Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
disable or extend the timeout of "close_notify" SSL alerts
100 views
Skip to first unread message
dupuis...@ymail.com
Nov 4, 2011, 10:56:03 AM11/4/11
to
Hello,
I have an embedded device (with limited ressources) that needs to
connect to an OpenSSL server (Apache2).
The device works very well with many SSL servers with OpenSSL, but not
on some Apache2 servers, because there's a timeout,
after 10 seconds the server always send a "close_notify" alert (part
of the SSL session, and encrypted).
The problem is that the duration of the whole handshake protocol on my
small device is about 8 seconds and then the record (encrypt the GET
request) is about 3 seconds... This makes a total of 11 seconds, so I
am just 1 second over the timeout...
I have disabled the timeout on Apache2, so this concerns only SSL...
I ran ssldump on the server, as you can see in the logs(attached), the
close_notify alert is sent just before the application data of the
record is sent to server,
and the server never answers to this application data.(it should
return some HTML content).
Have you got a trick, or a solution to disable or extend this timeout
properly on the server side without modifying the OpenSSL source
code...
In the configuration file of the virtual host, I have tried some of
these options:
---------------------------------------------------------------
SetEnvIf User-Agent "TLS test" \
nokeepalive
---------------------------------------------------------------
But the result is that the session is always closed after 10 seconds,
only on this particular server(Apache2 + OpenSSL)..., this is not the
case on other servers...
(sorry my previous mail was badly formated, so another try...)
Regards.
I have an embedded device (with limited ressources) that needs to
connect to an OpenSSL server (Apache2).
The device works very well with many SSL servers with OpenSSL, but not
on some Apache2 servers, because there's a timeout,
after 10 seconds the server always send a "close_notify" alert (part
of the SSL session, and encrypted).
The problem is that the duration of the whole handshake protocol on my
small device is about 8 seconds and then the record (encrypt the GET
request) is about 3 seconds... This makes a total of 11 seconds, so I
am just 1 second over the timeout...
I have disabled the timeout on Apache2, so this concerns only SSL...
I ran ssldump on the server, as you can see in the logs(attached), the
close_notify alert is sent just before the application data of the
record is sent to server,
and the server never answers to this application data.(it should
return some HTML content).
Have you got a trick, or a solution to disable or extend this timeout
properly on the server side without modifying the OpenSSL source
code...
In the configuration file of the virtual host, I have tried some of
these options:
---------------------------------------------------------------
SetEnvIf User-Agent "TLS test" \
nokeepalive
---------------------------------------------------------------
But the result is that the session is always closed after 10 seconds,
only on this particular server(Apache2 + OpenSSL)..., this is not the
case on other servers...
(sorry my previous mail was badly formated, so another try...)
Regards.
Message has been deleted
dupuis...@ymail.com
Nov 4, 2011, 11:20:09 AM11/4/11
to
0 new messages