SSL connections in persistent TCP connection.

Wed, 20 Feb 2008 06:39:20 -0800 

 Hi,

I have a SSL client and a server application.The client connects to a
SSL server in a TCP socket persistence mode, i.e, it does a data
exchange with the server through a SSL connection , tears down the SSL
connection but again sends out a client_hello in the same TCP socket
connection it had earlier established with the server to perform another
cycle of data exchange.

The application simulates hundreds of clients. A thread is created for each
client simulated.
Under stress, I find quite a few issues when doing SSL_connect in persistent
connection.

One of that is after sending client hello, the client sends FIN or resets
the connection:

The following indiates traces from ethereal:

  34762 69.876820   192.168.13.74         192.168.2.3           TCP
35009 > https [ACK] Seq=636 Ack=1972 Win=35992 Len=0
  37518 71.738469   192.168.2.3           192.168.13.74         SSLv3
Encrypted Alert
  37563 71.747695   192.168.13.74         192.168.2.3           TCP
35009 > https [ACK] Seq=636 Ack=2009 Win=35992 Len=0
  37564 71.748687   192.168.13.74         192.168.2.3           SSLv3
Encrypted Alert
  40540 73.745120   192.168.2.3           192.168.13.74         TCP
https > 35009 [ACK] Seq=2009 Ack=673 Win=12178 Len=0
*// A cycle of SSL_connect is done , client tries another in persistent
connection*
  40541 73.745130   192.168.13.74         192.168.2.3           SSLv3
Client Hello
  41378 73.839940   192.168.13.74         192.168.2.3           TCP
35009 > https *[FIN, ACK]* Seq=723 Ack=2009 Win=35992 Len=0

At times the client would RST the connection:

  41335 73.839336   192.168.13.213        192.168.2.3           SSLv3
Client Hello
  42556 74.630870   192.168.2.3           192.168.13.213        TCP
https > 34969 [ACK] Seq=2009 Ack=673 Win=12178 Len=0
  45462 75.890994   192.168.2.3           192.168.13.213        SSLv3
Server Hello, Certificate, Server Hello Done
  45463 75.891003   192.168.13.213        192.168.2.3           TCP
34969 > https [RST] Seq=724 Ack=4077213146 Win=0 Len=0


The following is done in trying to achieve persistent connections:

{
  create socket(); // sock descp "sd"
  do TcpConnect() ;// get connected to server

 while(1)
{
  SSL_Connect(); //SSL_set_fd(ssl,  sd) ; SSL_connect (ssl);
  doDataExchange(); //SSL_read() and SSL_write();
  closeConnection(); //SSL_shutdown(ssl); SSL_free(ssl);
}

The fds are non blocking.
Is the method shown above of trying to achieve multiple SSL session in
persistent connection appropriate?

Why are clients closing the connections abruptly?

Thanks,
Prabhu. S

Reply via email to