Class SSL.Session

Description

The most important information in a session object is a choice of encryption algorithms and a "master secret" created by keyexchange with a client. Each connection can either do a full key exchange to established a new session, or reuse a previously established session. That is why we have the session abstraction and the session cache. Each session is used by one or more connections, in sequence or simultaneously.

It is also possible to change to a new session in the middle of a connection.

Variable cert_data: mapping SSL.Session.cert_data
Description: Information about the certificate in use by the peer, such as issuing authority, and verification status.

Variable certificate_chain: array(string(8bit)) SSL.Session.certificate_chain
Description: our certificate chain

Variable cipher_spec: Cipher.CipherSpec SSL.Session.cipher_spec
Description: Information about the encryption method derived from the cipher_suite.

Variable cipher_suite: int SSL.Session.cipher_suite
Description: Constant defining a choice of keyexchange, encryption and mac algorithm.

Variable compression_algorithm: int SSL.Session.compression_algorithm
Description: Always COMPRESSION_null.

Variable curve

Crypto.ECC.Curve SSL.Session.curve

Description

The ECC curve selected by the key exchange.

`KE_ecdh_ecdsa`	The curve from the server certificate.
`KE_ecdh_rsa`	The curve from the server certificate.
`KE_ecdhe_ecdsa`	The curve selected for the ECDHE key exchange (typically the largest curve supported by both the client and the server).
`KE_ecdhe_rsa`
`KE_ecdh_anon`

Variable ecc_curves: array(int) SSL.Session.ecc_curves
Description: Supported elliptical curve cipher curves in order of preference.

Variable ecc_point_format: int SSL.Session.ecc_point_format
Description: The selected elliptical curve point format.
Note: May be -1 to indicate that there's no supported overlap between the server and client.

Variable encrypt_then_mac: int SSL.Session.encrypt_then_mac
Description: Negotiated encrypt-then-mac mode.

Variable heartbeat_mode: HeartBeatModeType SSL.Session.heartbeat_mode
Description: Heartbeat mode.

Variable identity: string(8bit) SSL.Session.identity
Description: Identifies the session to the server

Variable master_secret: string(8bit) SSL.Session.master_secret
Description: 48 byte secret shared between the client and the server. Used for deriving the actual keys.

Variable max_packet_size: int SSL.Session.max_packet_size
Description: The max fragment size requested by the client.

Variable peer_certificate_chain: array(string(8bit)) SSL.Session.peer_certificate_chain
Description: the peer certificate chain

Variable peer_public_key: Crypto.Sign.State SSL.Session.peer_public_key
Description: The peer's public key (from the certificate).

Variable private_key: Crypto.Sign.State SSL.Session.private_key
Description: Our private key.

Variable server_name: string(8bit) SSL.Session.server_name
Description: RFC 6066 3.1 (SNI)

Variable signature_algorithms

array(array(int)) SSL.Session.signature_algorithms

Description

The set of <hash, signature> combinations supported by the peer.

Only used with TLS 1.2 and later.

Defaults to the settings from RFC 5246 7.4.1.4.1.

Variable ticket: string(8bit) SSL.Session.ticket
Description: Alternative identification of the session to the server.
See also: RFC 4507, RFC 5077

Variable ticket_expiry_time: int SSL.Session.ticket_expiry_time
Description: Expiry time for ticket.

Variable truncated_hmac: bool SSL.Session.truncated_hmac
Description: Indicates that the packet HMACs should be truncated to the first 10 bytes (80 bits). Cf RFC 3546 3.5.

Variable version: ProtocolVersion SSL.Session.version
Description: Negotiated protocol version.