SSL/TLS Handshake failure on Reconnect

[J-B Phuong-Anh-Vu Lai]

Hi!

First of all, thank you for this pretty awesome library! It had exceeded my expectations in so many ways.

I'd like to discuss a problem I've been having using the TLS/SSL ws client.

I have a embedded project (using a TI am335x - Cortex A8) which has a application that will connect as a wss client a wss server. Connecting to the server right after launch has no issues. The first time the i get booted by the server (when the server reboots) also goes fine... but on subsequent reconnects I get TLS handshake error and stay in the state indefinitly no longer being able to connect to the server.

Here's my code in the tls_init :

context_ptr RemoteWebsocketServerBridge::on_remote_tls_init(websocketpp::connection_hdl hdl)

{

    context_ptr ctx = websocketpp::lib::make_shared<boost::asio::ssl::context>(boost::asio::ssl::context::tlsv1_client);


    try {
        ctx->set_options(boost::asio::ssl::context::default_workarounds |
                         boost::asio::ssl::context::no_sslv2 |
                         boost::asio::ssl::context::no_sslv3 |
                         boost::asio::ssl::context::single_dh_use);
        ctx->set_verify_mode(boost::asio::ssl::verify_none);
    }
 catch (websocketpp::exception const & e)
 {
...
 }
 catch (...)
 {
...
 }
    return ctx;
}

And here what I do on disconnectsm, this function is called by the close or fail handlers :

void RemoteWebsocketServerBridge::reconnectRemote()
{
 LoggerWithLevel->logGenericModule(LogLevel::LOG_INFO,"Websocket Bridge : Reconnecting to remote...");
 remoteEndpoint->stop();
 remoteEndpoint->reset();
 websocketpp::lib::error_code ecRemote;
 remoteCon = remoteEndpoint->get_connection(REMOTE_ENDPOINT, ecRemote);
 remoteEndpoint->connect(remoteCon);
}

As i said it works first and second connections, subsequent gets shaky and goes into a reconnect loop with TLS handshake error. I've noticed though i do not have this problem on my developement VM which is ubuntu based.

Am I doing something wrong in resetting the connection, or do you think i have library compatibilty issue somewhere? We did recompile the openSSL library to upgrade from the older one that was included in the TI devkit.


Here are other symptoms that i've observed;

- TLSv12 doesn't work on our target device, it goes directly to TLS handshake fail on first connection.

- SSLv23 also doesnt work on our target.

Thank you very much for your help!


J.B.

[J-B Phuong-Anh-Vu Lai]

This is the error im getting each time a reconnect.

[INFO] : DEFAULT: Websocket Bridge : Reconnecting to remote...

[2015-04-29 15:02:59] [connect] Successful connection

cryptodev_digest_init: Can't get Dev

cryptodev_digest_cleanup: illegal input

cryptodev_digest_init: Open session failed

cryptodev_digest_cleanup: illegal input

[2015-04-29 15:02:59] [info] asio async_write error: asio.ssl:336191717 (ssl handshake failure)

[2015-04-29 15:02:59] [error] handle_send_http_request error: websocketpp.transport:2 (Underlying Transport Error)

[2015-04-29 15:02:59] [fail] WebSocket Connection 23.101.118.145:443 - "WebSocket++/0.5.0" / 0 websocketpp.transport:2 Underlying Transport Error

[INFO] : DEFAULT: Websocket Bridge : Remote Connection failed. Retry in 30 seconds