Re: ssl handshake with multiple tcp connect?
On 8/25/2011 6:04 AM, Arjan Filius wrote: Hello, today i ran into a situation, where i notice firefox/chrome and gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl s_client takes only one. one tcp session is what i expect, and i hope someone may have an explanation. compared the gnutls-cli with openssl s_client as thay would do no http interpretation, and are easely reproduced by commandline: gnutls-cli --insecure -V -r www.xs4all.nl /dev/null uses 3 tcp sessions to complete openssl s_client -connect www.xs4all.nl:443 /dev/null uses 1 tcp session to complete Any idea how that may come? until now, i was under the impression a ssl session setup should only use 1 tcp session (apart from ocsp/crl checks) Why are you passing '-r' to gnutls-cli? You are asking it to try to resume the session on a new TCP connection. (I count two connections.) DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ssl handshake with multiple tcp connect?
Hello David, thanks for your reply, and that's correct. that was it for gnutls-cli. after a confusing day, one of the original item triggered my firefox browser, i thought reproduced with gnutls-cli. In the end it was a simpel favicon issue, which kept connecting (no cache). regards, On Thu, 2011-08-25 at 23:00 -0700, David Schwartz wrote: On 8/25/2011 6:04 AM, Arjan Filius wrote: Hello, today i ran into a situation, where i notice firefox/chrome and gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl s_client takes only one. one tcp session is what i expect, and i hope someone may have an explanation. compared the gnutls-cli with openssl s_client as thay would do no http interpretation, and are easely reproduced by commandline: gnutls-cli --insecure -V -r www.xs4all.nl /dev/null uses 3 tcp sessions to complete openssl s_client -connect www.xs4all.nl:443 /dev/null uses 1 tcp session to complete Any idea how that may come? until now, i was under the impression a ssl session setup should only use 1 tcp session (apart from ocsp/crl checks) Why are you passing '-r' to gnutls-cli? You are asking it to try to resume the session on a new TCP connection. (I count two connections.) DS
ssl handshake with multiple tcp connect?
Hello, today i ran into a situation, where i notice firefox/chrome and gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl s_client takes only one. one tcp session is what i expect, and i hope someone may have an explanation. compared the gnutls-cli with openssl s_client as thay would do no http interpretation, and are easely reproduced by commandline: gnutls-cli --insecure -V -r www.xs4all.nl /dev/null uses 3 tcp sessions to complete openssl s_client -connect www.xs4all.nl:443 /dev/null uses 1 tcp session to complete Any idea how that may come? until now, i was under the impression a ssl session setup should only use 1 tcp session (apart from ocsp/crl checks) Thanks in advance Regards, -- Arjan Filius mailto:iafil...@xs4all.nl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org