You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "janardhanan vembunarayanan (JIRA)" <ji...@apache.org> on 2008/05/08 03:07:55 UTC
[jira] Commented: (DIRMINA-580) Session Idle times out when SSL is
enabled
[ https://issues.apache.org/jira/browse/DIRMINA-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12595103#action_12595103 ]
janardhanan vembunarayanan commented on DIRMINA-580:
----------------------------------------------------
I enabled ssl trace and in the MINA side I can see the server has Resumed the session successfully.
SocketAcceptorIoProcessor-1.0, READ: TLSv1 Handshake, length = 105
NEED_TASK handshake status for session = 33
*** ClientHello, TLSv1
RandomCookie: GMT: 1210113617 bytes = { 75, 222, 25, 224, 58, 76, 196, 140, 221, 236, 164, 173, 232, 67, 219, 165, 133, 54, 108, 175, 199, 163, 225, 183, 107, 172, 24, 32 }
Session ID: {72, 33, 222, 79, 149, 247, 153, 137, 252, 235, 238, 150, 9, 154, 175, 187, 116, 175, 72, 3, 211, 156, 253, 34, 6, 149, 2, 93, 163, 142, 73, 122}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[read] MD5 and SHA1 hashes: len = 105
0000: 01 00 00 65 03 01 48 21 DE 51 4B DE 19 E0 3A 4C ...e..H!.QK...:L
0010: C4 8C DD EC A4 AD E8 43 DB A5 85 36 6C AF C7 A3 .......C...6l...
0020: E1 B7 6B AC 18 20 20 48 21 DE 4F 95 F7 99 89 FC ..k.. H!.O.....
0030: EB EE 96 09 9A AF BB 74 AF 48 03 D3 9C FD 22 06 .......t.H....".
0040: 95 02 5D A3 8E 49 7A 00 1E 00 04 00 05 00 2F 00 ..]..Iz......./.
0050: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0060: 03 00 08 00 14 00 11 01 00 .........
%% Resuming [Session-19, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1210113617 bytes = { 250, 109, 240, 235, 247, 74, 133, 150, 56, 167, 190, 203, 216, 97, 78, 110, 71, 31, 145, 247, 43, 95, 197, 26, 201, 179, 13, 44 }
Session ID: {72, 33, 222, 79, 149, 247, 153, 137, 252, 235, 238, 150, 9, 154, 175, 187, 116, 175, 72, 3, 211, 156, 253, 34, 6, 149, 2, 93, 163, 142, 73, 122}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
CONNECTION KEYGEN:
Client Nonce:
0000: 48 21 DE 51 4B DE 19 E0 3A 4C C4 8C DD EC A4 AD H!.QK...:L......
0010: E8 43 DB A5 85 36 6C AF C7 A3 E1 B7 6B AC 18 20 .C...6l.....k..
Server Nonce:
0000: 48 21 DE 51 FA 6D F0 EB F7 4A 85 96 38 A7 BE CB H!.Q.m...J..8...
0010: D8 61 4E 6E 47 1F 91 F7 2B 5F C5 1A C9 B3 0D 2C .aNnG...+_.....,
Master Secret:
0000: 9B 11 CC 92 EC E2 93 5F 23 58 1E 84 FD 96 49 A4 ......._#X....I.
0010: 42 62 C1 4B 92 80 39 EA 0B 94 AB F3 B7 99 BF 80 Bb.K..9.........
0020: 29 33 8D 9D 06 42 FF 93 12 08 4A 7C 0F FD 26 1D )3...B....J...&.
Client MAC write Secret:
0000: F2 33 76 76 21 CC 0E AD 45 10 88 25 37 11 23 F0 .3vv!...E..%7.#.
Server MAC write Secret:
0000: 3E 5D E4 C9 47 73 A9 E2 1B 92 E6 CC 36 45 8F 12 >]..Gs......6E..
Client write key:
0000: FA E3 B9 3D D4 8F 76 12 0F 62 C7 1A F2 3B A1 58 ...=..v..b...;.X
Server write key:
0000: 8F 57 FA ED B3 D4 1F 63 31 7F 40 73 FB 71 97 B6 .W.....c1.@s.q..
... no IV for cipher
[write] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 48 21 DE 51 FA 6D F0 EB F7 4A ...F..H!.Q.m...J
0010: 85 96 38 A7 BE CB D8 61 4E 6E 47 1F 91 F7 2B 5F ..8....aNnG...+_
0020: C5 1A C9 B3 0D 2C 20 48 21 DE 4F 95 F7 99 89 FC ....., H!.O.....
0030: EB EE 96 09 9A AF BB 74 AF 48 03 D3 9C FD 22 06 .......t.H....".
0040: 95 02 5D A3 8E 49 7A 00 04 00 ..]..Iz...
SocketAcceptorIoProcessor-1.0, WRITE: TLSv1 Handshake, length = 74
SocketAcceptorIoProcessor-1.0, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 243, 2, 21, 216, 173, 48, 228, 62, 211, 177, 188, 87 }
***
On the client side where Jmeter is running I can find the client got the ssl session resume message reached but after that the data is not read by Mina for some reason.
