Archived Forum Post

Index of archived forum posts

Question:

SSL Session Ids

Dec 04 '12 at 20:05

Hi,

We're seeing an issue with the SSL server portion of your socket control. If a client sends a session id from a different session (unknown to the server), the server responds with no session id. Our client talks to a different host using the same socket beforehand and probably doesn't do a valid SSL disconnect causing it to try to re-use the session id. According to SSL protocol, if the session id is unknown, the host should return a different session id during the handshake. The log shows an error about random data, but the Wireshark trace shows random data being sent in the Client Hello. Are we missing something?

ChilkatLog:
  AcceptNextConnection:
    DllDate: Aug  5 2012
    UnlockPrefix: TRITONSocket
    Username: MXL2160T14:AndrewM
    Architecture: Little Endian; 32-bit
    Language: .NET 2.0
    VerboseLogging: 0
    fd: 0x5d8
    objectId: 1
    listenPort: 9972
    AcceptSslConnection:
      maxWaitMs: 1000
      m_idleTimeoutMs: 10000
      handshakeMessageType: ClientHello
      handshakeMessageLen: 0x57
      processHandshakeMessage:
        MessageType: ClientHello
        ClientHello:
          MajorVersion: 3
          MinorVersion: 1
          SessionIdLen: 32
          CipherSuites: RSA_WITH_RC4_128_MD5
RSA_WITH_RC4_128_SHA
RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_DES_CBC_SHA
RSA_EXPORT1024_WITH_RC4_56_SHA
RSA_EXPORT1024_WITH_DES_CBC_SHA
RSA_EXPORT_WITH_RC4_40_MD5
RSA_EXPORT_WITH_RC2_CBC_40_MD5
          numCompressionMethods: 1
          Queueing ClientHello message.
          ClientHello is OK.
        --ClientHello
      --processHandshakeMessage
      Dequeued ClientHello message.
      Received ClientHello!
      Client requested TLS 1.0
      Choosing TLS 1.0
      chosenCipherSuite: RSA_WITH_RC4_128_MD5
      ServerHelloSize: 38
      CertificatesMessage:
        numCerts: 1
        certificate:
          SubjectCN: mxl2160t14
          SerialNumber: 01
          validTo: Sun, 07 Jun 2013 14:14:54 GMT
          IssuerCN: mxl2160t14
        --certificate
        CertificateSize: 0x1a8
      --CertificatesMessage
      NumAcceptableCaDNs: 0
      Not sending a CertificateRequest because app did not provide acceptable DN's
      *** Make sure to call AddSslAcceptableClientCaDn prior to calling InitSslServer.
      Sent handshake messages up to and including ServerHelloDone.
      handshakeMessageType: ClientKeyExchange
      handshakeMessageLen: 0x82
      processHandshakeMessage:
        MessageType: ClientKeyExchange
        ClientKeyExchangeMsgLen: 130
        Queueing ClientKeyExchange message.
        exchangeKeysLen: 128
      --processHandshakeMessage
      ReceivedFromClient: ClientKeyExchange
      Dequeued ClientKeyExchange message.
      Decrypting encrypted pre-master secret...
      EncryptedPreMasterSecretLen: 128
      decryptedPreMasterSecret: 0301 6E19 D327 BB3C 29C1 477E 8C03 5383
FFDE 8E3F 3723 401A D101 F86A 0E10 081B
835C 99B7 D63E 391E D9FE C21A B5F0 5F8F
      Failed to get client random data for computing master secret.
      Server handshake failed.
    --AcceptSslConnection
    Failed.
  --AcceptNextConnection
--ChilkatLog

Here is the Wireshark trace for the client hello:

ClientHello


Here is the Wireshark trace for the server hello:

ServerHello


Answer

Please try this new build:
http://www.chilkatsoft.com/preRelease/ChilkatDotNet2.zip

If a problem remains, please post the LastErrorText using this new build. (The WireShark traces are not necessary.)


Answer

That seems to work fine. Could you please give us a 64 bit version with the fix in as well? Thank you very much for the quick turnaround.