Archived Forum Post
Index of archived forum posts
Question:
Hi,
We're seeing an issue with the SSL server portion of your socket control. If a client sends a session id from a different session (unknown to the server), the server responds with no session id. Our client talks to a different host using the same socket beforehand and probably doesn't do a valid SSL disconnect causing it to try to re-use the session id. According to SSL protocol, if the session id is unknown, the host should return a different session id during the handshake. The log shows an error about random data, but the Wireshark trace shows random data being sent in the Client Hello. Are we missing something?
ChilkatLog:
AcceptNextConnection:
DllDate: Aug 5 2012
UnlockPrefix: TRITONSocket
Username: MXL2160T14:AndrewM
Architecture: Little Endian; 32-bit
Language: .NET 2.0
VerboseLogging: 0
fd: 0x5d8
objectId: 1
listenPort: 9972
AcceptSslConnection:
maxWaitMs: 1000
m_idleTimeoutMs: 10000
handshakeMessageType: ClientHello
handshakeMessageLen: 0x57
processHandshakeMessage:
MessageType: ClientHello
ClientHello:
MajorVersion: 3
MinorVersion: 1
SessionIdLen: 32
CipherSuites: RSA_WITH_RC4_128_MD5
RSA_WITH_RC4_128_SHA
RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_DES_CBC_SHA
RSA_EXPORT1024_WITH_RC4_56_SHA
RSA_EXPORT1024_WITH_DES_CBC_SHA
RSA_EXPORT_WITH_RC4_40_MD5
RSA_EXPORT_WITH_RC2_CBC_40_MD5
numCompressionMethods: 1
Queueing ClientHello message.
ClientHello is OK.
--ClientHello
--processHandshakeMessage
Dequeued ClientHello message.
Received ClientHello!
Client requested TLS 1.0
Choosing TLS 1.0
chosenCipherSuite: RSA_WITH_RC4_128_MD5
ServerHelloSize: 38
CertificatesMessage:
numCerts: 1
certificate:
SubjectCN: mxl2160t14
SerialNumber: 01
validTo: Sun, 07 Jun 2013 14:14:54 GMT
IssuerCN: mxl2160t14
--certificate
CertificateSize: 0x1a8
--CertificatesMessage
NumAcceptableCaDNs: 0
Not sending a CertificateRequest because app did not provide acceptable DN's
*** Make sure to call AddSslAcceptableClientCaDn prior to calling InitSslServer.
Sent handshake messages up to and including ServerHelloDone.
handshakeMessageType: ClientKeyExchange
handshakeMessageLen: 0x82
processHandshakeMessage:
MessageType: ClientKeyExchange
ClientKeyExchangeMsgLen: 130
Queueing ClientKeyExchange message.
exchangeKeysLen: 128
--processHandshakeMessage
ReceivedFromClient: ClientKeyExchange
Dequeued ClientKeyExchange message.
Decrypting encrypted pre-master secret...
EncryptedPreMasterSecretLen: 128
decryptedPreMasterSecret: 0301 6E19 D327 BB3C 29C1 477E 8C03 5383
FFDE 8E3F 3723 401A D101 F86A 0E10 081B
835C 99B7 D63E 391E D9FE C21A B5F0 5F8F
Failed to get client random data for computing master secret.
Server handshake failed.
--AcceptSslConnection
Failed.
--AcceptNextConnection
--ChilkatLog
Here is the Wireshark trace for the client hello:
Here is the Wireshark trace for the server hello:
Please try this new build:
http://www.chilkatsoft.com/preRelease/ChilkatDotNet2.zip
If a problem remains, please post the LastErrorText using this new build. (The WireShark traces are not necessary.)
That seems to work fine. Could you please give us a 64 bit version with the fix in as well? Thank you very much for the quick turnaround.