How to test if a server support TLS 1.2 session resumption, using URL PATH instead of just HOSTNAME?

0

I have to test if one of our servers supports tls 1.2 session resumption, either via session id or session ticket.

I know how to do this for a given host using below command (thanks to https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html)

echo | openssl s_client -connect HOSTNAME:443 -reconnect -no_ssl2 2> /dev/null | grep 'New\|Reuse'

However above command only works against host name. The server I have to test, only responds to a valid url path, and refuses to connect to just host name.

i.e what I am looking for would look like this

echo | openssl s_client -connect https://HOSTNAME/some/path/to/resource -reconnect -no_ssl2 2> /dev/null | grep 'New\|Reuse'

Are there any tools to do this against complete url path instead of just host name?

vikram.ma

Posted 2019-06-19T02:19:26.023

Reputation: 3

Answers

1

The server I have to test, only responds to a valid url path, and refuses to connect to just host name.

HTTPS is HTTP inside a TLS connection. The actual path is only exposed to the inner HTTP while the session resumption is done at the TLS level. Since the TLS comes first no path is needed to test for session resumption. It is not even to provide the inner HTTP request at all, all what is needed for the test is the outer TLS handshake.

In other words: your claim that you need the full path is not true and you can also test session resumption for this site by using only the hostname.

Steffen Ullrich

Posted 2019-06-19T02:19:26.023

Reputation: 3 897

Asked: 2019-06-19T02:19:26.023

Viewed: 352 times

Active: 2019-06-19T06:48:43.173