I used Wireshark to capture packets on interface lo0 on Lion, Mountain Lion and Mavericks. Remember, the client is Google Chrome and the server is a launchd process. Both client and server are local (127.0.0.1). A summary of the packet trace for the three OS versions follows. For brevity, C=client and S=server.
Lion (fails) 1) C: SYN 2) S: SYN, ACK 3) C: ACK 4) S: Dup ACK (of #2) 5) C: Client Hello (TLS 1.0) 6) S: ACK 7) C: FIN, ACK 8) S: ACK 9) C: Dup ACK (of #7) 10) S: FIN, ACK 11) C: ACK Mountain Lion (fails) 1) C: SYN 2) S: SYN, ACK 3) C: ACK 4) S: TCP window update + ACK 5) C: Client hello (TLS 1.2) 6) S: ACK 7) C: FIN, ACK 8) S: ACK 9) C: Dup ACK (of #7) 10) S: Server hello 11) C: RST Mavericks (successful) 1) C: SYN 2) S: SYN, ACK 3) C: ACK 4) S: TCP Window Update + ACK 5) C: Client Hello (TLS 1.2) 6) S: ACK 7) S: Server Hello 8( C: ACK 9) S: Certificate 10) C: ACK 11) S: Server Hello Done 12) C: ACK 13) C: Client key exchange, change cipher spec, encrypted handshake message 14) S: ACK 15) S: Change Cipher Spec 16) C: ACK etc. It looks to me like the client’s SSL stack is ending the conversation early by setting the FIN flag in step #7. Is that a correct conclusion? How do I prevent or mitigate this? /Mick On Nov 6, 2014, at 1:35 AM, Quinn The Eskimo! <eski...@apple.com> wrote: > > On 5 Nov 2014, at 19:09, Mitchell Laurren-Ring <li...@rynosoft.com> wrote: > >> What should I look for in the tcpdump? > > You'll need to use a higher-level tool to decode the TCP stream as TLS. A > lot of folks do this with the Wireshark app. Personally, I can't cope with > its UI, so I tend to use the "tshark" tool that comes bundled within > Wireshark. > > Share and Enjoy > -- > Quinn "The Eskimo!" <http://www.apple.com/developer/> > Apple Developer Relations, Developer Technical Support, Core OS/Hardware > > > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/macnetworkprog/lists%40rynosoft.com > > This email sent to li...@rynosoft.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to arch...@mail-archive.com
