Ask Your Question
0

Big SSL Packets Due to List of CAs. Improve SSL Handshake

asked 2020-05-25 17:06:57 +0000

ktpcap gravatar image

updated 2020-05-25 18:47:39 +0000

We are troubleshooting network latency related to SSL Handshake. This doesn't necessarily cause the delay every time but in some cases, Server take 5-10 seconds just to start sending first SSL packet after Acknowledging Client Hello packet. Attached are snapshot of both Client and Server side captures taken at respective application servers. Please see notes and queries below.

Appreciate your help.

  1. Captures taken at both Client and Server side which are in different location having router and firewalls on the path.
  2. SSL Handshake type is set to ‘Optional’ at Tomcat 8.x on Windows 2016.
  3. Client is a Linux Server.
  4. Client TCP Window is 5840 and Server TCP Window is 8192
  5. Client to Server, DF (Don’t Fragment) bit is set to 0
  6. Server to Client, DF (Don’t Fragment) bit is set to 1
  7. Server’s SSL Segments (Server Hello, Certificate Chain, Server Key, and Certificate Request) is of total 15456 bytes.
  8. Out of 15456 bytes, lass SSL Segment of Certificate Request contains ‘Distinguished Names’ packet length of 10912 bytes. This packet has list of about 90 Trust Stores in it.
  9. Server’s SSL Segments is broken into 12 packets (111330 bytes + 1851 bytes) and they are all pushed in one go from Server without waiting for any ACK from Client.
  10. Server returns Client Hello ACK and that is received immediately at Client side.
  11. For some reason Server is seeing DUP-ACK of Client Hello from Client Side. At Client Side captures, we do not see this DUP-ACK going out to Server. This is happening 5 times in the TCP session. Server does Fast Re-transmit Client Hello ACK.
  12. This Re-transmit of Client Hello ACK is not seen at Client who sees first SSL Packet at 0.94th second (After above Re transmit of Client Hello) and starts sending ACK of these 12 SSL Packets as it received.
  13. At Server ACKs are seen but the Server which is getting ACKs one-by-one, see that it only got ACK of 5th out of 12th packet. This result Server re-transmit of SSL packets from 6th to 12th.
  14. At Client, it sees re-transmitted SSL Packets (as it arrived first time). It doesn’t see original SSL packet 6th to 12th which was previously sent to Client in One-Go.

Questions:

  1. How server is able to send SSL packets of 15456 bytes at one go which is more than TCP Window of 8192 bytes?
  2. Why Server is seeing DUP-ACK of Client Hello from Client Side multiple times but at Client captures we see these DUP-ACKs are not sent?
  3. Why Tomcat Server is sending list of CAs in ‘Distinguished Name’ for ‘Certificate Request’ payload? This is having 10940 bytes length? Is this due to some Windows Registry setting?
  4. Can Server not send CAs list in ‘Certificate Request’ and yet SSL Handshake works? Server Certificate is not issued by 3rd party CA but Server’s own CA.
  5. How to fix this issue of SSL Handshake delay and make this TCP session efficient?

Captures Snapshots:

edit retag flag offensive close merge delete

Comments

Sharing the capture file on a publicly accessible site makes analysing this issue so much better.

Jaap gravatar imageJaap ( 2020-05-25 17:36:40 +0000 )edit

Captures couldn't be exported out of network. I put the snapshots link of the captures. Hope these details provides extra information.

ktpcap gravatar imagektpcap ( 2020-05-25 18:47:11 +0000 )edit

The snapshots did not get through... Are you allowed to use tracewrangler to anonimize the capture files (replace mac and IP addresses and remove all data above the TCP layer) and then share the anonimized pcaps somewhere?

SYN-bit gravatar imageSYN-bit ( 2020-05-26 07:06:50 +0000 )edit

I think for #1 and #2 you will need to capture "on the wire" to see what the real packets are.

Chuckc gravatar imageChuckc ( 2020-05-26 16:33:45 +0000 )edit

@bubbasnmp Yes, catching the packets on the wire is always preferred over catching them within the endpoints. Some questions can and some questions can't be answered when capturing on one of the endpoints.

SYN-bit gravatar imageSYN-bit ( 2020-05-27 09:28:26 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2020-05-26 07:17:16 +0000

SYN-bit gravatar image
How server is able to send SSL packets of 15456 bytes at one go which
is more than TCP Window of 8192 bytes?

What is the TCP window size (the calculated one) of the last packet from the client before the server starts sending the 15456 bytes of data? Please check in both captures as there might be a device terminating the TCP sessions in between the client and the server.

Why Server is seeing DUP-ACK of Client Hello from Client Side multiple
times but at Client captures we see these DUP-ACKs are not sent?

This can't be answered without looking at the (anonimized) capture files

Why Tomcat Server is sending list of CAs in ‘Distinguished Name’ for
‘Certificate Request’ payload? This is having 10940 bytes length? Is this due
to some Windows Registry setting?

The reason for sending list of DN's of CA's is to instruct the client to pick a certificate that is signed by one of these CA's. Why the list is so long is a good question. You need to dive into the SSL settings of the application and the SSL library it is using.

Can Server not send CAs list in ‘Certificate Request’ and yet SSL Handshake works? Server Certificate is
not issued by 3rd party CA but Server’s own CA.

I think I don't understand this question. If you are wondering why the SSL connection can be set up even though the server certificate is signed by a private CA? Then the answer is that the client apparently trusts this CA. Most likely because it has added the private (root) CA in its trust-store. Or maybe because it manually added an exception for this certificate.

How to fix this issue of SSL Handshake delay and make this TCP session efficient?

This can't be answered without looking at the (anonimized) capture files

edit flag offensive delete link more

Comments

Thanks for your detailed response. I will see how can be captures uploaded after removing IP and MAC addresses. Here are clarifications for your notes.

a. TCP window size (the calculated one) is 5888 bytes. b. With "Can Server not send CAs list in ‘Certificate Request’", I wanted to know if SSL handshake will fail if Server does not send anything on ssl.handshake.dnames (Distinguished Names) field? We are sure that Client Certificate is issued by one of approved CAs present at Server's Trust Store.

ktpcap gravatar imagektpcap ( 2020-05-26 13:09:26 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-05-25 17:06:57 +0000

Seen: 424 times

Last updated: May 26 '20