Re: [twsocket] SSL problem (server stops receiving data)

Wed, 25 Nov 2015 06:56:19 -0800

It seems that this issue is triggered when we sent and receive data at the same time. What happens is that we have a client and a server doing answer request, either side can also send data based on a timer, sending that data can trigger this issue.
Googling for "OpenSSL full duplex" or similar, gives quite a bit of hits on people experiencing similar issues, like these: 

http://www.scriptscoop.net/t/0f9aca924ddc/ssl-renegotiation-with-full-duplex-socket-communication.html
http://openssl.6102.n7.nabble.com/Allowing-fullduplex-in-SSL-td46443.html
https://github.com/FreeRDP/FreeRDP/issues/2497


In short, it seems that OpenSSL can get confused when application data 
is sent while it is doing renegotiation itself, if I understood correctly.



Could this be the problem we are experiencing, or does the ICS 
implementation around OpenSSL take this into account?


Thanks,

Merijn



On 24/11/2015 18:22, Merijn Bosma wrote:

Hi Angus,


I agree with what you are saying, but in this case this is not the 
problem.



The only reason this app works like this, is because this seems to be 
the easiest way to reproduce this same issue which happens in a larger 
app, which does use a FIFO etc.
Log clearly shows that the two random numbers are being received 
separately on the server side.


Merijn

On 24/11/2015 17:23, Angus Robertson - Magenta Systems Ltd wrote:

The problem is triggered, when we do two times PostMessage(WM_USER)
in the OnSslHandshakeDone event, expected behavior would be that
the client sends a random number twice, server receives the first,
sends x bytes and term char, client receives it, sends next random
number (3th), server might be handling the 2nd number, etc.

I'd expect the client to send a single TCP/IP packet with both random 
numbers in it,

and for the server to receive both together.


So does the server have a FIFO buffer to store the second number for 
processing
later, that take priority over anything received.  I had this problem 
a long time

ago with a simple packet protocol.

The difference between SSL and non-SSL might be packets being combined.


Try putting a delay in when sending, so there is always a two or 
longer second gap
and see if the problem goes away.  But the real solution is the FIFO 
buffer.


Angus






--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be






















					Reply via email to