hai everyone,
i donot know why my previous message has been ignored. i think i have not provided
sufficient information. so i am providing some more additional information.
i have created the certificates(using openssl) and signed them myself.i used ssldump
to verify my ssl handshake information using Netscape and IE when a request is being
sent to my ssl server.
i found
#when a request is sent through I.E ssl handshake is being performed. then the client
is closing the connection and reestablishing a new connection and this time it is
succesful more over it is asking for session resumption. (i understand that the client
should close the connection abruptly when it finds that the server does not support
strong ciphers or when it cannot trust the client -- please correct me if i am wrong).
this problem is causing me a large overhead when ever i get request from I.E, as i am
creating a new process for every request.
i am not facing this problem with netscape. can any one tell me how i can overcome the
problem? i am currently using *SSLv23_server_method* methods.
any pointers would be greatly appreciated.
i am enclosing a copy of the ssldump.
thanks in advance
ganesh
*i am using external session caching to perform session handling with a time out of 10
sec. 5'th request was from I.E(u notice that the connection was closed abruptly and it
established a new connection i.e request-no 6 which is succesfull. all other requests
are send using Netscape)*
***************ssldump details***********************
New TCP connection #1: dilbert.uccs.edu(3433) <-> oblib.uccs.edu(443)
1 1 0.0126 (0.0126) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
SSL2_CK_RC4
SSL2_CK_3DES
SSL2_CK_RC2
SSL2_CK_DES
SSL2_CK_RC4_EXPORT40
SSL2_CK_RC2_EXPORT40
TLS_RSA_WITH_RC4_128_MD5
Unknown value 0xfeff
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfefe
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
1 2 0.0137 (0.0010) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
bf 67 3d d8 51 a8 ec 1d a7 72 0e 59 ce 52 95 3f
34 75 a8 d3 da ec 62 f0 bf 31 c1 25 bc 20 3d 08
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
1 3 0.1905 (0.1768) S>C Handshake
Certificate
1 4 0.1905 (0.0000) S>C Handshake
ServerHelloDone
1 5 2.8011 (2.6105) C>S Handshake
ClientKeyExchange
1 6 2.8011 (0.0000) C>S ChangeCipherSpec
1 7 2.8011 (0.0000) C>S Handshake
1 8 2.8167 (0.0156) S>C ChangeCipherSpec
1 9 2.8167 (0.0000) S>C Handshake
1 10 2.8177 (0.0010) C>S application_data
1 11 2.8381 (0.0204) C>S application_data
1 12 2.9043 (0.0661) S>C application_data
1 13 2.9098 (0.0055) S>C application_data
1 14 2.9098 (0.0000) S>C application_data
1 15 2.9098 (0.0000) S>C application_data
1 16 2.9098 (0.0000) S>C application_data
1 17 2.9098 (0.0000) S>C application_data
1 18 2.9098 (0.0000) S>C application_data
1 2.9098 (0.0000) S>C TCP FIN
1 19 2.9805 (0.0706) C>S Alert
1 2.9805 (0.0000) C>S TCP FIN
New TCP connection #2: dilbert.uccs.edu(3434) <-> oblib.uccs.edu(443)
2 1 0.0184 (0.0184) C>S Handshake
ClientHello
Version 3.1
resume [32]=
bf 67 3d d8 51 a8 ec 1d a7 72 0e 59 ce 52 95 3f
34 75 a8 d3 da ec 62 f0 bf 31 c1 25 bc 20 3d 08
cipher suites
TLS_RSA_WITH_RC4_128_MD5
Unknown value 0xfeff
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfefe
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
2 2 0.0536 (0.0351) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
bf 67 3d d8 51 a8 ec 1d a7 72 0e 59 ce 52 95 3f
