Thanks the great help from OpenSSL
community, I finally can simulate an TLS 1.3
“Session Resumption”. The Operation System I used is OmniOS
, and OpenSSL
version is 1.1.1k
, but I think the methods here can also be applied to other platforms:
(1) Open one terminal to launch tcpdump
to capture TLS
packets:
$ pfexec /opt/ooce/sbin/tcpdump -w tls.pcap port 443
(2) Open another terminal to initiate the first TLS 1.3
session:
$ openssl s_client -connect cloudflare.com:443 -tls1_3 -sess_out sess.pem -keylogfile keys1.txt
......
Once the connection is established, input “GET /
” to trigger TLS 1.3
Server to send “New Session Ticket
” message, and this will be saved in sess.pem
file.
(3) Initiate another TLS 1.3
session to reuse the saved “Session Ticket
“:
$ echo | openssl s_client -connect cloudflare.com:443 -tls1_3 -sess_in sess.pem -keylogfile keys2.txt
(4) Stop the tcpdump
process.
(5) Combine two keys file into one:
$ cat keys1.txt keys2.txt > keys.txt
Then the keys.txt
can be used to decrypt the two TLS 1.3
sessions (refer Use Wireshark to decrypt TLS flows).