Ask Your Question
0

Why won't this Chrome TLS handshake work?

asked 2023-11-29 19:22:18 +0000

updated 2023-11-29 22:20:37 +0000

Chuckc gravatar image

Packets:

   No.  Time    Source  Source Port Destination Destination Port    Protocol    Length  Info
    306 24.485320   ::1 52986   ::1 443 TCP 76  52986 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM
    307 24.485360   ::1 443 ::1 52986   TCP 76  443 → 52986 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM
    308 24.485383   ::1 52986   ::1 443 TCP 64  52986 → 443 [ACK] Seq=1 Ack=1 Win=2160640 Len=0
    309 24.485652   ::1 52986   ::1 443 TLSv1.3 1815    Client Hello (SNI=localhost)
    310 24.485671   ::1 443 ::1 52986   TCP 64  443 → 52986 [ACK] Seq=1 Ack=1752 Win=2158848 Len=0
    311 24.487282   ::1 52987   ::1 666 TCP 76  52987 → 666 [SYN] Seq=0 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM
    312 24.487310   ::1 666 ::1 52987   TCP 76  666 → 52987 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=65475 WS=2 SACK_PERM
    313 24.487329   ::1 52987   ::1 666 TCP 64  52987 → 666 [ACK] Seq=1 Ack=1 Win=2160640 Len=0
    314 24.487598   ::1 52987   ::1 666 TLSv1.3 1847    Client Hello (SNI=localhost)
    315 24.487619   ::1 666 ::1 52987   TCP 64  666 → 52987 [ACK] Seq=1 Ack=1784 Win=63752 Len=0
    371 24.609527   ::1 666 ::1 52987   TLSv1.3 191 Server Hello
    372 24.609546   ::1 52987   ::1 666 TCP 64  52987 → 666 [ACK] Seq=1784 Ack=128 Win=2160384 Len=0
    421 24.712778   ::1 666 ::1 52987   TLSv1.3 70  Change Cipher Spec
    422 24.712798   ::1 52987   ::1 666 TCP 64  52987 → 666 [ACK] Seq=1784 Ack=134 Win=2160384 Len=0
    423 24.718309   ::1 666 ::1 52987   TLSv1.3 134 Application Data
    424 24.718327   ::1 52987   ::1 666 TCP 64  52987 → 666 [ACK] Seq=1784 Ack=204 Win=2160384 Len=0
    425 24.735198   ::1 666 ::1 52987   TLSv1.3 1005    Application Data
    426 24.735220   ::1 52987   ::1 666 TCP 64  52987 → 666 [ACK] Seq=1784 Ack=1145 Win=2159360 Len=0
    467 25.392973   ::1 666 ::1 52987   TLSv1.3 366 Application Data
    468 25.392994   ::1 52987   ::1 666 TCP 64  52987 → 666 [ACK] Seq=1784 Ack=1447 Win=2159104 Len=0
    469 25.393112   ::1 52987   ::1 666 TLSv1.3 94  Change Cipher Spec, Application Data
    470 25.393121   ::1 666 ::1 52987   TCP 64  666 → 52987 [ACK] Seq=1447 Ack=1814 Win=63722 Len=0
    471 25.393160   ::1 52987   ::1 666 TCP 64  52987 → 666 [FIN, ACK] Seq=1814 Ack=1447 Win=2159104 Len=0
    472 25.393166   ::1 666 ::1 52987   TCP 64  666 → 52987 [ACK] Seq=1447 Ack=1815 Win=63722 Len=0
    473 25.407660   ::1 666 ::1 52987   TLSv1.3 154 Application Data
    474 25.407677   ::1 52987   ::1 666 TCP 64  52987 → 666 [RST, ACK] Seq=1815 Ack=1537 Win=0 Len=0
    809 54.491816   ::1 52986   ::1 443 TCP 64  52986 → 443 [FIN ...
(more)
edit retag flag offensive close merge delete

Comments

Can't seem to get this to render as the list that it is. The viewer ignores the end-lines that are in the original. But, clicking on 'edit' turns it back into a list for some reason.

