TLS-Session

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

TLS-Session

Konstantinos Schoinas
Hello,

I have deployed 3 VMs in my host (linux) pc.1 ubuntu Desktop and 2
ubuntu Servers.
I am using ovs-dpdk(openvswitch-dpdk) in order to create a bridge and
make the VMs speak to each other.

The test-⁠case is this:

VM1 : using openssl as a client to connect to an apache2 server hosted
in VM3
VM2 : Dpdk application working as a L2 Switch that does DPI(Deep packet
inspection) in the packet and check if there is a server name indication
with a specific forbidden SNI .If yes it block the TLS session by
replying with a TLS fatal(2) alert packet with Description
Unrecognized_name (112).According to RFC this shall block the TLS
session.

VM3:Just an apache2 Server

When i test this i am connecting from VM1 with this command
openssl s_client -connect www.example.com:443 -servername
www.example.com (where "www.example.com" is the forbidden name of the
dpdk application).

So my dpdk application is responding with the correct TLS alert and it
actually block the TLS session.I have seen the correct packet in
wireshark as well.I am also putting a picture with this mail in order to
see the process.

The problem is that VM1 using openssl takes 2 to 3 seconds to end the
TLS session.Also i am getting some retransmits of client hello in
wireshark.

So my question is if anyone can confirm that this is a problem of
openssl or if not maybe something else.
In addition if anyone know how much time does TLS session takes to
actually end?

I wanna know if that 2-⁠3 seconds delay is normal or not from openssl
perspective, or there is some problem with my dpdk application.


Thanks for your time,

Konstantinos Schoinas
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users