1

We have found that occassinally our web page could not be opened on mobile devices. We use tcpdump to analyze the data packets and found the issue maybe has something to do with the TLS. There is a data packet in which the client side sent alert message to server then server side closed the connection. The description of this alert message is "close notify". Then client side established another ssl connection with server and received the certificate packet from server,but after 30 seconds, the client side closed the connection. I don't why such a process could happen. What is the problem in this TLS communication? This issue could not reproduce in PC web browser.

I have to add some information. I found through the data packet that when the problem occurred, there were two TLS connections established, and one of the connection was closed by client by sending "close notify" to server. Another connection was also closed by client 30 seconds later when client side received the certificate information.

yifan
  • 163
  • 1
  • 1
  • 11
  • 1
    Given only the little you've said about it, one could only guess. In other troubleshooting of encrypted network packets, I've seen it be helpful that the people trying to debug the issue perform full captures in a time period in which somebody reproduces the problem, and then the admins in question use the server's private key to decrypt the capture, so that they can see exactly what happened. I've never been one of the people to do this, so all I can tell you is, wireshark can do it, given a full packet capture of the session and the server's private keys. – Ed Grimm Feb 04 '19 at 01:10
  • Does client send "close notify" after the full TLS handshake succeeded and client and server do exchange with application data? Or during the handshake itself? – Oleg Feb 04 '19 at 11:42
  • @Oleg, no, no application data was exchanged between client and server before client sent "close notify" – yifan Feb 04 '19 at 12:51
  • @ yifan what is the last messages the server has sent to the client before the client sent "close notify"? – Oleg Feb 04 '19 at 17:32
  • @Oleg, the last message the server has sent to client is "server key exchange, server hello done". – yifan Feb 04 '19 at 23:16
  • @yifan so the client probably didn't like something in ServerHello or ServerCertificate. Could be one of the following: server certificate is untrusted on client, not valid, unsupported type, no shared cipher etc. – Oleg Feb 09 '19 at 20:42
  • @Oleg It is impossible that there are some problems in server certificate. As I said, the issue occassinally occurs. – yifan Feb 11 '19 at 04:58
  • @Oleg you can see another question posted by me. https://serverfault.com/questions/952383/tls-communication-client-did-not-receive-server-key-exchange-message-but-serv. These two issues often occur at the same time. – yifan Feb 11 '19 at 05:02
  • @yifan when server certificate is not trusted on the client - it doesn't mean that there's a problem in server certificate. The server certificate is fine, but client should have CA that signed server certificate in its Certificate Trusted List. – Oleg Feb 11 '19 at 11:45

0 Answers0