How should I check if SSL session resumption is working or not?

Solution 1:

You can use openssl to test locally :

openssl s_client -connect example.com:443 -reconnect -no_ticket

Or :

openssl s_client -connect example.com:443 -no_ticket -sess_out /tmp/ssl_s
openssl s_client -connect example.com:443 -no_ticket -sess_in /tmp/ssl_s

(The -no_ticket option is needed to disable client-side TLS session tickets which also allow session resumption but is a different setting in nginx, and limit the test to the server-side SSL session caching the OP's configuration controls.)

For the first command you'll get output like this :

drop connection and then reconnect
CONNECTED(00000003)
---
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

For the last one, you'll get this in case of session resumption:

SSL handshake has read 142 bytes and written 583 bytes
---
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

or this in case of failure:

SSL handshake has read 5855 bytes and written 722 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384

You can see the handshake is way bigger when it's new.

Solution 2:

I'm not sure of a way to test locally, but if your site is public, ssllabs provide a nice testing tool:

https://www.ssllabs.com/ssldb/index.html

Tags:

Nginx

Ssl

Https