How should I check if SSL session resumption is working or not?

I'm using nginx, and want to implement SSL session resumption. How should we I test if it is working?

I have enabled these settings:

ssl_session_cache    shared:SSL:10m;
ssl_session_timeout  10m;

I'm not sure of a way to test locally, but if your site is public, ssllabs provide a nice testing tool:

https://www.ssllabs.com/ssldb/index.html


You can use openssl to test locally :

openssl s_client -connect example.com:443 -reconnect -no_ticket -servername example.com

-servername is required for SNI, and may be ignored otherwise

Or :

openssl s_client -connect example.com:443 -no_ticket -sess_out /tmp/ssl_s -servername example.com
openssl s_client -connect example.com:443 -no_ticket -sess_in /tmp/ssl_s -servername example.com

(The -no_ticket option is needed to disable client-side TLS session tickets which also allow session resumption but is a different setting in nginx, and limit the test to the server-side SSL session caching the OP's configuration controls.)

For the first command you'll get output like this :

drop connection and then reconnect
CONNECTED(00000003)
---
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

For the last one, you'll get this in case of session resumption:

SSL handshake has read 142 bytes and written 583 bytes
---
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

or this in case of failure:

SSL handshake has read 5855 bytes and written 722 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384

You can see the handshake is way bigger when it's new.