• 14
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Should TLS separate the Finished messages?

I'm a bit stumped by what I'm seeing in wireshark. I am attempting a TLS session resume from a client 10.66.128.10 to server 10.26.0.196, and am seeing an unexpected event - the client is sending the Change Cipher Spec and Encrypted Handshake message in two separate messages, and waiting for TCP ACKS for each:

enter image description here

According to everything I've read online, this should come in one message - one great aspect of a resume is we don't have that extra RTT. Here is an example website that says this...https://vincent.bernat.ch/en/blog/2011-ssl-session-reuse-rfc5077

The issue is clear... time. This costs us about 0.6s which is huge for our application.

Is this expected or configurable?

Thanks!

    • @gbr it was a "feature" of the client. I tested with openssl and all of the messages were grouped. I enabled grouping on the wolfssl client and it worked like a charm!
    • Great. I wasn't aware that it was configurable on some clients. BTW, it sure isn't clear what those WolfSSL's set_group_messages options do from their documentation...
      • 1
    • I'm not really an expert on this, but I think this is a peculiarity of the client you're using (which is it?). Even in your example, your server is sending its Finished message along with the previous ChangeCipherSpec in a single TCP segment. This doesn't seem to have anything to do with session resumption, by the way.

Trending Tags