Ask Your Question
0

I am getting a Encryption alert from the Server and connection resets

asked 2018-04-11 00:30:52 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

I am getting a Encryption alert from the Server after the server and client have exchanged application data. The Error codes do not seem consistent between the Alert Description Types. This is happening in my Proxy to external server, after this encrypted alert proxy is reseting the connection and the proxy clients are getting gateway timeouts. Why would the proxy getting an alert after several application packets have passed successfully? Thank you in advance

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-04-11 06:11:00 +0000

Uli gravatar image

To clarify:

You talk about SSL/TLS connections? You get a TLS Record with content type "Alert" (21)?

This "alert" is used in SSL/TLS for notifying to close the connection. So it's quit normal to see "Encrypted Alert" at the end of a SSL/TLS session. Normally when there is no more data to send, the sender sends this TLS Alert.

edit flag offensive delete link more

Comments

Hi Thanks for your reply.

Actually my traffic flow is Client--> proxy --> Server. in the flow client and server is exchanging the application data, at some point Server is sending Encrypted alert (21) is sending to proxy and so proxy is resetting the connection, so proxy sends back gateway timeout to the client. here why server is sending this alert in the middle of application data transaction. thanks in advance.

Saravanan gravatar imageSaravanan ( 2018-04-12 06:53:12 +0000 )edit

As said, most of the times, a "Encrypted Alert" record contains the "Close notify" message. To be sure what's inside the "Encrypted Alert" message you need the plaintext.

If your client application is a browser (e.g. Chrome or Firefox) you can give it a try with using SSLKEYLOG (s. https://www.youtube.com/watch?v=bwJEB...)

Uli gravatar imageUli ( 2018-04-12 12:22:55 +0000 )edit

I am getting Encrypted Alert (21), when client attempt to send app data to server, this happens in following order client hello server hello, certificate, server key exchange, server hello done client key exchange, Change cypher spec, encrypted handshake change cypher spec, encrypted handshake (from server) encrypted alert

I could not decrypt. But wondering what could go wrong after cipher negotiation and encrypted handshakes Appreciate Any help

Pramma gravatar imagePramma ( 2018-11-23 06:52:18 +0000 )edit

Did you ever figure what the problem was?

I am getting the same Alert 21 sent by the client instead of Client Key Exchange, Change Cipher Spec Encrypted Handshake

net_tech gravatar imagenet_tech ( 2018-12-23 01:49:40 +0000 )edit

Hi, we are facing the same client-proxy-server timeout issue..can you let me know what finally helped you guys resolve the issue pls...

AP gravatar imageAP ( 2019-09-25 22:13:12 +0000 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2018-04-11 00:30:52 +0000

Seen: 90,007 times

Last updated: Apr 11 '18

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2