Re: SSL websocket server, part two
Re: SSL websocket server, part two
- Subject: Re: SSL websocket server, part two
- From: Mitchell Laurren-Ring <email@hidden>
- Date: Mon, 10 Nov 2014 17:40:22 -0800
I used Wireshark to capture packets on interface lo0 on Lion, Mountain Lion and Mavericks. Remember, the client is Google Chrome and the server is a launchd process. Both client and server are local (127.0.0.1). A summary of the packet trace for the three OS versions follows. For brevity, C=client and S=server.
Lion (fails)
1) C: SYN
2) S: SYN, ACK
3) C: ACK
4) S: Dup ACK (of #2)
5) C: Client Hello (TLS 1.0)
6) S: ACK
7) C: FIN, ACK
8) S: ACK
9) C: Dup ACK (of #7)
10) S: FIN, ACK
11) C: ACK
Mountain Lion (fails)
1) C: SYN
2) S: SYN, ACK
3) C: ACK
4) S: TCP window update + ACK
5) C: Client hello (TLS 1.2)
6) S: ACK
7) C: FIN, ACK
8) S: ACK
9) C: Dup ACK (of #7)
10) S: Server hello
11) C: RST
Mavericks (successful)
1) C: SYN
2) S: SYN, ACK
3) C: ACK
4) S: TCP Window Update + ACK
5) C: Client Hello (TLS 1.2)
6) S: ACK
7) S: Server Hello
8( C: ACK
9) S: Certificate
10) C: ACK
11) S: Server Hello Done
12) C: ACK
13) C: Client key exchange, change cipher spec, encrypted handshake message
14) S: ACK
15) S: Change Cipher Spec
16) C: ACK
etc.
It looks to me like the client’s SSL stack is ending the conversation early by setting the FIN flag in step #7. Is that a correct conclusion? How do I prevent or mitigate this?
/Mick
On Nov 6, 2014, at 1:35 AM, Quinn The Eskimo! <email@hidden> wrote:
>
> On 5 Nov 2014, at 19:09, Mitchell Laurren-Ring <email@hidden> wrote:
>
>> What should I look for in the tcpdump?
>
> You'll need to use a higher-level tool to decode the TCP stream as TLS. A lot of folks do this with the Wireshark app. Personally, I can't cope with its UI, so I tend to use the "tshark" tool that comes bundled within Wireshark.
>
> Share and Enjoy
> --
> Quinn "The Eskimo!" <http://www.apple.com/developer/>
> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macnetworkprog mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden