show services ssl proxy session-cache entries
Syntax
show services ssl proxy session-cache entries [detail | summary] <pic-info fpc-slot slot number pic-slot slot-number>
Description
Display information about the entries stored in the SSL proxy session cache.
When the CLI is in logical system context mode and you enter an operational-mode command, the output of the command displays information related to the logical system only.
Options
| pic-info fpc-slot slot number pic-slot slot-number | Display the information for the FPC in the specified slot. |
| detail | Display the detail information about the SSL proxy session cache entries. |
| summary | Display the summary of the SSL proxy session cache entries. |
Required Privilege Level
view
Output Fields
Table 1 lists
the output fields for the show services ssl proxy session-cache
entries command. Output fields are listed in the approximate
order in which they appear.
Field Name |
Field Description |
Display Level |
|---|---|---|
|
Index number of the entry. |
summary, detail |
|
Status of the cache entry-–active or expired. The cache entries are valid only for short interval. |
summary, detail |
|
Length of the session ID. 32-bit field that identifies an SSL session. |
summary, detail |
|
SSL session identifier. |
summary, detail |
|
Destination IP address. |
summary, detail |
|
Destination port number. |
summary, detail |
|
SSL termination profile identification number. |
summary, detail |
|
SSL initiation profile identification number. |
summary, detail |
|
Interdicted server certificate |
detail |
|
Server certificate validation results. |
detail |
|
Extension length in the TLS server name extension. |
detail |
|
Server name in the TLS server name extension |
detail |
|
The hash value of the server certificate chain. |
detail |
|
SSL termination session details. It includes the following fields.
|
detail |
SSL-INIT session:
|
SSL initiation session details. It includes the following fields.
|
detail |
SSL-T resumption
type |
Session resumption type used in SSL termination |
summary |
SSL-I resumption
type |
Session resumption type used in an SSL session—PSK-based (TLS1.3) or session-ID based (TLS1.2) |
summary |
Resumption type |
Session resumption type used in an SSL session—PSK-based (TLS1.3) or session-ID based (TLS1.2 or earlier versions) | detail |
|
|
Validity time of the session ticket that includes pre-shared key (PSK) identity | detail |
Tick_lifetime_hint |
Life time of the session ticket | detail |
Tick_age_add |
Age of the session ticket | detail |
Ticklen |
Length of the session ticket | detail |
Sample Output
- show services ssl proxy session-cache entries summary
- show services ssl proxy session-cache entries summary (Junos OS Release 22.1R1)
- show services ssl proxy session-cache entries detail
- show services ssl proxy session-cache entries detail (Junos OS Release 22.1R1)
show services ssl proxy session-cache entries summary
user@host > show services ssl proxy session-cache entries summary
Lsys Name : root-logical-system
PIC: fpc0 fpc[0] pic[0
Hash Entry 1
Status: ACTIVE, Time to expire 294 seconds
Session Id Length: 32
Session Id: 1b 2a 9f 5f d8 6e d2 cd 6b b8 89 e8 88 07 75 80 32 c2 54 5a c7 9b 12 a2 e6 5c f0 6d 85 c5 40 4b
Dst IP: 5.0.0.1, Dst Port: 20753
SSL-T Profile Id: 2, SSL-I Profile Id: 2 show services ssl proxy session-cache entries summary (Junos OS Release 22.1R1)
user@host > show services ssl proxy session-cache entries summaryLsys Name : root-logical-system
PIC:fpc0 fpc[0] pic[0] -------
Hash Entry : 1
Status : Active: Time to expire 86240 seconds
Session ID length : 32
Session ID : 37 7f af 71 36 19 eb 9b 07 16 c0 1e db a3 7f 58 45 1c 61 5b 93 1c 34 28 58 d5 49 05 7e 77 ca 33
Dest IP : 5.0.0.1
Dest Port : 9090
SSL_T Profile ID : 1
SSL_I Profile ID : 1
SSL-T resumption type: Session-id
SSL-I resumption type: PSK
show services ssl proxy session-cache entries detail
user@host > show services ssl proxy session-cache entries detail
Lsys Name : root-logical-system
PIC: fpc0 fpc[0] pic[0
Hash Entry: 1
Status: ACTIVE, Time to expire 294 seconds
Session Id Length: 32
Session Id: c1 6e 88 65 43 9f 57 2f 0f 06 f7 4b 03 c5 38 58 74 b4 4f 43 66 9a 6f c7 a6 2a ae 22 ab f8 b4 ce
Dst IP: 5.0.0.1, Dst Port: 4433
SSL-T Profile Id: 2, SSL-I Profile Id: 2
Session Info:
Interdicted cert type [0x0]: CA issued, Authentication failed
Server cert verification result: unable to get local issuer certificate [0x14]
Server name extn len: 0, name: None
Server cert chain hash: b5 3d cd cb ca 35 81 5a db 6f 83 ab 5e a0 19 73
SSL-TERM session:
SSL ver: 0x303
Compression Method: 0
Cipher Id: 0x3000004
Master Key Length: 48
SSL-INIT session:
SSL ver: 0x303
Compression Method: 0
Cipher Id: 0x3000004
Master Key Length: 48
Hash Entry:2
Status: EXPIRED
Session Id Length: 32
Session Id: 1b 2a 9f 5f d8 6e d2 cd 6b b8 89 e8 88 07 75 80 32 c2 54 5a c7 9b 12 a2 e6 5c f0 6d 85 c5 40 4b
Dst IP: 5.0.0.1, Dst Port: 4433,
SSL-T Profile Id: 2, SSL-I Profile Id: 2
Session Info:
-------------
Interdicted cert type [0x0]: CA issued, Authentication failed
Server cert verification result: unable to get local issuer certificate [0x14]
Server name extn len: 0, name: None
Server cert chain hash: b5 3d cd cb ca 35 81 5a db 6f 83 ab 5e a0 19 73
SSL-TERM session:
----------------
SSL ver: 0x303
Compression Method: 0
Cipher Id: 0x3000004
Master Key Length: 48
SSL-INIT session:
----------------
SSL ver: 0x303
Compression Method: 0
Cipher Id: 0x3000004
Master Key Length: 48
Stale entry in cache: 1 show services ssl proxy session-cache entries detail (Junos OS Release 22.1R1)
user@host > show services ssl proxy session-cache entries detail
Lsys Name : root-logical-system
PIC:fpc0 fpc[0] pic[0] -------
Hash Entry : 1
Status : Active: Time to expire 86367 seconds
Session ID length : 0
Dest IP : 9.0.0.1
Dest Port : 8080
SSL_T Profile ID : 1
SSL_I Profile ID : 1
Session Info :
Interdicted cert type : [0x1]: CA issued, Authentication Successful
Server cert verification result : ok [0x0]
Server name extn len : 4 name : www,example.com
Server cert chain hash : 39 da 35 c6 b8 ec fe 9d 56 bf f1 ae 4a bf 93 3f
SSL-TERM Session :
SSL ver : 0x303
Compression method : 0
Cipher ID : 0x300c030
Master key length : 48
Resumption type: PSK
SSL-INIT Session :
SSL ver : 0x0304
Compression method : 0
Cipher ID : 0x41084d0
Master key length : 48
Resumption type : PSK
Ticket valid time: 2 hr 23 min 20 sec
Tick_lifetime_hint: 7200
Tick_age_add: 2354718221,
Ticklen: 208
Release Information
Command introduced in Junos OS Release 19.3R1.