If you change the ssl config per location, there is an ssl renegotiation. On Mar 11, 2013 8:54 AM, "chima s" <chim...@gmail.com> wrote:
> Hi All, > > I found 2 “Change Cipher Spec”, only when i am using the "Location" > tag. I am using "Location" tag as i don't want SSL Mutual > authentication for all the URLs. > > Why i am getting 2 “Change Cipher Spec” when i am using "Location" tag. > > Regards > Chima > > On Mon, Mar 11, 2013 at 2:45 PM, chima s <chim...@gmail.com> wrote: > > Hi > > > > We are using apache as reverse proxy and backend as tomact. > > > > In Apache we are terminating the SSL connection and also enabled the > > client authentication. > > > > We are using soapui to test the connectivity and wireshark to check > > the SSL handshake. > > > > Below is wireshark flow dump. I noticed 2 “Change Cipher Spec” > > messages (2903 and 2999). Why there is 2 “Change Cipher Spec” and is > > this normal ? > > > > No. Time Source Destination > > Protocol Length Info > > 2811 3.440639 172.168.78.64 10.250.250.188 TCP > > 74 36556 > https [SYN, ECN, CWR] Seq=0 Win=5840 Len=0 MSS=1460 > > SACK_PERM=1 TSval=3497146518 TSecr=0 WS=256 > > 2843 3.457441 10.250.250.188 172.168.78.64 TCP > > 74 https > 36556 [SYN, ACK, ECN] Seq=0 Ack=1 Win=5792 Len=0 > > MSS=1380 SACK_PERM=1 TSval=2174348895 TSecr=3497146518 WS=128 > > 2844 3.457459 172.168.78.64 10.250.250.188 TCP > > 66 36556 > https [ACK] Seq=1 Ack=1 Win=5888 Len=0 > > TSval=3497146522 TSecr=2174348895 > > 2845 3.457683 172.168.78.64 10.250.250.188 TLSv1 > > 173 Client Hello > > 2865 3.473604 10.250.250.188 172.168.78.64 TCP > > 66 https > 36556 [ACK] Seq=1 Ack=108 Win=5888 Len=0 > > TSval=2174348912 TSecr=3497146522 > > 2888 3.482350 10.250.250.188 172.168.78.64 TLSv1 > > 1434 Server Hello > > 2889 3.482356 172.168.78.64 10.250.250.188 TCP > > 66 36556 > https [ACK] Seq=108 Ack=1369 Win=8960 Len=0 > > TSval=3497146528 TSecr=2174348920 > > 2890 3.482359 10.250.250.188 172.168.78.64 TCP > > 1434 [TCP segment of a reassembled PDU] > > 2891 3.482363 172.168.78.64 10.250.250.188 TCP > > 66 36556 > https [ACK] Seq=108 Ack=2737 Win=11776 Len=0 > > TSval=3497146528 TSecr=2174348920 > > 2892 3.482366 10.250.250.188 172.168.78.64 TLSv1 > > 1426 Certificate > > 2893 3.482371 172.168.78.64 10.250.250.188 TCP > > 66 36556 > https [ACK] Seq=108 Ack=4097 Win=14592 Len=0 > > TSval=3497146528 TSecr=2174348920 > > 2898 3.509659 10.250.250.188 172.168.78.64 TLSv1 > > 465 Server Key Exchange > > 2899 3.509666 172.168.78.64 10.250.250.188 TCP > > 66 36556 > https [ACK] Seq=108 Ack=4496 Win=17152 Len=0 > > TSval=3497146535 TSecr=2174348937 > > 2900 3.517916 172.168.78.64 10.250.250.188 TLSv1 > > 264 Client Key Exchange, Change Cipher Spec, Encrypted Handshake > > Message > > 2903 3.541547 10.250.250.188 172.168.78.64 TLSv1 > > 125 Change Cipher Spec, Encrypted Handshake Message > > 2904 3.541700 172.168.78.64 10.250.250.188 TLSv1 > > 375 Application Data > > 2905 3.541777 172.168.78.64 10.250.250.188 TLSv1 > > 343 Application Data > > 2939 3.562193 10.250.250.188 172.168.78.64 TCP > > 66 https > 36556 [ACK] Seq=4555 Ack=892 Win=9088 Len=0 > > TSval=2174349001 TSecr=3497146543 > > 2940 3.562846 10.250.250.188 172.168.78.64 TLSv1 > > 103 Encrypted Handshake Message > > 2941 3.562945 172.168.78.64 10.250.250.188 TLSv1 > > 183 Encrypted Handshake Message > > 2955 3.587402 10.250.250.188 172.168.78.64 TLSv1 > > 1434 Encrypted Handshake Message > > 2956 3.587919 10.250.250.188 172.168.78.64 TLSv1 > > 1434 Encrypted Handshake Message > > 2957 3.587928 172.168.78.64 10.250.250.188 TCP > > 66 36556 > https [ACK] Seq=1009 Ack=7328 Win=23040 Len=0 > > TSval=3497146554 TSecr=2174349026 > > 2958 3.587932 10.250.250.188 172.168.78.64 TLSv1 > > 582 Encrypted Handshake Message > > 2963 3.597538 172.168.78.64 10.250.250.188 TLSv1 > > 1434 Encrypted Handshake Message > > 2964 3.597543 172.168.78.64 10.250.250.188 TLSv1 > > 371 Encrypted Handshake Message > > 2983 3.613528 10.250.250.188 172.168.78.64 TCP > > 66 https > 36556 [ACK] Seq=7844 Ack=2682 Win=14720 Len=0 > > TSval=2174349052 TSecr=3497146557 > > 2999 3.620452 10.250.250.188 172.168.78.64 TLSv1 > > 156 Change Cipher Spec, Encrypted Handshake Message > > 3001 3.637337 10.250.250.188 172.168.78.64 TLSv1 > > 609 Application Data, Application Data, Application Data > > 3002 3.637472 172.168.78.64 10.250.250.188 TCP > > 66 36556 > https [ACK] Seq=2682 Ack=8477 Win=28416 Len=0 > > TSval=3497146567 TSecr=2174349059 > > 3003 3.640371 10.250.250.188 172.168.78.64 TLSv1 > > 103 Application Data > > 3106 3.676451 172.168.78.64 10.250.250.188 TCP > > 66 36556 > https [ACK] Seq=2682 Ack=8514 Win=28416 Len=0 > > TSval=3497146577 TSecr=2174349079 > > 7214 8.646676 10.250.250.188 172.168.78.64 TCP > > 66 https > 36556 [FIN, ACK] Seq=8514 Ack=2682 Win=14720 Len=0 > > TSval=2174354085 TSecr=3497146577 > > 7215 8.646809 172.168.78.64 10.250.250.188 TLSv1 > > 103 Encrypted Alert > > 7216 8.646853 172.168.78.64 10.250.250.188 TCP > > 66 36556 > https [FIN, ACK] Seq=2719 Ack=8515 Win=28416 Len=0 > > TSval=3497147819 TSecr=2174354085 > > 7261 8.661712 10.250.250.188 172.168.78.64 TCP > > 66 https > 36556 [ACK] Seq=8515 Ack=2720 Win=14720 Len=0 > > TSval=2174354101 TSecr=3497147819 > > > > > > Regards > > Chima > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