34 75 a8 d3 da ec 62 f0 bf 31 c1 25 bc 20 3d 08
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
2 3 0.0536 (0.0000) S>C ChangeCipherSpec
2 4 0.0536 (0.0000) S>C Handshake
2 5 0.0553 (0.0016) C>S ChangeCipherSpec
2 6 0.0553 (0.0000) C>S Handshake
2 7 0.0553 (0.0000) C>S application_data
2 8 0.0754 (0.0201) C>S application_data
2 9 0.1239 (0.0485) S>C application_data
2 10 0.1291 (0.0052) S>C application_data
2 11 0.1291 (0.0000) S>C application_data
2 12 0.1291 (0.0000) S>C application_data
2 13 0.1291 (0.0000) S>C application_data
2 14 0.1291 (0.0000) S>C application_data
2 15 0.1291 (0.0000) S>C application_data
2 0.1291 (0.0000) S>C TCP FIN
2 16 0.1948 (0.0656) C>S Alert
2 0.1949 (0.0001) C>S TCP FIN
New TCP connection #3: dilbert.uccs.edu(3435) <-> oblib.uccs.edu(443)
3 1 0.0077 (0.0077) C>S Handshake
ClientHello
Version 3.1
resume [32]=
bf 67 3d d8 51 a8 ec 1d a7 72 0e 59 ce 52 95 3f
34 75 a8 d3 da ec 62 f0 bf 31 c1 25 bc 20 3d 08
cipher suites
TLS_RSA_WITH_RC4_128_MD5
Unknown value 0xfeff
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfefe
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
3 2 0.0425 (0.0347) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
bf 67 3d d8 51 a8 ec 1d a7 72 0e 59 ce 52 95 3f
34 75 a8 d3 da ec 62 f0 bf 31 c1 25 bc 20 3d 08
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
3 3 0.0425 (0.0000) S>C ChangeCipherSpec
3 4 0.0425 (0.0000) S>C Handshake
3 5 0.0444 (0.0018) C>S ChangeCipherSpec
3 6 0.0444 (0.0000) C>S Handshake
3 7 0.0444 (0.0000) C>S application_data
3 8 0.0585 (0.0140) C>S application_data
3 9 0.1068 (0.0483) S>C application_data
3 10 0.1123 (0.0054) S>C application_data
3 11 0.1123 (0.0000) S>C application_data
3 12 0.1123 (0.0000) S>C application_data
3 13 0.1123 (0.0000) S>C application_data
3 14 0.1123 (0.0000) S>C application_data
3 15 0.1123 (0.0000) S>C application_data
3 0.1123 (0.0000) S>C TCP FIN
3 16 0.1772 (0.0648) C>S Alert
3 0.1772 (0.0000) C>S TCP FIN
New TCP connection #4: dilbert.uccs.edu(3436) <-> oblib.uccs.edu(443)
4 1 0.0287 (0.0287) C>S Handshake
ClientHello
Version 3.1
resume [32]=
bf 67 3d d8 51 a8 ec 1d a7 72 0e 59 ce 52 95 3f
34 75 a8 d3 da ec 62 f0 bf 31 c1 25 bc 20 3d 08
cipher suites
TLS_RSA_WITH_RC4_128_MD5
Unknown value 0xfeff
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfefe
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
4 2 0.0648 (0.0360) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
5b e2 9e cf 68 b3 39 e7 bb b8 cf 55 ec 66 85 19
c9 a1 64 87 4c ec 34 c2 3e 09 97 0d fc 6b a6 04
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
4 3 0.1924 (0.1275) S>C Handshake
Certificate
4 4 0.1924 (0.0000) S>C Handshake
ServerHelloDone
4 5 0.1952 (0.0027) C>S Handshake
ClientKeyExchange
4 6 0.1952 (0.0000) C>S ChangeCipherSpec
4 7 0.1952 (0.0000) C>S Handshake
4 8 0.2106 (0.0154) S>C ChangeCipherSpec
4 9 0.2106 (0.0000) S>C Handshake
4 10 0.2115 (0.0008) C>S application_data
4 11 0.2250 (0.0134) C>S application_data
4 12 0.2796 (0.0546) S>C application_data
4 13 0.2851 (0.0054) S>C application_data
4 14 0.2851 (0.0000) S>C application_data
4 15 0.2851 (0.0000) S>C application_data
4 16 0.2851 (0.0000) S>C application_data
4 17 0.2851 (0.0000) S>C application_data
4 18 0.2851 (0.0000) S>C application_data
4 0.2851 (0.0000) S>C TCP FIN
4 19 0.3492 (0.0641) C>S Alert
4 0.3493 (0.0000) C>S TCP FIN
New TCP connection #5: dilbert.uccs.edu(3439) <-> oblib.uccs.edu(443)