TomKnud gravatar imageTomKnud ( 2023-11-29 20:50:22 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2023-11-29 22:52:49 +0000

André gravatar image

updated 2023-11-29 22:55:20 +0000

I see 2 TLS sessions.

The first:
The client (browser) closes the session after 30 seconds (frame 809). Most likely a timeout. The Server Hello comes too late.

No. Time Source Source Port Destination Destination Port Protocol Length Info
306 24.485320 ::1 52986 ::1 443 TCP 76 52986 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM
307 24.485360 ::1 443 ::1 52986 TCP 76 443 → 52986 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM
308 24.485383 ::1 52986 ::1 443 TCP 64 52986 → 443 [ACK] Seq=1 Ack=1 Win=2160640 Len=0
309 24.485652 ::1 52986 ::1 443 TLSv1.3 1815 Client Hello (SNI=localhost)
310 24.485671 ::1 443 ::1 52986 TCP 64 443 → 52986 [ACK] Seq=1 Ack=1752 Win=2158848 Len=0
809 54.491816 ::1 52986 ::1 443 TCP 64 52986 → 443 [FIN, ACK] Seq=1752 Ack=1 Win=2160640 Len=0
810 54.491835 ::1 443 ::1 52986 TCP 64 443 → 52986 [ACK] Seq=1 Ack=1753 Win=2158848 Len=0
859 54.566859 ::1 443 ::1 52986 TLSv1.3 191 Server Hello
860 54.566884 ::1 52986 ::1 443 TCP 64 52986 → 443 [RST, ACK] Seq=1753 Ack=128 Win=0 Len=0

The second session:
Again localhost traffic on port 666. Here the TLS v1.3 handshake is successful, but again the client closes the session (frame 471) just after the handshake is complete. The handshake took 906 ms, that is slow.
Maybe the developer tool (F12) in the browser can provide more information. Since the server is running locally, look into its (debug) logs.

311 24.487282 ::1 52987 ::1 666 TCP 76 52987 → 666 [SYN] Seq=0 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM
312 24.487310 ::1 666 ::1 52987 TCP 76 666 → 52987 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=65475 WS=2 SACK_PERM
313 24.487329 ::1 52987 ::1 666 TCP 64 52987 → 666 [ACK] Seq=1 Ack=1 Win=2160640 Len=0
314 24.487598 ::1 52987 ::1 666 TLSv1.3 1847 Client Hello (SNI=localhost)
315 24.487619 ::1 666 ::1 52987 TCP 64 666 → 52987 [ACK] Seq=1 Ack=1784 Win=63752 Len=0
371 24.609527 ::1 666 ::1 52987 TLSv1.3 191 Server Hello
372 24.609546 ::1 52987 ::1 666 TCP 64 52987 → 666 [ACK] Seq=1784 Ack=128 Win=2160384 Len=0
421 24.712778 ::1 666 ::1 52987 TLSv1.3 70 Change Cipher Spec
422 24.712798 ::1 52987 ::1 666 TCP 64 52987 → 666 [ACK] Seq=1784 Ack=134 Win=2160384 Len=0
423 24.718309 ::1 666 ::1 52987 TLSv1.3 134 Application Data
424 24.718327 ::1 52987 ::1 666 TCP 64 52987 → 666 [ACK] Seq=1784 Ack=204 Win=2160384 Len=0
425 24.735198 ::1 666 ::1 52987 TLSv1.3 1005 Application Data
426 24.735220 ::1 52987 ::1 666 TCP 64 ...
(more)
edit flag offensive delete link more

Comments

Thanks, seems correct. I'm wondering why it went so slow. As you might guess this is all in the loopback interface and some code running in Eclipse.

TomKnud gravatar imageTomKnud ( 2023-11-29 23:17:45 +0000 )edit

The one of those that opened and closed almost immediately, is still a mystery to me. It seems to result when I allocate java Socket, which then does this twice, once where it immediately closes. The other, you were dead on, I was blocking for data which ends when a FIN,ACK comes in. Then, I try to send it back, lol, getting the RST,ACK.

TomKnud gravatar imageTomKnud ( 2023-11-30 16:46:40 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-11-29 19:22:18 +0000

Seen: 360 times

Last updated: Nov 29 '23