1

I'm a bit stumped by what I'm seeing in wireshark. I am attempting a TLS session resume from a client 10.66.128.10 to server 10.26.0.196, and am seeing an unexpected event - the client is sending the Change Cipher Spec and Encrypted Handshake message in two separate messages, and waiting for TCP ACKS for each:

enter image description here

According to everything I've read online, this should come in one message - one great aspect of a resume is we don't have that extra RTT. Here is an example website that says this...https://vincent.bernat.ch/en/blog/2011-ssl-session-reuse-rfc5077

The issue is clear... time. This costs us about 0.6s which is huge for our application.

Is this expected or configurable?

Thanks!

Code Wiget
  • 163
  • 1
  • 5
  • 1
    I'm not really an expert on this, but I think this is a peculiarity of the client you're using (which is it?). Even in your example, your server is sending its Finished message along with the previous ChangeCipherSpec in a single TCP segment. This doesn't seem to have anything to do with session resumption, by the way. – gbr Oct 04 '18 at 20:05
  • Note that you'd probably have better luck by asking this on https://security.stackexchange.com/ or https://crypto.stackexchange.com/ – gbr Oct 04 '18 at 20:16
  • 1
    @gbr it was a "feature" of the client. I tested with openssl and all of the messages were grouped. I enabled grouping on the wolfssl client and it worked like a charm! – Code Wiget Oct 08 '18 at 20:34
  • 1
    Great. I wasn't aware that it was configurable on some clients. BTW, it sure isn't clear what those WolfSSL's set_group_messages options do from their documentation... – gbr Oct 09 '18 at 14:11

0 Answers0