EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Cipher renegotiation

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#14347
Posted: 09/02/2010 06:23:15
by Scott Radden (Basic support level)
Joined: 09/02/2010
Posts: 7

I'm evaluating your SecureBlackBox SSL libraries, particularly the RenegotiateCiphers() functionality.

I have amended your SSLBlackBox\Server\SSLSocketDemo\Client sample to include a callback for the OnCiphersNegotiated event.

sslClient.OnCiphersNegotiated += delegate { LogEvent("Ciphers Renegotiated."); };

Then added another control to the form that initiates renegotiation:

private void btnReneg_Click(object sender, EventArgs e)
{
if (sslClient != null)
sslClient.RenegotiateCiphers();
}

However the OnCiphersNegotiated doesn't get raised.

Additionally when i attempt to renegotiate again the following SocketException is raised:

SocketErrorCode: SocketError.ConnectionAborted
Message: An established connection was aborted by the software in your host machine.
NativeErrorCode: 10053
#14348
Posted: 09/02/2010 08:19:02
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Which server software you are using, and does it support cipher renegotiation?
#14351
Posted: 09/02/2010 09:13:43
by Scott Radden (Basic support level)
Joined: 09/02/2010
Posts: 7

ElServerSSLSocket which i believe does support cipher renegotiation.
#14353
Posted: 09/02/2010 11:02:10
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Since ElServerSSLSocket closes the connection, it should return an error, or throw an exception. Have you checked it?
#14354
Posted: 09/02/2010 11:07:35
by Scott Radden (Basic support level)
Joined: 09/02/2010
Posts: 7

Have you checked it? [QUOTE]

Checked what exactly? I have turned on Break when an exception is thrown in the VS IDE but nothing occurs. Should i try enclosing RenegotiateCiphers() in a try..catch block?
#14355
Posted: 09/02/2010 11:16:49
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Check, if ServerSSLSocket throws any exception,or fires OnError event.
#14359
Posted: 09/03/2010 02:33:19
by Scott Radden (Basic support level)
Joined: 09/02/2010
Posts: 7

The Server sample code has wired up a callback for the OnError event:

sslServer.OnError += new SBSSLCommon.TSBErrorEvent(sslServer_OnError);

But the event handler isn't being called either??
#14361
Posted: 09/03/2010 05:49:04
by Ken Ivanov (EldoS Corp.)

Are the changes you described in the very first message the only changes you have introduced to the samples? If they are, then the things won't work as you expect them to. Both the client and the server parts only do simple jobs (send a request and receive a response, and receive a request and send a response correspondingly). Once the job is done, both parties immediately close the connection. I.e. it seems that you are invoking RenegotiateCiphers() on a client which is in the "closing" or "closed" state, getting the reasonable "connection closed" exception.
#14362
Posted: 09/03/2010 06:55:37
by Scott Radden (Basic support level)
Joined: 09/02/2010
Posts: 7

Quote
Are the changes you described in the very first message the only changes you have introduced to the samples?


No I also made the following amendments to prevent the socket from closing:

On Server sample.
WriteServerResponse:: I have commented out m_Socket.Close(true) in the finally block.

On Client sample.
I have commented out the call to Reset(sslClient) when connected synchronously.

Monitoring the process' using Process Explorer i can see the TCP socket remains open after the client and server have communicated so I'm confident that the socket is still open when i call RenegotiateCiphers().

Additionally I'm using MS Network Monitor 3.4 which shows a SSL handshake packet between the client and server. Unfortunately no event is being raised.
#14363
Posted: 09/03/2010 07:32:34
by Ken Ivanov (EldoS Corp.)

Thank you for the explanation, now the things are more clear.

One small question: do you perform any Receive() call on server side after calling RenegotiateCiphers() on client side? The reason why I am asking is that the components working in synchronous mode are inactive by themselves. I.e. they do not do any work unless being pushed by a user with say Send() or Receive() method call (this is a general concept of any synchronous component -- it only does some work in response to user-driven method invocation and does not do any work after that method returns). Not being pushed by a user code, the server component is not able to check that there is a renegotiation packet in the queue, and thus cannot respond to client's renegotiation request.

A common approach to building persistent connections with the use of synchronous sockets is implementing a send/receive loop (this loop is usually put to a separate thread to prevent UI locking):

while (Connected)
{
SendPendingDataToSocket();
if (IncomingDataAvailable())
{
ReceiveDataFromSocket();
}
}
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 2871 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!