Thanks Ciao !!!.
I am seeing that "for one TCP connection my TLS client is doing 4
handshakes". I don't know what is the reason for this.
But when i see the packet capture i see "TLSv1: [TCP Previous segment lost]
Ignored Unknown" & "TLSv1: Encrypted Alert".
Can somebody please confirm this whether this is the reason ?
Snippet form the Packet capture log:
========================
|Time | 10.220.4.50 | 10.204.4.27
|
| | | 10.204.4.69 |
|0.000 | Client Hello |
|TLSv1: Client Hello
| |(39497) ------------------> (7003) | |
|0.000 | Server Hello, Certi |
|TLSv1: Server Hello, Certificate, Server Hello Done
| |(39497) <------------------ (7003) | |
|0.008 | Client Key Exchange |
|TLSv1: Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
| |(39497) ------------------> (7003) | |
|0.011 | Change Cipher Spec, |
|TLSv1: Change Cipher Spec, Encrypted Handshake Message
| |(39497) <------------------ (7003) | |
|0.014 | Application Data |
|TLSv1: Application Data
| |(39497) ------------------> (7003) | |
|0.015 | | Continuation Data |SSL:
Continuation Data
| | |(50090) ------------------> (7003) |
|0.016 | [TCP Previous segme |
|TLSv1: [TCP Previous segment lost] Ignored Unknown Record
| |(39497) ------------------> (7003) | |
|0.030 | | Continuation Data |SSL:
Continuation Data
| | |(50090) <------------------ (7003) |
|0.030 | Application Data |
|TLSv1: Application Data
| |(39497) <------------------ (7003) | |
|0.030 | | Continuation Data |SSL:
Continuation Data
| | |(50090) <------------------ (7003) |
|0.030 | | Continuation Data |SSL:
Continuation Data
| | |(50090) <------------------ (7003) |
|0.030 | [TCP segment of a r | |TCP:
[TCP segment of a reassembled PDU]
| |(39497) <------------------ (7003) | |
|0.031 | [TCP segment of a r | |TCP:
[TCP segment of a reassembled PDU]
| |(39497) <------------------ (7003) | |
|0.033 | [TCP Out-Of-Order] | |TCP:
[TCP Out-Of-Order] [TCP segment of a reassembled PDU]
| |(39497) <------------------ (7003) | |
|0.036 | [TCP Retransmission | |TCP:
[TCP Retransmission] [TCP segment of a reassembled PDU]
| |(39497) <------------------ (7003) | |
|0.038 | Encrypted Alert |
|TLSv1: Encrypted Alert
| |(39497) ------------------> (7003) | |
|0.107 | Client Hello |
|TLSv1: Client Hello
| |(45245) ------------------> (7003) | |
|0.107 | Server Hello, Chang |
|TLSv1: Server Hello, Change Cipher Spec, Encrypted Handshake Message
| |(45245) <------------------ (7003) | |
|0.110 | Change Cipher Spec, |
|TLSv1: Change Cipher Spec, Encrypted Handshake Message
| |(45245) ------------------> (7003) | |
|0.112 | Application Data |
|TLSv1: Application Data
| |(45245) ------------------> (7003) | |
|0.112 | | Continuation Data |SSL:
Continuation Data
| | |(50091) ------------------> (7003) |
|0.113 | [TCP segment of a r | |TCP:
[TCP segment of a reassembled PDU]
| |(45245) ------------------> (7003) | |
|0.115 | [TCP Previous segme |
|TLSv1: [TCP Previous segment lost] Ignored Unknown Record
| |(45245) ------------------> (7003) | |
|0.115 | | Continuation Data |SSL:
Continuation Data
| | |(50091) ------------------> (7003) |
|0.115 | | Continuation Data |SSL:
Continuation Data
| | |(50091) ------------------> (7003) |
|0.115 | | Continuation Data |SSL:
Continuation Data
| | |(50091) ------------------> (7003) |
|0.190 | | Continuation Data |SSL:
Continuation Data
| | |(50091) <------------------ (7003) |
|0.190 | Application Data |
|TLSv1: Application Data
| |(45245) <------------------ (7003) | |
|0.191 | | Continuation Data |SSL:
Continuation Data
| | |(50091) <------------------ (7003) |
|0.191 | Application Data |
|TLSv1: Application Data
| |(45245) <------------------ (7003) | |
|0.194 | Encrypted Alert |
|TLSv1: Encrypted Alert
| |(45245) ------------------> (7003) | |
|0.194 | Encrypted Alert |
|TLSv1: Encrypted Alert
| |(45245) <------------------ (7003) | |
|10.410 | Client Hello |
|TLSv1: Client Hello
