DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

/usr/man/cat.1/sess_id.1(/usr/man/cat.1/sess_id.1)




SESS_ID(1)                   OpenSSL                   SESS_ID(1)


NAME

     openssl-sess_id, sess_id - SSL/TLS session handling utility


SYNOPSIS

     openssl sess_id [-inform PEM|DER] [-outform PEM|DER] [-in
     filename] [-out filename] [-text] [-noout] [-context ID]


DESCRIPTION

     The sess_id process the encoded version of the SSL session
     structure and optionally prints out SSL session details (for
     example the SSL session master key) in human readable
     format. Since this is a diagnostic tool that needs some
     knowledge of the SSL protocol to use properly, most users
     will not need to use it.

     -inform DER|PEM
         This specifies the input format. The DER option uses an
         ASN1 DER encoded format containing session details. The
         precise format can vary from one version to the next.
         The PEM form is the default format: it consists of the
         DER format base64 encoded with additional header and
         footer lines.

     -outform DER|PEM
         This specifies the output format, the options have the
         same meaning as the -inform option.

     -in filename
         This specifies the input filename to read session
         information from or standard input by default.

     -out filename
         This specifies the output filename to write session
         information to or standard output if this option is not
         specified.

     -text
         prints out the various public or private key components
         in plain text in addition to the encoded version.

     -cert
         if a certificate is present in the session it will be
         output using this option, if the -text option is also
         present then it will be printed out in text form.

     -noout
         this option prevents output of the encoded version of
         the session.

     -context ID
         this option can set the session id so the output session
         information uses the supplied ID. The ID can be any

1.0.2t               Last change: 2019-09-10                    1

SESS_ID(1)                   OpenSSL                   SESS_ID(1)

         string of characters. This option wont normally be used.


OUTPUT

     Typical output:

      SSL-Session:
          Protocol  : TLSv1
          Cipher    : 0016
          Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
          Session-ID-ctx: 01000000
          Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
          Key-Arg   : None
          Start Time: 948459261
          Timeout   : 300 (sec)
          Verify return code 0 (ok)

     Theses are described below in more detail.

     Protocol
         this is the protocol in use TLSv1, SSLv3 or SSLv2.

     Cipher
         the cipher used this is the actual raw SSL or TLS cipher
         code, see the SSL or TLS specifications for more
         information.

     Session-ID
         the SSL session ID in hex format.

     Session-ID-ctx
         the session ID context in hex format.

     Master-Key
         this is the SSL session master key.

     Key-Arg
         the key argument, this is only used in SSL v2.

     Start Time
         this is the session start time represented as an integer
         in standard Unix format.

     Timeout
         the timeout in seconds.

     Verify return code
         this is the return code when an SSL client certificate
         is verified.


NOTES

     The PEM encoded session format uses the header and footer
     lines:

1.0.2t               Last change: 2019-09-10                    2

SESS_ID(1)                   OpenSSL                   SESS_ID(1)

      -----BEGIN SSL SESSION PARAMETERS-----
      -----END SSL SESSION PARAMETERS-----

     Since the SSL session output contains the master key it is
     possible to read the contents of an encrypted session using
     this information. Therefore appropriate security precautions
     should be taken if the information is being output by a
     "real" application. This is however strongly discouraged and
     should only be used for debugging purposes.


BUGS

     The cipher and start time should be printed out in human
     readable form.


SEE ALSO

     ciphers(1), s_server(1)

1.0.2t               Last change: 2019-09-10                    3

See also openssl-sess_id(1)

Man(1) output converted with man2html