Ask Your Question
0

Client sends [RST,ACK] on client certificate authentication

asked 2023-06-21 06:25:22 +0000

mbc gravatar image

updated 2023-06-21 06:27:35 +0000

Hi.

I'm debugging an issue with a SSL client certificate authentication (RFC5246) that always fails with HTTP 400. In wireshark on client side I can see a [RST,ACK] (Reset connection) after encrypted handshake message. On a working connection both server and client are sending a [FIN,ACK]. Eventhough on the failing session using curl --trace I can see that the client starts sending content after the handshakes as usual, nothing to see about that Reset, then receiving the HTTP 400.

What could that be? I like to confirm that both handshakes for server certificate and client certificate are successful and the issue is based on the payload.

Here is what wireshark shows:

From client: Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message
From server: Change Cipher Spec, Encrypted Handshake Message
Application data... Application data...
From server: Encrypted Alert
From client: Encrypted Alert
From server: [FIN, ACK]
From client: [RST, ACK]      <- There the client sends a reset.
From server: [RST]
edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2023-07-17 20:02:38 +0000

André gravatar image

Both "Encrypted Alert" after the "Application data" are most likely a "TLS Close Notify". If the server sends a "HTTP 400" on HTTP level, than it makes sense it also closes the TLS layer after that (Encrypted Alert), followed by closing the TCP connection (the FIN).

"Application data" (= HTTP request or response) is only possible after a successful TLS handshake.

The TCP Reset is just a unclean shutdown of the TCP connection by the client.

The --verbose option of curl will show the TLS and HTTP communication.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-06-21 06:25:22 +0000

Seen: 1,352 times

Last updated: Jul 17 '23