5 1 0.0874 (0.0874) C>S SSLv2 compatible client hello
Version 3.0
cipher suites
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_CK_RC4
SSL2_CK_3DES
SSL2_CK_RC2
SSL_RSA_WITH_DES_CBC_SHA
SSL2_CK_DES
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL2_CK_RC4_EXPORT40
SSL2_CK_RC2_EXPORT40
5 2 0.0885 (0.0010) S>C Handshake
ServerHello
Version 3.0
session_id[32]=
7b e8 73 04 17 12 d0 fe ae 51 4c 0b a9 c5 80 82
6f aa a6 ad 21 4b 42 40 b4 d7 24 29 65 e5 29 ad
cipherSuite SSL_RSA_WITH_RC4_128_MD5
compressionMethod NULL
5 3 0.2418 (0.1533) S>C Handshake
Certificate
5 4 0.2418 (0.0000) S>C Handshake
ServerHelloDone
5 5 0.2449 (0.0030) C>S Handshake
ClientKeyExchange
5 6 0.2449 (0.0000) C>S ChangeCipherSpec
5 7 0.2449 (0.0000) C>S Handshake
5 8 0.2603 (0.0154) S>C ChangeCipherSpec
5 9 0.2603 (0.0000) S>C Handshake
5 0.3200 (0.0596) C>S TCP FIN
5 0.3201 (0.0001) S>C TCP FIN
New TCP connection #6: dilbert.uccs.edu(3440) <-> oblib.uccs.edu(443)
6 1 0.0008 (0.0008) C>S Handshake
ClientHello
Version 3.0
resume [32]=
7b e8 73 04 17 12 d0 fe ae 51 4c 0b a9 c5 80 82
6f aa a6 ad 21 4b 42 40 b4 d7 24 29 65 e5 29 ad
cipher suites
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
6 2 0.0404 (0.0396) S>C Handshake
ServerHello
Version 3.0
session_id[32]=
7b e8 73 04 17 12 d0 fe ae 51 4c 0b a9 c5 80 82
6f aa a6 ad 21 4b 42 40 b4 d7 24 29 65 e5 29 ad
cipherSuite SSL_RSA_WITH_RC4_128_MD5
compressionMethod NULL
6 3 0.0404 (0.0000) S>C ChangeCipherSpec
6 4 0.0404 (0.0000) S>C Handshake
6 5 0.0410 (0.0005) C>S ChangeCipherSpec
6 6 0.0410 (0.0000) C>S Handshake
6 7 0.0420 (0.0010) C>S application_data
6 8 0.0422 (0.0001) C>S application_data
6 9 0.0908 (0.0486) S>C application_data
6 10 0.0963 (0.0054) S>C application_data
6 11 0.0963 (0.0000) S>C application_data
6 12 0.0963 (0.0000) S>C application_data
6 13 0.0963 (0.0000) S>C application_data
6 14 0.0963 (0.0000) S>C application_data
6 15 0.0963 (0.0000) S>C application_data
6 0.0963 (0.0000) S>C TCP FIN
6 0.0995 (0.0031) C>S TCP FIN
New TCP connection #7: dilbert.uccs.edu(3443) <-> oblib.uccs.edu(443)
7 1 0.0183 (0.0183) C>S Handshake
ClientHello
Version 3.1
resume [32]=
5b e2 9e cf 68 b3 39 e7 bb b8 cf 55 ec 66 85 19
c9 a1 64 87 4c ec 34 c2 3e 09 97 0d fc 6b a6 04
cipher suites
TLS_RSA_WITH_RC4_128_MD5
Unknown value 0xfeff
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfefe
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
7 2 0.0532 (0.0348) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
28 8d 5e a1 fd ef 78 68 9e aa 6b e5 6b c7 33 86
fa c3 de 88 99 f6 8a 07 70 c5 6c 21 dd 8b 54 cc
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
7 3 0.1898 (0.1365) S>C Handshake
Certificate
7 4 0.1898 (0.0000) S>C Handshake
ServerHelloDone
7 5 0.1925 (0.0027) C>S Handshake
ClientKeyExchange
7 6 0.1925 (0.0000) C>S ChangeCipherSpec
7 7 0.1925 (0.0000) C>S Handshake
7 8 0.2081 (0.0155) S>C ChangeCipherSpec
7 9 0.2081 (0.0000) S>C Handshake
7 10 0.2089 (0.0008) C>S application_data
7 11 0.2274 (0.0184) C>S application_data
7 12 0.2773 (0.0499) S>C application_data
7 13 0.2826 (0.0052) S>C application_data
7 14 0.2826 (0.0000) S>C application_data
7 15 0.2826 (0.0000) S>C application_data
7 16 0.2826 (0.0000) S>C application_data
7 17 0.2826 (0.0000) S>C application_data
7 18 0.2826 (0.0000) S>C application_data
7 0.2826 (0.0000) S>C TCP FIN
7 19 0.3475 (0.0648) C>S Alert
7 0.3475 (0.0000) C>S TCP FIN
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]