[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] SSL Handshake oddities



This is normal under JDK 1.1.7 and later on Win9x.

Try "new java.security.SecureRandom().nextInt()" and report the results
to JavaSoft. I plan to write a short piece with more information about
whole random number issue next week.

Regards,

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at


-----Ursprüngliche Nachricht-----
Von: Michel Drescher <Michel.Drescher@pallas.com>
An: <gil@online.be>
Cc: <iaik-ssl@iaik.tu-graz.ac.at>
Gesendet: Mittwoch, 13. Oktober 1999 15:24
Betreff: Re: [iaik-ssl] SSL Handshake oddities


> Gil,
>
> thanks for the quick reply.
>
> I doubt that a secure random number generater needs 10 minutes or more
> to initialize itself, even if it is the default generator
> (java.security.SecureRandom).
> Just right now, I modified my code and reran again, and after setting
> the socket timeout to 10 minutes, I got an InterruptedIOException
> (socket timeout).
> I think that's *not* normal...
>
> > This is the secure Random Number generator initializing itself.
> >
> > What you can do, is if you have an applications, init the Random
> Number
> > generator in a seperate thread during program startup.
> >
> > Or for testing set the default generator to be one that is less
> secure,
> > which normally takes shorter tyime to init.
> >
> > Gil.
> >
> > Michel Drescher wrote:
> > >
> > > Fellows,
> > >
> > > when I open an SSLSocket to an SSL server (in particular,
> JigsawSSL) I
> > > get the following odd behaviour (with SSLSocket debugging turned
> on):
> > >
> > > [...]
> > > InputRecord locked.
> > > OutputRecord locked.
> > > starting handshake.
> > > send client_hello...
> > >
> > > [now it blocks/sits back and waits for at least 30 seconds,]
> > > [average: approx. 2 min]
> > >
> > > v3ClientHello, version: 3.0
> > > received server_hello...
> > > Server doesn't want to resume a previous session.
> > > CipherSuite selected by server: SSL_RSA_WITH_IDEA_CBC_SHA
> > > CompressionMethod selected by server: NULL
> > > received Certificate...
> > > Connection accepted.
> > > received certificate_request...
> > > received server_hello_done...
> > > send SSLCertificate...
> > > send ClientKeyExchange...
> > > send CertificateVerify...
> > > send change_cipher_spec...
> > > send finished...
> > > received change_cipher_spec...
> > > received finished...
> > > adding session to cache...
> > > finished handshake.
> > > [...]
> > >
> > > What is specifically performed after emitting "send
> client_hello..."
> > > and before emitting "v3ClientHello, version: 3.0"?
> > >
> > > Connecting a LAN SSL-Server (JigsawSSL again) does not produce
> this
> > > very odd behaviour...
> > >
> > > Any help will be greatly appreciated,
> > > Michel
> > >
> > > // pallas  GmbH  ............  Michel Drescher  .........
> > >    Hermuelheimer Str. 10       Analyst
> > >    D-50321 Bruehl, Germany     drescher@pallas.com
> > >    fax +49-(0)2232-1896-29     phone  +49-(0)2232-1896-0
> > >    http://www.pallas.de        direct +49-(0)2232-1896-30
> > > .........................................................
> > >
> > > --
> > > Mailinglist-archive at
> http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> > >
> > > To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with
> the folowing content: UNSUBSCRIBE iaik-ssl
> > >
> >
> > --
> >
> ----------------------------------------------------------------------
> -
> > Remove the .NOSPAM (DOT included) from my EMail address before
> replying
> >
> ----------------------------------------------------------------------
> -
> > Gil Peeters
> >
> ----------------------------------------------------------------------
> -
> > Remove the .NOSPAM (DOT included) from my EMail address before
> replying
> >
> ----------------------------------------------------------------------
> -
>
> // pallas  GmbH  ............  Michel Drescher  .........
>    Hermuelheimer Str. 10       Analyst
>    D-50321 Bruehl, Germany     drescher@pallas.com
>    fax +49-(0)2232-1896-29     phone  +49-(0)2232-1896-0
>    http://www.pallas.de        direct +49-(0)2232-1896-30
> .........................................................
>
>
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-ssl
>
>
>


smime.p7s