问题
I'm using ssl3 to connect to server. When the -change_session_version option is specified with the -reconnect, I want the session protocol to change to SSLv2 from SSLv3
This is my command: apps/openssl s_client -connect 10.102.113.3:443 -reconnect -change_session_version -ssl3
Now, I know that I should have either this code:
if(change_session_version)
s->session->ssl_version = SSL2_VERSION;
Or this code:
if(change_session_version)
s->version = SSL2_VERSION;
I don't know where to put this code though.
I have declared change_session_version as an int in ssl.h and have set it to 1 if the -change_session_version option is specified.
Please help me out!
回答1:
Your question embodies a contradiction in terms. A 'session' in SSL comprises the protocol, the cipher suite, the key material, and the peer certificates. You can't change any of them without creating a new session.
EDIT Just changing a variable in a piece of local memory can't possibly accomplish anything useful. The peer won't know about it, and the other peers sharing the session on other connections won't know about it either. You have to re-handshake and negotiate a new session.
回答2:
I don't think this is possible. First, SSLv2 is practically not supported anymore and most stacks don't even implement it while the others have disabled it. And then there is no support for session resumption in SSLv2 at all.
来源:https://stackoverflow.com/questions/28556222/change-ssl-protocol-version-while-reusing-session