Ask Your Question
0

ssl_client_cert header truncated

asked 2020-09-28 11:14:06 +0000

jes gravatar image

Some calls were failing when our application is looking for ssl_client_cert header. (flow: incoming-request --> (443>haproxy>4440) --> app_server:4440)

The current assumption is, haproxy fails to forward ssl_client_cert header sometimes.

Looking at the tcpdump, I see "[truncated]ssl_client_cert". This is while sending the packet to the backend server: question: what does it mean when a http header is marked as truncated?

Frame 6886: 2005 bytes on wire (16040 bits), 2005 bytes captured (16040 bits)
Ethernet II, Src: 02:4b:47:b5:28:12 (02:4b:47:b5:28:12), Dst: MS-NLB-PhysServer-07_38:d4:91:04 (02:07:38:d4:91:04)
Internet Protocol Version 4, Src: 192.168.53.159, Dst: 192.168.193.206
Transmission Control Protocol, Src Port: 57680, Dst Port: 4440, Seq: 1, Ack: 1, Len: 1939
Hypertext Transfer Protocol
    GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n]
            [GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d
        Request Version: HTTP/1.1
    Accept: application/json,application/json\r\n
    User-Agent: Jersey/2.25.1 (HttpUrlConnection 11.0.8)\r\n
    Host: ken-qa.eu10.cp.abo.com\r\n
    ssl_client_user: kenAltId:e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d|gwayId:3|tenantId:8216199|instanceId:ken-qa\r\n
     **[truncated]ssl_client_cert:** MIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLo
    ssl_client_cert_used: 1\r\n
    X-Forwarded-Proto: https\r\n
    X-Forwarded-For: 217.191.10.72\r\n
    Connection: close\r\n
    \r\n
    [Full request URI: http://ken-qa.eu10.cp.abo.com/commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d]
    [HTTP request 1/1]
    [Response in frame: 6887]
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-09-28 13:33:06 +0000

Jaap gravatar image

This means that, in an effort of self preservation, Wireshark decides to not show all data in that field on this line because this would be excessively long (for an arbitrary value of excessive). Look in the packet bytes pane to see what is actually contained in the field, there is more data there.

edit flag offensive delete link more

Comments

Thank you for the clarification! and if the 'ssl_client_cert' header is missing, what does it tell? I'm confused because it was missing only on some packets (about 40%) probably due to large payloads.

jes gravatar imagejes ( 2020-09-28 14:02:16 +0000 )edit

That would be down to HAProxy and a support venue for that software would probably be your best bet.

grahamb gravatar imagegrahamb ( 2020-09-28 14:31:53 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-09-28 11:14:06 +0000

Seen: 968 times

Last updated: Sep 28 '20