[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] SSL Handshake oddities



Michel,

This is the secure Random Number generator initializing itself.

What you can do, is if you have an applications, init the Random Number
generator in a seperate thread during program startup.

Or for testing set the default generator to be one that is less secure,
which normally takes shorter tyime to init.

Gil.

Michel Drescher wrote:
> 
> Fellows,
> 
> when I open an SSLSocket to an SSL server (in particular, JigsawSSL) I
> get the following odd behaviour (with SSLSocket debugging turned on):
> 
> [...]
> InputRecord locked.
> OutputRecord locked.
> starting handshake.
> send client_hello...
> 
> [now it blocks/sits back and waits for at least 30 seconds,]
> [average: approx. 2 min]
> 
> v3ClientHello, version: 3.0
> received server_hello...
> Server doesn't want to resume a previous session.
> CipherSuite selected by server: SSL_RSA_WITH_IDEA_CBC_SHA
> CompressionMethod selected by server: NULL
> received Certificate...
> Connection accepted.
> received certificate_request...
> received server_hello_done...
> send SSLCertificate...
> send ClientKeyExchange...
> send CertificateVerify...
> send change_cipher_spec...
> send finished...
> received change_cipher_spec...
> received finished...
> adding session to cache...
> finished handshake.
> [...]
> 
> What is specifically performed after emitting "send client_hello..."
> and before emitting "v3ClientHello, version: 3.0"?
> 
> Connecting a LAN SSL-Server (JigsawSSL again) does not produce this
> very odd behaviour...
> 
> Any help will be greatly appreciated,
> Michel
> 
> // pallas  GmbH  ............  Michel Drescher  .........
>    Hermuelheimer Str. 10       Analyst
>    D-50321 Bruehl, Germany     drescher@pallas.com
>    fax +49-(0)2232-1896-29     phone  +49-(0)2232-1896-0
>    http://www.pallas.de        direct +49-(0)2232-1896-30
> .........................................................
> 
> --
> Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> 
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl
> 

-- 
-----------------------------------------------------------------------
Remove the .NOSPAM (DOT included) from my EMail address before replying
-----------------------------------------------------------------------
Gil Peeters
-----------------------------------------------------------------------
Remove the .NOSPAM (DOT included) from my EMail address before replying
-----------------------------------------------------------------------
--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl