item B<-in filename> 43 44This specifies the input filename to read session information from or standard 45input by default. 46 47=item B<-out filename> 48 49This specifies the output filename to write session information to or standard 50output if this option is not specified. 51 52=item B<-text> 53 54prints out the various public or private key components in 55plain text in addition to the encoded version. 56 57=item B<-cert> 58 59if a certificate is present in the session it will be output using this option, 60if the B<-text> option is also present then it will be printed out in text form. 61 62=item B<-noout> 63 64this option prevents output of the encoded version of the session. 65 66=item B<-context ID> 67 68this option can set the session id so the output session information uses the 69supplied ID. The ID can be any string of characters. This option wont normally 70be used. 71 72=back 73 74=head1 OUTPUT 75 76Typical output: 77 78 SSL-Session: 79 Protocol : TLSv1 80 Cipher : 0016 81 Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED 82 Session-ID-ctx: 01000000 83 Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD 84 Key-Arg : None 85 Start Time: 948459261 86 Timeout : 300 (sec) 87 Verify return code 0 (ok) 88 89Theses are described below in more detail. 90 91=over 4 92 93=item B<Protocol> 94 95this is the protocol in use TLSv1, SSLv3 or SSLv2. 96 97=item B<Cipher> 98 99the cipher used this is the actual raw SSL or TLS cipher code, see the SSL 100or TLS specifications for more information. 101 102=item B<Session-ID> 103 104the SSL session ID in hex format. 105 106=item B<Session-ID-ctx> 107 108the session ID context in hex format. 109 110=item B<Master-Key> 111 112this is the SSL session master key. 113 114=item B<Key-Arg> 115 116the key argument, this is only used in SSL v2. 117 118=item B<Start Time> 119 120this is the session start time represented as an integer in standard Unix format. 121 122=item B<Timeout> 123 124the timeout in seconds. 125 126=item B<Verify return code> 127 128this is the return code when an SSL client certificate is verified. 129 130=back 131 132=head1 NOTES 133 134The PEM encoded session format uses the header and footer lines: 135 136 -----BEGIN SSL SESSION PARAMETERS----- 137 -----END SSL SESSION PARAMETERS----- 138 139Since the SSL session output contains the master key it is possible to read the contents 140of an encrypted session using this information. Therefore appropriate security precautions 141should be taken if the information is being output by a "real" application. This is 142however strongly discouraged and should only be used for debugging purposes. 143 144=head1 BUGS 145 146The cipher and start time should be printed out in human readable form. 147 148=head1 SEE ALSO 149 150L<ciphers(1)|ciphers(1)>, L<s_server(1)|s_server(1)> 151 152=cut 153