Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
keyboard_arrow_right

show services ssl proxy session-cache entries

date_range 19-Nov-23

Syntax

content_copy zoom_out_map
show services ssl proxy session-cache entries [detail |  summary]
<pic-info fpc-slot slot number pic-slot slot-number>

Description

Display information about the entries stored in the SSL proxy session cache.

Note:

When the CLI is in logical system context mode and you enter an operational-mode command, the output of the command displays information related to the logical system only.

Options

pic-info fpc-slot slot number pic-slot slot-number

Display the information for the FPC in the specified slot.

detail

Display the detail information about the SSL proxy session cache entries.

summary

Display the summary of the SSL proxy session cache entries.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show services ssl proxy session-cache entries command. Output fields are listed in the approximate order in which they appear.

Table 1: show services ssl proxy session-cache entries Output Fields

Field Name

Field Description

Display Level

Hash Entry

Index number of the entry.

summary, detail

Status

Status of the cache entry-–active or expired. The cache entries are valid only for short interval.

summary, detail

Session Id Length

Length of the session ID. 32-bit field that identifies an SSL session.

summary, detail

Session Id

SSL session identifier.

summary, detail

Dst IP

Destination IP address.

summary, detail

Dst Port

Destination port number.

summary, detail

SSL-T Profile Id

SSL termination profile identification number.

summary, detail

SSL-I Profile Id

SSL initiation profile identification number.

summary, detail

Interdicted cert type [0x0]:

Interdicted server certificate

detail

Server cert verification result:

Server certificate validation results.

detail

Server name extn len

Extension length in the TLS server name extension.

detail

name

Server name in the TLS server name extension

detail

Server cert chain hash

The hash value of the server certificate chain.

detail

SSL-TERM session:

SSL termination session details. It includes the following fields.

  • SSL ver—SSL/TLS protocol version

  • Compression Method—Agreed-upon compression method used to compress data and

  • Cipher Id—Identification number for the cipher

  • Master Key Length—Length of the primary secret key.

detail

SSL-INIT session:

SSL initiation session details. It includes the following fields.

  • SSL ver—SSL/TLS protocol version

  • Compression Method—Agreed-upon compression method used to compress data and

  • Cipher Id—Identification number for the cipher

  • Master Key Length—Length of the primary secret key.

detail

SSL-T resumption type Session resumption type used in SSL termination

summary

SSL-I resumption type Session resumption type used in an SSL session—PSK-based (TLS1.3) or session-ID based (TLS1.2)

summary

Resumption type Session resumption type used in an SSL session—PSK-based (TLS1.3) or session-ID based (TLS1.2 or earlier versions) detail

Ticket valid time

Validity time of the session ticket that includes pre-shared key (PSK) identity detail
Tick_lifetime_hint Life time of the session ticket detail
Tick_age_add Age of the session ticket detail
Ticklen Length of the session ticket detail

Sample Output

show services ssl proxy session-cache entries summary

content_copy zoom_out_map
user@host > show services ssl proxy session-cache entries summary

Lsys Name : root-logical-system
PIC: fpc0 fpc[0] pic[0
Hash Entry 1 
Status: ACTIVE, Time to expire 294 seconds 
Session Id Length: 32 
Session Id: 1b 2a 9f 5f d8 6e d2 cd 6b b8 89 e8 88 07 75 80 32 c2 54 5a c7 9b 12 a2 e6 5c f0 6d 85 c5 40 4b 
Dst IP: 5.0.0.1, Dst Port: 20753 
SSL-T Profile Id: 2, SSL-I Profile Id: 2 

show services ssl proxy session-cache entries summary (Junos OS Release 22.1R1)

content_copy zoom_out_map
user@host > show services ssl proxy session-cache entries summaryLsys Name : root-logical-system
PIC:fpc0 fpc[0] pic[0] -------
Hash Entry        :          1
Status            : Active: Time to expire 86240 seconds
Session ID length :         32
Session ID        : 37 7f af 71 36 19 eb 9b 07 16 c0 1e db a3 7f 58 45 1c 61 5b 93 1c 34 28 58 d5 49 05 7e 77 ca 33
Dest IP           : 5.0.0.1
Dest Port         :       9090
SSL_T Profile ID  :          1
SSL_I Profile ID  :          1
SSL-T resumption type: Session-id         
SSL-I resumption type: PSK     
 

show services ssl proxy session-cache entries detail

content_copy zoom_out_map
user@host > show services ssl proxy session-cache entries detail

