Info Connection; Renegotiate Connection - HP NonStop SSL Reference Manual

Note: The content at the right end of the display is the abbreviated content of the section "SSL handshake information"
in the result of the INFO CONNECTION command covered in the next paragraph.

INFO CONNECTION

The INFO CONNECTION command displays detailed information about a single session as in the following example:
% info connection 3625
info connection 3625
accepting socket:
=================
<Sec rem acc PROXY>[TLS_SERVER](0/1): 10.0.0.198:8989<--10.0.1.24:2000
connecting socket:
==================
<Pln loc conn PROXY>: 127.0.0.1:3625-->127.0.0.1:23
peer certificate information:
=============================
issuer=/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98/CN=VeriSign C
lass 1 CA Individual Subscriber-Persona Not Validated
subject=/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not
Validated/OU=Digital ID Class 1 - Microsoft Full Service/CN=Thomas R. Burg/emailAddress=thomasburg@web.de
not_valid_before=Feb 20 00:00:00 2004 GMT
not_valid_after=Feb 19 23:59:59 2005 GMT
md5=C7D442A51F7790721E3F36C383E58DF5
SSL handshake information:
==========================
1 SSL handshakes; First at 05Aug04,21:26:23, Last at 05Aug04,21:26:23
%
The command displays details about:
•
Accepting socket: the socket of the application which connects to HP NonStop SSL. For instance in TELNETS
mode, that is the connection to the remote client using SSL
•
Connecting socket: the socket on which HP NonStop SSL connects to the target application. In TELNETS
mode, that is the connection to TELSERV
•
Peer certificate information: if the accepting socket in TELNETS or PROXYS mode has sent a client certificate,
the contents are displayed here. See section
details on enforcing client authentication.
•
SSL handshake information: displays the number of SSL handshakes on the accepting socket and the timestamp
of the first and last handshake.

RENEGOTIATE CONNECTION

The SSL protocol allows both parties to initiate a new SSL handshake to refresh the session keys. The RENEGOTIATE
CONNECTION command lets HP NonStop SSL do that from the server side. The following two log messages show that
a renegotiation has been successful.
22:34:08.19|50|T3|session 10.0.0.198:8989<--10.0.1.24:2002: SSL renegotiation
22:34:10.35|50|T3|session 10.0.0.198:8989<--10.0.1.24:2002: cipher suite TLSv1/RC4-MD5 negotiated
The output of the INFO CONNECTION command will display the fact that a new handshake has happened as well:
%info connection 3625
info connection 3625
accepting socket:
=================
<Sec rem acc PROXY>[TLS_SERVER](0/1): 10.0.0.198:8989<--10.0.1.24:2000
connecting socket:
==================
<Pln loc conn PROXY>: 127.0.0.1:3625-->127.0.0.1:23
peer certificate information:
=============================
issuer=/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98/CN=VeriSign C
lass 1 CA Individual Subscriber-Persona Not Validated
subject=/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Persona Not
Validated/OU=Digital ID Class 1 - Microsoft Full Service/CN=Thomas R. Burg/emailAddress=thomasburg@web.de
96 • SSLCOM Command Interface
"Requesting the SSL Client to Present a Client
starting
Certificate" for
HP NonStop SSL Reference Manual