Sudden control data sent during large transfer.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Sudden control data sent during large transfer.

d3x0r
How can I know what/why openssl is sending control data?
I have this Node addon that uses TLS 1.2 to communicate.  I'm sending a large file transfer (100M), which is chunked into 8100 byte blocks and sent on websocket protocol.  It's additionally chunked into 4327 byte blocks (which after encoding is 4356 bytes or 1452*3)  All of the data is encoded into blocks and queued to transfer before I have a problem. 
After some amount of data transfer OpenSSL starts sending 31 byte control packets after basically each block received... when the other side receives that data it doesn't do anything, but the ssl layer does stop giving me completed packets (instead opting to generate 31 byte packets) when the other side receives those, it doesn't do anything.... (doesn't generate control sends back).

Ad I mentioned all of the pendijng data is already queued to send, so even if I received a control packet and it generated a response it wouldn't get received for quite some time.

I don't have control over what version of SSL is being used... but this current test is 1.0.1m 

It's variable by the time it starts sending 31 byte packets... Also depends on the connection; although at this time I'm able to generate the problem on localhost... I was able to transfer from a remote server to myself with no issues... 





--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Sudden control data sent during large transfer.

Jakob Bohm-7
On 23/12/2017 04:06, J Decker wrote:

> How can I know what/why openssl is sending control data?
> I have this Node addon that uses TLS 1.2 to communicate.  I'm sending
> a large file transfer (100M), which is chunked into 8100 byte blocks
> and sent on websocket protocol.  It's additionally chunked into 4327
> byte blocks (which after encoding is 4356 bytes or 1452*3)  All of the
> data is encoded into blocks and queued to transfer before I have a
> problem.
> After some amount of data transfer OpenSSL starts sending 31 byte
> control packets after basically each block received... when the other
> side receives that data it doesn't do anything, but the ssl layer does
> stop giving me completed packets (instead opting to generate 31 byte
> packets) when the other side receives those, it doesn't do
> anything.... (doesn't generate control sends back).
>
> Ad I mentioned all of the pendijng data is already queued to send, so
> even if I received a control packet and it generated a response it
> wouldn't get received for quite some time.
>
> I don't have control over what version of SSL is being used... but
> this current test is 1.0.1m
>
> It's variable by the time it starts sending 31 byte packets... Also
> depends on the connection; although at this time I'm able to generate
> the problem on localhost... I was able to transfer from a remote
> server to myself with no issues...
>
I think you need to be a lot more clear for anyone to understand your
problem.

What exactly do you mean by "control data"?

What is the layering of protocols here?
Is it:
    bulk data => WebSockets => TLS => TCP => network
Or
    bulk data => TLS => WebSockets => TLS => TCP => network

In what direction is the bulk data being sent: TLS client to TLS
server or TLS server to TLS client?

In what direction is the initial 31 byte "control packet" being
sent: TLS client to TLS server or TLS server to TLS client?

Also, if possible, could you report the (decrypted if applicable)
content of those initial 31 bytes?  Perhaps also the later 31 byte
packets (including their order of occurrence and direction of
transmission)?

Can you see what the "packets" are?

For example, are they TLS alert messages?

Are they TLS HelloRequest messages?


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Sudden control data sent during large transfer.

d3x0r
I found the real issue... recently I fixed a signed/unsigned comparison warning by adding a (int) to the unsigned side, which made the result of send() be compared differently, and was triggering when send() would return -1 (with EAGAIN/WSAEWOULDBLOCK) would cause me to think it was a short send ( result < amount_to_send ) { /* sent less than full packet */ }  so I ended up backing up the send offset by 1 byte instead of 0 bytes... this was then injecting 1 extra byte into the TCP layer.  


On Mon, Dec 25, 2017 at 1:38 PM, Jakob Bohm <[hidden email]> wrote:
On 23/12/2017 04:06, J Decker wrote:
How can I know what/why openssl is sending control data?

It's variable by the time it starts sending 31 byte packets... Also depends on the connection; although at this time I'm able to generate the problem on localhost... I was able to transfer from a remote server to myself with no issues...

I think you need to be a lot more clear for anyone to understand your
problem.

What exactly do you mean by "control data"?

alerts/HelloRequest/renegotation?
 

What is the layering of protocols here?
Is it:
   bulk data => WebSockets => TLS => TCP => network

In what direction is the bulk data being sent: TLS client to TLS
server or TLS server to TLS client?
server to client. 

In what direction is the initial 31 byte "control packet" being
sent: TLS client to TLS server or TLS server to TLS client?

client to server 
Also, if possible, could you report the (decrypted if applicable)
content of those initial 31 bytes?  Perhaps also the later 31 byte
packets (including their order of occurrence and direction of
transmission)?

Can you see what the "packets" are?

I wouldn't know the decrypted bytes because I would get them from the wbio from the TLS Object.
Well that's kinda what I was more asking; can I somehow register a callback for when alerts are generated so I can see what they are?  Otherwise I really don't know.

 

For example, are they TLS alert messages?

Are they TLS HelloRequest messages?


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct <a href="tel:%2B45%2031%2013%2016%2010" value="+4531131610" target="_blank">+45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users