| |(33478) ------------------> (7003) | |
|10.410 | Server Hello, Certi |
|TLSv1: Server Hello, Certificate, Server Hello Done
| |(33478) <------------------ (7003) | |
|10.416 | Client Key Exchange |
|TLSv1: Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
| |(33478) ------------------> (7003) | |
|10.420 | Change Cipher Spec, |
|TLSv1: Change Cipher Spec, Encrypted Handshake Message
| |(33478) <------------------ (7003) | |
|10.423 | Application Data |
|TLSv1: Application Data
| |(33478) ------------------> (7003) | |
|10.423 | | Continuation Data |SSL:
Continuation Data
| | |(50092) ------------------> (7003) |
|10.424 | [TCP segment of a r | |TCP:
[TCP segment of a reassembled PDU]
| |(33478) ------------------> (7003) | |
|10.424 | [TCP Previous segme |
|TLSv1: [TCP Previous segment lost] Ignored Unknown Record
| |(33478) ------------------> (7003) | |
|10.424 | | Continuation Data |SSL:
Continuation Data
| | |(50092) ------------------> (7003) |
|10.424 | | Continuation Data |SSL:
Continuation Data
| | |(50092) ------------------> (7003) |
|10.424 | | Continuation Data |SSL:
Continuation Data
| | |(50092) ------------------> (7003) |
|10.430 | | Continuation Data |SSL:
Continuation Data
| | |(50092) <------------------ (7003) |
|10.430 | Application Data |
|TLSv1: Application Data
| |(33478) <------------------ (7003) | |
|10.431 | | Continuation Data |SSL:
Continuation Data
| | |(50092) <------------------ (7003) |
|10.431 | | Continuation Data |SSL:
Continuation Data
| | |(50092) <------------------ (7003) |
|10.431 | [TCP segment of a r | |TCP:
[TCP segment of a reassembled PDU]
| |(33478) <------------------ (7003) | |
|10.431 | Application Data |
|TLSv1: Application Data
| |(33478) <------------------ (7003) | |
|10.431 | Encrypted Alert |
|TLSv1: Encrypted Alert
| |(33478) <------------------ (7003) | |
|10.435 | Encrypted Alert |
|TLSv1: Encrypted Alert
| |(33478) ------------------> (7003) | |
|10.482 | Client Hello |
|TLSv1: Client Hello
| |(46545) ------------------> (7003) | |
|10.482 | Server Hello, Chang |
|TLSv1: Server Hello, Change Cipher Spec, Encrypted Handshake Message
| |(46545) <------------------ (7003) | |
|10.485 | Change Cipher Spec, |
|TLSv1: Change Cipher Spec, Encrypted Handshake Message
| |(46545) ------------------> (7003) | |
|10.487 | Application Data |
|TLSv1: Application Data
| |(46545) ------------------> (7003) | |
|10.487 | | Continuation Data |SSL:
Continuation Data
| | |(50093) ------------------> (7003) |
|10.488 | [TCP segment of a r | |TCP:
[TCP segment of a reassembled PDU]
| |(46545) ------------------> (7003) | |
|10.490 | [TCP Previous segme |
|TLSv1: [TCP Previous segment lost] Ignored Unknown Record
| |(46545) ------------------> (7003) | |
|10.490 | | Continuation Data |SSL:
Continuation Data
| | |(50093) ------------------> (7003) |
|10.490 | | Continuation Data |SSL:
Continuation Data
| | |(50093) ------------------> (7003) |
|10.490 | | Continuation Data |SSL:
Continuation Data
| | |(50093) ------------------> (7003) |
|10.563 | | Continuation Data |SSL:
Continuation Data
| | |(50093) <------------------ (7003) |
|10.563 | Application Data |
|TLSv1: Application Data
| |(46545) <------------------ (7003) | |
|10.563 | | Continuation Data |SSL:
Continuation Data
| | |(50093) <------------------ (7003) |
|10.563 | Application Data |
|TLSv1: Application Data
| |(46545) <------------------ (7003) | |
|10.567 | Encrypted Alert |
|TLSv1: Encrypted Alert
| |(46545) ------------------> (7003) | |
|10.567 | Encrypted Alert |
|TLSv1: Encrypted Alert
| |(46545) <------------------ (7003) | |
======================================
http://old.nabble.com/file/p32781718/https.cap https.cap
Regards,
Rout
--
View this message in context:
http://old.nabble.com/Difference-b-w-TLS--Connection-and-TLS-Session-tp32780649p32781718.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
