0

I'm using openssl sess_id -in sess.pem -noout -text to decode the ssl session parameters in sess.pem file (which i got using sess_out) into human readable text. I wanted to know if there is a way to do the opposite i.e convert the text into sess.pem kind of format. Basically i just want to change a couple of parameters (session-id, master-key etc) inside the sess.pem file but can't seem to find the right command.

mfghani
  • 11
  • 2
    is it always the same, and why would you like to do it? [X-and-Y-Problem](https://faq-database.de/doku.php?id=en:x-and-y-problem) – djdomi Jul 29 '21 at 04:27
  • i'm trying to pentest a custom ftps server. i had a hunch that it's not properly validating the session parameters when the user tries to connect to the data port after opening a passive connection. – mfghani Jul 29 '21 at 07:26
  • Related: the MySQL client has a built-in command that allows to export such `sess.pem` file with the TLS settings: `ssl_session_data_print sess.pem` – dolmen Jan 24 '23 at 09:46

2 Answers2

0

There are no commands to manipulate or create a SSL_SESSION, but asn1parse -genconf can create an arbitrary ASN.1 structure in DER, which you could apply using the definition in source file ssl/ssl_asn1.c, and then convert to PEM with sess_id or just base64 plus manual header/trailer lines.

To do it in code, the API is documented in the usual way; do man -k SSL_SESSION on most Unix or Unix-like. If on Windows or some other badly installed/packaged system, go to https://www.openssl.org/docs/man1.1.1/man3/ and look under PEM_*SSL_SESSION and SSL_SESSION_*.

But even if some (custom) stack fails to verify saved parameters against the new hello, it basically must still use the saved parameters, so although this is at least arguably an RFC violation I don't see how it can be a vulnerability.

dave_thompson_085
  • 3,262
  • 1
  • 16
  • 16
0

Here is a follow-up to @dave_thompson_085's answer: you can use the PEM_read_SSL_SESSION and PEM_write_SSL_SESSION functions of the OpenSSL library to decode and re-encode the PEM file. SSL_SESSION_set1_master_key will allow you to tweak the master key.

dolmen
  • 138
  • 4