Article delegate-en <_A3108@delegate-en.ML_>
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[delegate-en/3108]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] SSL disconnect problem
25 Jan 2006 07:03:13 GMT peqgabdyi.ml@ml.delegate.org


Hi,

Thanks for a great application. Unfortunaly we have ha problem with the 
ssl part. 

We are running Delegate 9.0.5/6 on windows 2003 server.

It looks like when the delegate application receive a "SSL shutdown alert" 
it does not handle it correct and the sessions stays up in the server for 
30 seconds(minimun tcp_wait time in windows), because of that delegate are 
unable to set up a new session from the same client within the 30 seconds.

(Ehereal log fragment)
                               Sender               Destination
33    13.500888    10.1.1.x           212.213.51.x    TCP    1026 > https 
[ACK] Seq=613 Ack=1529 Win=1500 Len=0 
34    13.520005    212.213.51.x    10.1.1.x           SSLv3  Application 
Data 
35    13.523312    10.1.1.x          212.213.51.x    TCP    1026 > https 
[ACK] Seq=613 Ack=1586 Win=1500 Len=0 
36    13.875400    10.1.1.x          212.213.51.x    SSLv3  Encrypted 
Alert 
37    13.921090    212.213.51.x    10.1.1.x          TCP    https > 1026 
[FIN  ACK] Seq=1586 Ack=636 Win=65512 Len=0 
38    13.923773    10.1.1.x          212.213.51.x    TCP    1026 > https 
[FIN  ACK] Seq=636 Ack=1587 Win=1500 Len=0 
39    13.965846    212.213.51.x    10.1.1.x          TCP    https > 1026 
[ACK] Seq=1587 Ack=637 Win=65512 Len=0 

If I have understod the SSL protocol right, the delegate server need to 
send an ack for the encrypted alert or do nothing with it (that works 
also), now it starts to shutdown the session by it self and the client and 
delegate failes to shutdown the sessions and both ends.

Is this a known "feature" and are there any solution for it? 
I really need this problem solved asap because it is a major problem for 
us.

Best regards

-------------------------------------------------------------------------------
Johan Bäck
Network Manager

Oy EKM Service Ab
Bangatan 10 - 10600 Ekenäs -Finland
Tel: 000-000 0001 Fax: 000-000 0001
GSM: 000-000 0001
e-mail: peqgabdyi.ml@ml.delegate.org

http://www.ekm.fi
http://www.surfnet.fi

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V