Re: [openssl-users] Response from server is lost on close

Wed, 02 Dec 2015 13:17:42 -0800 

On 02/12/2015 11:21, Anty Rao wrote:


    Using non-blocking openssl , after detecting underlying TCP is
    broken, i invoke SSL_read to attempting reading response.
    *sometimes* response from server is lost, sometimes not. But
    tcpdump show that response is always send back to me. what is
    special is that RST packages come next the response. Can someone
    shed some light on me, Thanks.Here is the result of tcpdump:


|16:18:00.168274IP 17.143.161.207.2195>xx.xxx.xx.xx.43361:Flags[P.],seq 
4764:4801,ack 37462,win 432,option s [nop,nop,TS val 1248125705ecr 
2355901348],length 370x0000:45000059c936 4000300614ba118fa1cf 
E..Y.6@.0.......0x0010:b73c 02140893a961 
1e10133f21973724.<.....a...?!.7$ 
0x0020:801801b0245e00000101080a4a64e309 
....$^......Jd..0x0030:8c6c33a4150301002012a99f e30c 
37aa.l3...........7.0x0040:eda1 e24a 181974cb1a732396f76e b9fa 
...J..t..s#..n..0x0050:293b86258a9d09a730);.%....016:18:00.168326IP 
17.143.161.207.2195>xx.xxx.xx.xx.43361:Flags[R.],seq 4801,ack 
37462,win 498,options [no p,nop,TS val 1248125705ecr 
2355901348],length 00x0000:45000034c937 4000300614de118fa1cf 
E..4.7@.0.......0x0010:b73c 02140893a961 
1e10136421973724.<.....a...d!.7$ 0x0020:801401f2de75 
00000101080a4a64e309 .....u......Jd..0x0030:8c6c33a4.l3.|




When the TCP/IP stack on 17.143.161.207 sends back an RST it means 
(amongst other things) that the entire connection is dead and invalid 
(not a pretty/graceful close, but dead and invalid). Thus the TCP/IP 
stack on xx.xxx.xx.xx is correct in throwing away any received data it 
has not yet passed to application layer code (such as OpenSSL).



An ordinary connection close should be sending a packet with the FIN 
flag, not the RST flag and expect your computer to send back an ACK of 
that FIN packet.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded


_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users






















					Reply via email to