Re: [Synalist] Synapse+OpenSSL3: ssl took 5 seconds to establish tls 1.3 over LAN

Thu, 18 Jul 2024 01:59:46 -0700 

pastebin--- via synalist-public wrote:

Hi

any possibility you have 2 computers with the same ip on the lan?
No.  They have different IP addresses as they are assigned by the DHCP server of the router of the LAN. I also print out the ParseSocket.GetLocalSinIP+':'+ParseSocket.GetLocalSinPort.ToString+'=>'+ParseSocket.GetRemoteSinIP+':'+ParseSocket.GetRemoteSinPort.ToString 
    in the server where a connection is made like:
    24-07-18 14:22:39.476 (@192.168.10.143:7443=>192.168.10.130:65486)
 I can see that the local and remote IP are different. In the above example, the 192.168.10.143 is the server IP while 192.168.10.130 is the Client's IP address. 

Dennis



On Tue, 16 Jul 2024 16:42:35 +0800
Dennis <de...@avidsoft.com.hk> wrote:


I am using Free Pascal 3.2.2 on Win64 with Synapse downloaded on June
22, 2024.

Synapse TTCPBlockSocket are used for both the server and client.
On the server, after a tcp connection is connected, it will call
TTCPBlockSocket.SSLAcceptConnection repeatedly to try to accept a
TLSv1.3 connection.  The server is not assigned any certificate, so an
ad-hoc certificate will be used.

On the client, after a tcp connection is connected, it will call
TTCPBlockSocket.SSLDoConnect to establish TLSv1.3 connection.

The Server PC is running windows 10 64-bit while the client is running
windows 11 64bit.

I encountered a very weird situation:
When Server PC and Client PC are on the same LAN, the TLSv1.3 connection
will take around 5 seconds to establish.
However, when the Server PC and Client PC are separated by the internet,
it will take ONLY 0.05 second to establish

I check the SSL settings reported by synapse and they seem normal as
follows:

24-07-16 16:13:33.442 24-07-16 16:13:33.442 TTCPBlockSocket.LastError:#0
24-07-16 16:13:33.690 24-07-16 16:13:33.690 SSL Establishment took
,Duration=0.04 Seconds
24-07-16 16:13:33.690 24-07-16 16:13:33.690
TTCPBlockSocket.SSL.GetSSLVersion:TLSv1.3
24-07-16 16:13:33.690 24-07-16 16:13:33.690
TTCPBlockSocket.SSL.SSLType:LT_all
24-07-16 16:13:33.690 24-07-16 16:13:33.690 TTCPBlockSocket.SSL.CertCA:''
24-07-16 16:13:33.690 24-07-16 16:13:33.690 TTCPBlockSocket.SSL.GetCertInfo:
      Data:
          Version: 3 (0x2)
          Serial Number: 271214215 (0x102a6687)
          Signature Algorithm: sha256WithRSAEncryption
          Issuer: C=CZ, CN=203176212158.ctinets.com
          Validity
              Not Before: Jul 15 08:13:33 2024 GMT
              Not After : Sep 14 08:13:33 2024 GMT
          Subject: C=CZ, CN=203176212158.ctinets.com
          Subject Public Key Info:
              Public Key Algorithm: rsaEncryption
                  Public-Key: (2048 bit)
                  Modulus:
00:d2:31:1e:1b:5f:88:d5:d9:4a:eb:8a:a4:7d:62:
56:7d:2f:fd:4a:14:53:46:67:cb:8e:3f:6f:7d:10:
d1:34:57:1f:1e:10:fd:08:0e:47:0b:46:36:68:ae:
ee:b1:33:84:21:68:02:4e:ed:22:4f:19:a1:34:b6:
74:1e:4f:1a:65:83:20:fb:fb:4f:8f:50:3b:58:76:
88:5a:c2:97:71:28:c8:91:fb:5f:cd:d5:a8:cd:db:
b4:4a:15:87:ce:d3:96:9d:9e:9f:98:54:9f:3c:22:
0e:8b:3b:04:9f:da:b2:00:e0:c6:fc:9d:25:5a:83:
69:f3:fe:a6:22:d1:14:da:98:d2:f3:b2:cb:2b:1b:
10:98:79:34:6d:44:8a:fc:1c:8b:9a:e8:2e:56:f9:
25:c4:f6:b4:ab:4d:b9:d5:64:e4:41:8e:89:b5:2f:
b8:e0:86:68:ba:ad:8e:0f:a1:cf:b4:72:e0:5f:ad:
e4:d9:22:0b:65:17:a5:26:06:82:99:67:0d:73:d4:
98:5e:32:01:4d:57:58:dd:ad:fa:cc:a0:27:e3:d1:
91:c2:86:d2:90:c2:b4:92:30:6f:02:d8:5f:e9:ed:
78:5b:e4:00:c7:c0:4b:79:a7:29:40:2d:b9:c9:e6:
3e:70:c7:b5:7a:0a:be:e1:c1:68:f9:7e:38:77:13:
                      0a:cb
                  Exponent: 65537 (0x10001)
      Signature Algorithm: sha256WithRSAEncryption
      Signature Value:
          67:a7:c0:00:b3:28:aa:6a:8c:cf:4e:7f:16:34:ac:ee:26:52:
          1a:e3:89:c0:a2:67:55:fe:e7:e8:84:6f:7d:3a:9d:2e:67:a8:
          2f:03:cf:86:a5:a3:d4:f2:bb:06:1c:fc:b7:11:1f:9b:cd:8d:
          2e:37:47:28:a7:13:4e:66:20:48:ee:d7:f0:d7:e9:4a:e7:6a:
          46:d0:5d:8d:7e:93:e6:6e:8c:69:57:2e:ab:15:c1:83:67:30:
          6c:af:17:10:28:e6:6f:80:67:ff:4f:eb:af:e1:f7:07:3c:7b:
          e6:84:6b:48:18:e1:55:94:7a:91:f2:80:cc:8a:4e:ce:fc:36:
          74:8c:3f:df:ce:d4:64:50:ab:2c:e4:29:53:4d:be:0b:02:1c:
          7d:4b:17:45:76:91:3a:0b:5b:f6:af:b8:be:20:c3:68:86:ee:
          fb:45:f7:1f:df:87:df:4a:6e:65:e8:69:d2:dc:76:7e:7b:f0:
          45:e4:65:cb:f1:a5:a6:33:d2:d0:8f:20:b5:38:09:0b:5c:ff:
          ab:10:be:33:0d:7e:2b:ed:40:53:fa:78:fe:e8:58:4e:98:b2:
          d4:39:e5:17:db:e2:e4:48:d1:a7:bc:4e:29:38:8d:ba:6e:e5:
          aa:f7:ee:1c:95:3c:73:91:98:37:d3:43:34:24:72:8a:0f:76:
          ca:04:60:73

24-07-16 16:13:33.690 24-07-16 16:13:33.690
TTCPBlockSocket.SSL.LibName:ssl_openssl3
24-07-16 16:13:33.690 24-07-16 16:13:33.690
TTCPBlockSocket.SSL.Ciphers:DEFAULT
24-07-16 16:13:33.690 24-07-16 16:13:33.690
TTCPBlockSocket.SSL.GetCipherName:TLS_AES_256_GCM_SHA384
24-07-16 16:13:33.690 24-07-16 16:13:33.690
TTCPBlockSocket.SSL.Certificate:''

Can sometime tell me why?
Thanks in advance.

Dennis Poon




_______________________________________________
synalist-public mailing list
synalist-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/synalist-public





_______________________________________________
synalist-public mailing list
synalist-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/synalist-public

Reply via email to