96
•
SSLCOM Command Interface
HP NonStop SSL Reference Manual
Note
: The content at the right end of the display is the abbreviated content of the section "SSL handshake information"
in the result of the INFO CONNECTION command covered in the next paragraph.
INFO CONNECTION
The INFO CONNECTION command displays detailed information about a single session as in the following example:
% info connection 3625
info connection 3625
accepting socket:
=================
<Sec rem acc PROXY>[TLS_SERVER](0/1): 10.0.0.198:8989<--10.0.1.24:2000
connecting socket:
==================
<Pln loc conn PROXY>: 127.0.0.1:3625-->127.0.0.1:23
peer certificate information:
=============================
issuer=/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98/CN=VeriSign C
lass 1 CA Individual Subscriber-Persona Not Validated
subject=/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not
Validated/OU=Digital ID Class 1 - Microsoft Full Service/CN=Thomas R. Burg/[email protected]
not_valid_before=Feb 20 00:00:00 2004 GMT
not_valid_after=Feb 19 23:59:59 2005 GMT
md5=C7D442A51F7790721E3F36C383E58DF5
SSL handshake information:
==========================
1 SSL handshakes; First at 05Aug04,21:26:23, Last at 05Aug04,21:26:23
%
The command displays details about:
•
Accepting socket: the socket of the application which connects to HP NonStop SSL. For instance in TELNETS
mode, that is the connection to the remote client using SSL
•
Connecting socket: the socket on which HP NonStop SSL connects to the target application. In TELNETS
mode, that is the connection to TELSERV
•
Peer certificate information: if the accepting socket in TELNETS or PROXYS mode has sent a client certificate,
the contents are displayed here. See section "
Requesting the SSL Client to Present a Client Certificate
" for
details on enforcing client authentication.
•
SSL handshake information: displays the number of SSL handshakes on the accepting socket and the timestamp
of the first and last handshake.
RENEGOTIATE CONNECTION
The SSL protocol allows both parties to initiate a new SSL handshake to refresh the session keys. The RENEGOTIATE
CONNECTION command lets HP NonStop SSL do that from the server side. The following two log messages show that
a renegotiation has been successful.
22:34:08.19|50|T3|session 10.0.0.198:8989<--10.0.1.24:2002: SSL renegotiation starting
22:34:10.35|50|T3|session 10.0.0.198:8989<--10.0.1.24:2002: cipher suite TLSv1/RC4-MD5 negotiated
The output of the INFO CONNECTION command will display the fact that a new handshake has happened as well:
%info connection 3625
info connection 3625
accepting socket:
=================
<Sec rem acc PROXY>[TLS_SERVER](0/1): 10.0.0.198:8989<--10.0.1.24:2000
connecting socket:
==================
<Pln loc conn PROXY>: 127.0.0.1:3625-->127.0.0.1:23
peer certificate information:
=============================
issuer=/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98/CN=VeriSign C
lass 1 CA Individual Subscriber-Persona Not Validated
subject=/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not
Validated/OU=Digital ID Class 1 - Microsoft Full Service/CN=Thomas R. Burg/[email protected]
Summary of Contents for NonStop SSL
Page 8: ...8 Preface HP NonStop SSL Reference Manual This is the initial version of this manual ...
Page 30: ...30 Installation HP NonStop SSL Reference Manual ...
Page 90: ...90 Monitoring HP NonStop SSL Reference Manual ...
Page 98: ...98 SSLCOM Command Interface HP NonStop SSL Reference Manual ...
Page 110: ...110 SSL Reference HP NonStop SSL Reference Manual ...
Page 116: ...116 Remote SSL Proxy HP NonStop SSL Reference Manual ...