[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] SSL Handshake oddities



Gil,

thanks for the quick reply.

I doubt that a secure random number generater needs 10 minutes or more 
to initialize itself, even if it is the default generator 
(java.security.SecureRandom).
Just right now, I modified my code and reran again, and after setting 
the socket timeout to 10 minutes, I got an InterruptedIOException 
(socket timeout).
I think that's *not* normal...

> This is the secure Random Number generator initializing itself.
> 
> What you can do, is if you have an applications, init the Random 
Number
> generator in a seperate thread during program startup.
> 
> Or for testing set the default generator to be one that is less 
secure,
> which normally takes shorter tyime to init.
> 
> Gil.
> 
> Michel Drescher wrote:
> > 
> > Fellows,
> > 
> > when I open an SSLSocket to an SSL server (in particular, 
JigsawSSL) I
> > get the following odd behaviour (with SSLSocket debugging turned 
on):
> > 
> > [...]
> > InputRecord locked.
> > OutputRecord locked.
> > starting handshake.
> > send client_hello...
> > 
> > [now it blocks/sits back and waits for at least 30 seconds,]
> > [average: approx. 2 min]
> > 
> > v3ClientHello, version: 3.0
> > received server_hello...
> > Server doesn't want to resume a previous session.
> > CipherSuite selected by server: SSL_RSA_WITH_IDEA_CBC_SHA
> > CompressionMethod selected by server: NULL
> > received Certificate...
> > Connection accepted.
> > received certificate_request...
> > received server_hello_done...
> > send SSLCertificate...
> > send ClientKeyExchange...
> > send CertificateVerify...
> > send change_cipher_spec...
> > send finished...
> > received change_cipher_spec...
> > received finished...
> > adding session to cache...
> > finished handshake.
> > [...]
> > 
> > What is specifically performed after emitting "send 
client_hello..."
> > and before emitting "v3ClientHello, version: 3.0"?
> > 
> > Connecting a LAN SSL-Server (JigsawSSL again) does not produce 
this
> > very odd behaviour...
> > 
> > Any help will be greatly appreciated,
> > Michel
> > 
> > // pallas  GmbH  ............  Michel Drescher  .........
> >    Hermuelheimer Str. 10       Analyst
> >    D-50321 Bruehl, Germany     drescher@pallas.com
> >    fax +49-(0)2232-1896-29     phone  +49-(0)2232-1896-0
> >    http://www.pallas.de        direct +49-(0)2232-1896-30
> > .........................................................
> > 
> > --
> > Mailinglist-archive at 
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> > 
> > To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with 
the folowing content: UNSUBSCRIBE iaik-ssl
> > 
> 
> -- 
> 
----------------------------------------------------------------------
-
> Remove the .NOSPAM (DOT included) from my EMail address before 
replying
> 
----------------------------------------------------------------------
-
> Gil Peeters
> 
----------------------------------------------------------------------
-
> Remove the .NOSPAM (DOT included) from my EMail address before 
replying
> 
----------------------------------------------------------------------
-

// pallas  GmbH  ............  Michel Drescher  .........
   Hermuelheimer Str. 10       Analyst                   
   D-50321 Bruehl, Germany     drescher@pallas.com        
   fax +49-(0)2232-1896-29     phone  +49-(0)2232-1896-0 
   http://www.pallas.de        direct +49-(0)2232-1896-30
.........................................................


--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl