重用会话时更改SSL协议版本 [英] Change SSL protocol version while reusing session

问题描述

我正在使用ssl3连接到服务器.当-reconnect指定了-change_session_version选项时，我希望会话协议从SSLv3

I'm using ssl3 to connect to server. When the -change_session_version option is specified with the -reconnect, I want the session protocol to change to SSLv2 from SSLv3

这是我的命令:apps/openssl s_client -connect 10.102.113.3:443 -reconnect -change_session_version -ssl3

现在，我知道我应该拥有以下代码:

Now, I know that I should have either this code:

if(change_session_version)
    s->session->ssl_version = SSL2_VERSION;

或此代码:

if(change_session_version)
    s->version = SSL2_VERSION;

我不知道将代码放在哪里.

I don't know where to put this code though.

我已经在ssl.h中将change_session_version声明为int，并且如果指定了-change_session_version选项，则将其设置为1.

I have declared change_session_version as an int in ssl.h and have set it to 1 if the -change_session_version option is specified.

请帮帮我！

推荐答案

您的问题体现了一个术语上的矛盾. SSL中的会话"包括协议，密码套件，密钥材料和对等证书.您不能在不创建新会话的情况下更改其中任何一个.

Your question embodies a contradiction in terms. A 'session' in SSL comprises the protocol, the cipher suite, the key material, and the peer certificates. You can't change any of them without creating a new session.

编辑:仅更改一块本地存储器中的变量可能无法完成任何有用的工作.该对等方将不知道，在其他连接上共享会话的其他对等方也将不知道.您必须重新握手并协商一个 new 会话.

EDIT Just changing a variable in a piece of local memory can't possibly accomplish anything useful. The peer won't know about it, and the other peers sharing the session on other connections won't know about it either. You have to re-handshake and negotiate a new session.

这篇关于重用会话时更改SSL协议版本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！