Lsys Name : root-logical-system
PIC: fpc0 fpc[0] pic[0
Hash Entry: 1 
Status: ACTIVE, Time to expire 294 seconds 
Session Id Length: 32 
Session Id: c1 6e 88 65 43 9f 57 2f 0f 06 f7 4b 03 c5 38 58 74 b4 4f 43 66 9a 6f c7 a6 2a ae 22 ab f8 b4 ce 
Dst IP: 5.0.0.1, Dst Port: 4433 
SSL-T Profile Id: 2, SSL-I Profile Id: 2 
Session Info: 
Interdicted cert type [0x0]: CA issued, Authentication failed 
Server cert verification result: unable to get local issuer certificate [0x14] 
Server name extn len: 0, name: None 
Server cert chain hash: b5 3d cd cb ca 35 81 5a db 6f 83 ab 5e a0 19 73 

SSL-TERM session: 
SSL ver: 0x303 
Compression Method: 0 
Cipher Id: 0x3000004
Master Key Length: 48 

SSL-INIT session: 
SSL ver: 0x303 
Compression Method: 0 
Cipher Id: 0x3000004 
Master Key Length: 48 

Hash Entry:2 
Status: EXPIRED 
Session Id Length: 32 
Session Id: 1b 2a 9f 5f d8 6e d2 cd 6b b8 89 e8 88 07 75 80 32 c2 54 5a c7 9b 12 a2 e6 5c f0 6d 85 c5 40 4b 
Dst IP: 5.0.0.1, Dst Port: 4433, 
SSL-T Profile Id: 2, SSL-I Profile Id: 2 
Session Info: 
------------- 
Interdicted cert type [0x0]: CA issued, Authentication failed 
Server cert verification result: unable to get local issuer certificate [0x14] 
Server name extn len: 0, name: None 
Server cert chain hash: b5 3d cd cb ca 35 81 5a db 6f 83 ab 5e a0 19 73 

SSL-TERM session: 
---------------- 
SSL ver: 0x303 
Compression Method: 0 
Cipher Id: 0x3000004 
Master Key Length: 48 

SSL-INIT session: 
---------------- 
SSL ver: 0x303 
Compression Method: 0 
Cipher Id: 0x3000004 
Master Key Length: 48 


Stale entry in cache: 1 

show services ssl proxy session-cache entries detail (Junos OS Release 22.1R1)

content_copy zoom_out_map
user@host > show services ssl proxy session-cache entries detail

Lsys Name : root-logical-system
PIC:fpc0 fpc[0] pic[0] -------
Hash Entry        :          1
Status            : Active: Time to expire 86367 seconds
Session ID length :     0
Dest IP           : 9.0.0.1
Dest Port         :       8080
SSL_T Profile ID  :          1
SSL_I Profile ID  :          1
Session Info :
         Interdicted cert type           : [0x1]: CA issued, Authentication Successful
         Server cert verification result : ok [0x0]
         Server name extn len            :          4 name  : www,example.com
         Server cert chain hash          : 39 da 35 c6 b8 ec fe 9d 56 bf f1 ae 4a bf 93 3f
        SSL-TERM Session :
                 SSL ver            : 0x303
                 Compression method : 0
                 Cipher ID          : 0x300c030
                 Master key length  : 48
                 Resumption type: PSK   
        SSL-INIT Session :
                 SSL ver            : 0x0304
                 Compression method : 0
                 Cipher ID          : 0x41084d0
                 Master key length  : 48
                 Resumption type : PSK              
                 Ticket valid time: 2 hr 23 min 20 sec
                 Tick_lifetime_hint: 7200
                 Tick_age_add: 2354718221,
                 Ticklen: 208 
 

Release Information

Command introduced in Junos OS Release 19.3R1.

external-footer-nav