[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] SSL Handshake oddities



> This is normal under JDK 1.1.7 and later on Win9x.
> 
> Try "new java.security.SecureRandom().nextInt()" and report the 
results
> to JavaSoft. I plan to write a short piece with more information 
about
> whole random number issue next week.
Thanks a lot, but why does this oddity occur only when I connect 
remote sites?!?

*Still wondering*
Michel

> 
> Regards,
> 
>  Andreas Sterbenz              
mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Michel Drescher <Michel.Drescher@pallas.com>
> An: <gil@online.be>
> Cc: <iaik-ssl@iaik.tu-graz.ac.at>
> Gesendet: Mittwoch, 13. Oktober 1999 15:24
> Betreff: Re: [iaik-ssl] SSL Handshake oddities
> 
> 
> > Gil,
> >
> > thanks for the quick reply.
> >
> > I doubt that a secure random number generater needs 10 minutes or 
more
> > to initialize itself, even if it is the default generator
> > (java.security.SecureRandom).
> > Just right now, I modified my code and reran again, and after 
setting
> > the socket timeout to 10 minutes, I got an InterruptedIOException
> > (socket timeout).
> > I think that's *not* normal...
> >
> > > This is the secure Random Number generator initializing itself.
> > >
> > > What you can do, is if you have an applications, init the Random
> > Number
> > > generator in a seperate thread during program startup.
> > >
> > > Or for testing set the default generator to be one that is less
> > secure,
> > > which normally takes shorter tyime to init.
> > >
> > > Gil.
> > >
> > > Michel Drescher wrote:
> > > >
> > > > Fellows,
> > > >
> > > > when I open an SSLSocket to an SSL server (in particular,
> > JigsawSSL) I
> > > > get the following odd behaviour (with SSLSocket debugging 
turned
> > on):
> > > >
> > > > [...]
> > > > InputRecord locked.
> > > > OutputRecord locked.
> > > > starting handshake.
> > > > send client_hello...
> > > >
> > > > [now it blocks/sits back and waits for at least 30 seconds,]
> > > > [average: approx. 2 min]
> > > >
> > > > v3ClientHello, version: 3.0
> > > > received server_hello...
> > > > Server doesn't want to resume a previous session.
> > > > CipherSuite selected by server: SSL_RSA_WITH_IDEA_CBC_SHA
> > > > CompressionMethod selected by server: NULL
> > > > received Certificate...
> > > > Connection accepted.
> > > > received certificate_request...
> > > > received server_hello_done...
> > > > send SSLCertificate...
> > > > send ClientKeyExchange...
> > > > send CertificateVerify...
> > > > send change_cipher_spec...
> > > > send finished...
> > > > received change_cipher_spec...
> > > > received finished...
> > > > adding session to cache...
> > > > finished handshake.
> > > > [...]
> > > >
> > > > What is specifically performed after emitting "send
> > client_hello..."
> > > > and before emitting "v3ClientHello, version: 3.0"?
> > > >
> > > > Connecting a LAN SSL-Server (JigsawSSL again) does not produce
> > this
> > > > very odd behaviour...
> > > >
> > > > Any help will be greatly appreciated,
> > > > Michel
> > > >
> > > > // pallas  GmbH  ............  Michel Drescher  .........
> > > >    Hermuelheimer Str. 10       Analyst
> > > >    D-50321 Bruehl, Germany     drescher@pallas.com
> > > >    fax +49-(0)2232-1896-29     phone  +49-(0)2232-1896-0
> > > >    http://www.pallas.de        direct +49-(0)2232-1896-30
> > > > .........................................................
> > > >
> > > > --
> > > > Mailinglist-archive at
> > 
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> > > >
> > > > To unsubscribe send an email to listserv@iaik.tu-graz.ac.at 
with
> > the folowing content: UNSUBSCRIBE iaik-ssl
> > > >
> > >
> > > --
> > >
> > 
----------------------------------------------------------------------
> > -
> > > Remove the .NOSPAM (DOT included) from my EMail address before
> > replying
> > >
> > 
----------------------------------------------------------------------
> > -
> > > Gil Peeters
> > >
> > 
----------------------------------------------------------------------
> > -
> > > Remove the .NOSPAM (DOT included) from my EMail address before
> > replying
> > >
> > 
----------------------------------------------------------------------
> > -
> >
> > // pallas  GmbH  ............  Michel Drescher  .........
> >    Hermuelheimer Str. 10       Analyst
> >    D-50321 Bruehl, Germany     drescher@pallas.com
> >    fax +49-(0)2232-1896-29     phone  +49-(0)2232-1896-0
> >    http://www.pallas.de        direct +49-(0)2232-1896-30
> > .........................................................
> >
> >
> > --
> > Mailinglist-archive at
> http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
> >
> > To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with 
the
> folowing content: UNSUBSCRIBE iaik-ssl
> >
> >
> >
> 
> 

// pallas  GmbH  ............  Michel Drescher  .........
   Hermuelheimer Str. 10       Analyst                   
   D-50321 Bruehl, Germany     drescher@pallas.com        
   fax +49-(0)2232-1896-29     phone  +49-(0)2232-1896-0 
   http://www.pallas.de        direct +49-(0)2232-1896-30
.........................................................


--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl