[openssl-users] Response from server is lost on close

Jakob Bohm jb-openssl at wisemo.com
Wed Dec 2 21:16:43 UTC 2015

On 02/12/2015 11:21, Anty Rao wrote:
>     Using non-blocking openssl , after detecting underlying TCP is
>     broken, i invoke SSL_read to attempting reading response.
>     *sometimes* response from server is lost, sometimes not. But
>     tcpdump show that response is always send back to me. what is
>     special is that RST packages come next the response. Can someone
>     shed some light on me, Thanks.Here is the result of tcpdump:
> |16:18:00.168274IP>xx.xxx.xx.xx.43361:Flags[P.],seq 
> 4764:4801,ack 37462,win 432,option s [nop,nop,TS val 1248125705ecr 
> 2355901348],length 370x0000:45000059c936 4000300614ba118fa1cf 
> E..Y.6 at .0.......0x0010:b73c 02140893a961 
> 1e10133f21973724.<.....a...?!.7$ 
> 0x0020:801801b0245e00000101080a4a64e309 
> ....$^......Jd..0x0030:8c6c33a4150301002012a99f e30c 
> 37aa.l3...........7.0x0040:eda1 e24a 181974cb1a732396f76e b9fa 
> ...J..t..s#..n..0x0050:293b86258a9d09a730);.%....016:18:00.168326IP 
>>xx.xxx.xx.xx.43361:Flags[R.],seq 4801,ack 
> 37462,win 498,options [no p,nop,TS val 1248125705ecr 
> 2355901348],length 00x0000:45000034c937 4000300614de118fa1cf 
> E..4.7 at .0.......0x0010:b73c 02140893a961 
> 1e10136421973724.<.....a...d!.7$ 0x0020:801401f2de75 
> 00000101080a4a64e309 .....u......Jd..0x0030:8c6c33a4.l3.|
When the TCP/IP stack on sends back an RST it means 
(amongst other things) that the entire connection is dead and invalid 
(not a pretty/graceful close, but dead and invalid). Thus the TCP/IP 
stack on xx.xxx.xx.xx is correct in throwing away any received data it 
has not yet passed to application layer code (such as OpenSSL).

An ordinary connection close should be sending a packet with the FIN 
flag, not the RST flag and expect your computer to send back an ACK of 
that FIN packet.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151202/7e4f9c9f/attachment-0001.html>

More information about the openssl-users mailing list