[openssl-users] Response from server is lost on close
Jakob Bohm
jb-openssl at wisemo.com
Wed Dec 2 21:16:43 UTC 2015
On 02/12/2015 11:21, Anty Rao wrote:
>
> Using non-blocking openssl , after detecting underlying TCP is
> broken, i invoke SSL_read to attempting reading response.
> *sometimes* response from server is lost, sometimes not. But
> tcpdump show that response is always send back to me. what is
> special is that RST packages come next the response. Can someone
> shed some light on me, Thanks.Here is the result of tcpdump:
>
> |16:18:00.168274IP 17.143.161.207.2195>xx.xxx.xx.xx.43361:Flags[P.],seq
> 4764:4801,ack 37462,win 432,option s [nop,nop,TS val 1248125705ecr
> 2355901348],length 370x0000:45000059c936 4000300614ba118fa1cf
> E..Y.6 at .0.......0x0010:b73c 02140893a961
> 1e10133f21973724.<.....a...?!.7$
> 0x0020:801801b0245e00000101080a4a64e309
> ....$^......Jd..0x0030:8c6c33a4150301002012a99f e30c
> 37aa.l3...........7.0x0040:eda1 e24a 181974cb1a732396f76e b9fa
> ...J..t..s#..n..0x0050:293b86258a9d09a730);.%....016:18:00.168326IP
> 17.143.161.207.2195>xx.xxx.xx.xx.43361:Flags[R.],seq 4801,ack
> 37462,win 498,options [no p,nop,TS val 1248125705ecr
> 2355901348],length 00x0000:45000034c937 4000300614de118fa1cf
> E..4.7 at .0.......0x0010:b73c 02140893a961
> 1e10136421973724.<.....a...d!.7$ 0x0020:801401f2de75
> 00000101080a4a64e309 .....u......Jd..0x0030:8c6c33a4.l3.|
>
>
When the TCP/IP stack on 17.143.161.207 sends back an RST it means
(amongst other things) that the entire connection is dead and invalid
(not a pretty/graceful close, but dead and invalid). Thus the TCP/IP
stack on xx.xxx.xx.xx is correct in throwing away any received data it
has not yet passed to application layer code (such as OpenSSL).
An ordinary connection close should be sending a packet with the FIN
flag, not the RST flag and expect your computer to send back an ACK of
that FIN packet.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151202/7e4f9c9f/attachment-0001.html>
More information about the openssl-users
mailing list