[twsocket] Chrome SSL connection issue

Mon, 30 Nov 2015 03:27:52 -0800 

Hi everyone,
I'm trying to establish a connection from Chrome WebRTC ssltcp ICE candidate to ICS SSL TCP socket server. 
This is a media connection used by Google Hangouts.
This connection should be a standard SSL connection but ICS behaves differently from Hangouts server and I don't know why. 

Here follows Hangouts SSL handshake.


Note that Chrome sends a Client Hello without any extension. Standard HTTPS 
requests have a number of extensions inside Client Hello.


https://drive.google.com/file/d/0B34NxWChUHUdR2tBWTdRUXpNYW8/view?usp=sharing

This is Hangouts server reply. It's identical to ICS server reply.

https://drive.google.com/file/d/0B34NxWChUHUdS0pQSDVnZXpvZzg/view?usp=sharing

After this, this is what I see from Wireshark:



The socket is already being used to send encryted data.
Note that client sends the first packet.
For more details, download wireshark capture from here.
https://drive.google.com/file/d/0B34NxWChUHUdMVJoZHo3TmhNcEk/view?usp=sharing

ICS behaves differently.
Client Hello and Server Hello are absolutely identical.

After Server Hello, ICS is sending Certificate, but at this point Chrome 
disconnects.


I
From Chrome debug log:

Conn[0000000005FE1700:audio:jwf0iNh/:1:0:local:tcp:192.168.190.1:0->BEMy0XiZ:1:65535:local:ssltcp:10.0.0.166:4443|---W|281473718042110|-]

[6760:10528:1127/153804:WARNING:socket_host_tcp.cc(223)] Error from 
connecting TLS socket, status=-9
[7784:11068:1127/153804:INFO:tcpport.cc(402)] 
Jingle:Conn[0000000005FE1700:audio:jwf0iNh/:1:0:local:tcp:192.168.190.1:0->BEMy0XiZ:1:65535:local:ssltcp:10.0.0.166:4443|---W|281473718042110|-]: 
Connection closed with error 0


Status = -9 corresponds to

// An unexpected error. This may be caused by a programming mistake or an
// invalid assumption.
NET_ERROR(UNEXPECTED, -9)

It seems that Chrome is not expecting the certificate at this point.

Is there a ICS configuration that disables certificate transmission?

Thanks in advance.
--
Marcello




--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be






















					Reply via email to