Class SSL.Session
- Description
The most important information in a session object is a choice of encryption algorithms and a "master secret" created by keyexchange with a client. Each connection can either do a full key exchange to established a new session, or reuse a previously established session. That is why we have the session abstraction and the session cache. Each session is used by one or more connections, in sequence or simultaneously.
It is also possible to change to a new session in the middle of a connection.
- Variable cert_data
mapping
SSL.Session.cert_data- Description
Information about the certificate in use by the peer, such as issuing authority, and verification status.
- Variable certificate_chain
array
(string(8bit)
) SSL.Session.certificate_chain- Description
Our certificate chain
- Variable cipher_spec
Cipher.CipherSpec
SSL.Session.cipher_spec- Description
Information about the encryption method derived from the cipher_suite.
- Variable cipher_suite
int
SSL.Session.cipher_suite- Description
Constant defining a choice of keyexchange, encryption and mac algorithm.
- Variable compression_algorithm
int
SSL.Session.compression_algorithm- Description
Always COMPRESSION_null.
- Variable curve
Crypto.ECC.Curve
SSL.Session.curve- Description
The ECC curve selected by the key exchange.
KE_ecdh_ecdsa
The curve from the server certificate.
KE_ecdh_rsa
KE_ecdhe_ecdsa
The curve selected for the ECDHE key exchange (typically the largest curve supported by both the client and the server).
KE_ecdhe_rsa
KE_ecdh_anon
- Variable ecc_curves
array
(int
) SSL.Session.ecc_curves- Description
Supported elliptical curve cipher curves in order of preference.
- Variable ecc_point_format
int
SSL.Session.ecc_point_format- Description
The selected elliptical curve point format.
- Note
May be
-1
to indicate that there's no supported overlap between the server and client.
- Variable encrypt_then_mac
int
SSL.Session.encrypt_then_mac- Description
Negotiated encrypt-then-mac mode.
- Variable extended_master_secret
bool
SSL.Session.extended_master_secret- Description
Indicates that the connection uses the Extended Master Secret method of deriving the master secret.
This setting is only relevant for TLS 1.2 and earlier.
- Variable ffdhe_groups
array
(int
) SSL.Session.ffdhe_groups- Description
Supported finite field diffie-hellman groups in order of preference.
int(0..0)
Zero indicates that none have been specified.
array
(zero
)The empty array indicates that none are supported.
array
(int
)List of supported groups, with the most preferred first.
- Variable heartbeat_mode
SSL.Session.heartbeat_modeHeartBeatModeType
- Description
Heartbeat mode.
- Variable identity
string(8bit)
SSL.Session.identity- Description
Identifies the session to the server
- Variable last_activity
int
SSL.Session.last_activity- Description
When this session object was used last.
- Variable master_secret
string(8bit)
SSL.Session.master_secret- Description
48 byte secret shared between the client and the server. Used for deriving the actual keys.
- Variable max_packet_size
int
SSL.Session.max_packet_size- Description
The max fragment size requested by the client.
- Variable peer_certificate_chain
array
(string(8bit)
) SSL.Session.peer_certificate_chain- Description
The peer certificate chain
- Variable peer_public_key
SSL.Session.peer_public_keyCrypto.Sign.State
- Description
The peer's public key (from the certificate).
- Variable private_key
SSL.Session.private_keyCrypto.Sign.State
- Description
Our private key.
- Variable server_name
string(8bit)
SSL.Session.server_name- Description
RFC 6066 section 3.1 (SNI)
- Variable signature_algorithms
array
(array
(int
)) SSL.Session.signature_algorithms- Description
The set of <hash, signature> combinations supported by the peer.
Only used with TLS 1.2 and later.
Defaults to the settings from RFC 5246 section 7.4.1.4.1.
- Variable ticket
string(8bit)
SSL.Session.ticket- Description
Alternative identification of the session to the server.
- See also
- Variable ticket_expiry_time
int
SSL.Session.ticket_expiry_time- Description
Expiry time for ticket.
- Variable truncated_hmac
bool
SSL.Session.truncated_hmac- Description
Indicates that the packet HMACs should be truncated to the first 10 bytes (80 bits). Cf RFC 3546 section 3.5.
- Variable version
ProtocolVersion
SSL.Session.version- Description
Negotiated protocol version.