RandomCookie: GMT: 1210113617 bytes = { 250, 109, 240, 235, 247, 74, 133, 150, 56, 167, 190, 203, 216, 97, 78, 110, 71, 31, 145, 247, 43, 95, 197, 26, 201, 179, 13, 44 }
Session ID: {72, 33, 222, 79, 149, 247, 153, 137, 252, 235, 238, 150, 9, 154, 175, 187, 116, 175, 72, 3, 211, 156, 253, 34, 6, 149, 2, 93, 163, 142, 73, 122}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
CONNECTION KEYGEN:
Client Nonce:
0000: 48 21 DE 51 4B DE 19 E0 3A 4C C4 8C DD EC A4 AD H!.QK...:L......
0010: E8 43 DB A5 85 36 6C AF C7 A3 E1 B7 6B AC 18 20 .C...6l.....k..
Server Nonce:
0000: 48 21 DE 51 FA 6D F0 EB F7 4A 85 96 38 A7 BE CB H!.Q.m...J..8...
0010: D8 61 4E 6E 47 1F 91 F7 2B 5F C5 1A C9 B3 0D 2C .aNnG...+_.....,
Master Secret:
0000: 9B 11 CC 92 EC E2 93 5F 23 58 1E 84 FD 96 49 A4 ......._#X....I.
0010: 42 62 C1 4B 92 80 39 EA 0B 94 AB F3 B7 99 BF 80 Bb.K..9.........
0020: 29 33 8D 9D 06 42 FF 93 12 08 4A 7C 0F FD 26 1D )3...B....J...&.
Client MAC write Secret:
0000: F2 33 76 76 21 CC 0E AD 45 10 88 25 37 11 23 F0 .3vv!...E..%7.#.
Server MAC write Secret:
0000: 3E 5D E4 C9 47 73 A9 E2 1B 92 E6 CC 36 45 8F 12 >]..Gs......6E..
Client write key:
0000: FA E3 B9 3D D4 8F 76 12 0F 62 C7 1A F2 3B A1 58 ...=..v..b...;.X
Server write key:
0000: 8F 57 FA ED B3 D4 1F 63 31 7F 40 73 FB 71 97 B6 .W.....c1.@s.q..
... no IV for cipher
%% Server resumed [Session-10, SSL_RSA_WITH_RC4_128_MD5]
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 48 21 DE 51 FA 6D F0 EB F7 4A ...F..H!.Q.m...J
0010: 85 96 38 A7 BE CB D8 61 4E 6E 47 1F 91 F7 2B 5F ..8....aNnG...+_
0020: C5 1A C9 B3 0D 2C 20 48 21 DE 4F 95 F7 99 89 FC ....., H!.O.....
0030: EB EE 96 09 9A AF BB 74 AF 48 03 D3 9C FD 22 06 .......t.H....".
0040: 95 02 5D A3 8E 49 7A 00 04 00 ..]..Iz...
[Raw read]: length = 5
0000: 14 03 01 00 01 .....
[Raw read]: length = 1
0000: 01 .
Auth Service 1-5, READ: TLSv1 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 01 00 20 ....
[Raw read]: length = 32
0000: 75 38 68 9A B7 8C E0 52 BC 44 1E 9D 11 8B BA D9 u8h....R.D......
0010: 7D FC 88 93 54 DC CE E9 65 44 7A 7B EB 6B FD F5 ....T...eDz..k..
Auth Service 1-5, READ: TLSv1 Handshake, length = 32
Padded plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C F3 02 15 D8 AD 30 E4 3E D3 B1 BC 57 .........0.>...W
0010: 32 79 70 93 17 8C FB 11 0C 1F 23 88 0A 03 13 A6 2yp.......#.....
*** Finished
verify_data: { 243, 2, 21, 216, 173, 48, 228, 62, 211, 177, 188, 87 }
***
Is this a bug in Mina because of session reuse?
> Session Idle times out when SSL is enabled
> ------------------------------------------
>
> Key: DIRMINA-580
> URL: https://issues.apache.org/jira/browse/DIRMINA-580
> Project: MINA
> Issue Type: Bug
> Components: Filter
> Affects Versions: 1.0.9
> Environment: Sun Solaris
> Reporter: janardhanan vembunarayanan
>
> I have developed an HTTP Routing server using Mina 1.0.9 and I am using SSLFilter for handling SSL Connections.
> 1. Using Jmeter as the client I am sending HTTPS requests to this server with 5 threads.
> 2. For some of the requests(10%) the sessionCreated method on the Handler is getting called and the data from the client is not read by the server.
> 3. sessionIdle() gets triggered and we close the connection.
> This happens for the ssl connections only and when the server is trying to resume the cached session.
> I enabled ssl debug using -Djavax.net.debug=all on the server and I got the following logs for the failed sessions
> 0240: EB 3E 28 AD 97 20 36 B7 C0 35 4E 3E 80 71 88 99 %% Created: [Session-17, SSL_RSA_WITH_RC4_128_MD5]
> 9uTWV0aG961 58 4Dk%% Cached server session: [Session-17, SSL_RSA_WITH_RC4_128_MD5]
> 10 7A 0F 37 59C 66 D3 18 2A 2B 3144 1F 5 D9 16A EB 1 1F%% Resuming [Session-17, SSL_RSA_WITH_RC4_128_MD5]
> org.apache.mina.filter.SSLFilter.SSLSession=[Session-17, SSL_RSA_WITH_RC4_128_MD5]
> %% Invalidated: [Session-17, SSL_RSA_WITH_RC4_128_MD5]
> Any ideas why this could happen?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.