EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Unable to reuse SSL connection in Java

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
Posted: 06/23/2015 12:08:30
by Mathieu Sivade (Standard support level)
Joined: 06/23/2015
Posts: 1


We are using SecureBlackBox in an Android project and are looking right now at the performance side of things.
We issue several POST requests over HTTPS to the same server. Using wireshark, we noticed that for each POST request the TCP (and SSL) connection is created, the HTTP request processed then the connection gets destroyed gracefully (see excerpt at the end of the post). Obviously we want SecureBlackBox to reuse the SSL connection.

Code-wise, this is essentially what we do (actual code spanning over several classes, summarized here):
void setup() {
/* done once */
TElHTTPSClient httpsClient = new TElHTTPSClient();
//skipping certificate-related settings

//several other event handlers are used too
httpsClient.setOnData(new TSBDataEvent(new TSBDataEvent.Callback() {
   public void tsbDataEventCallback(TObject tObject, byte[] bytes) {
      sbResponse.append(new String(bytes, Charset.forName("UTF-8")));

void doRequest() {
/* called for each request on the same httpsClient instance */
httpsClient.post(url, requestData);
String response = sbResponse.toString();

With the code above, the connection is open and closed during the call to httpsClient.post (observed using breakpoints and wireshark simultaneously). None of our code calls httpsClient.close(), so I figure it is a matter of using the API in just the right way?

What I tried :

  • Setting some properties of the TElHTTPSClient to force the reuse of the connection (hence the experimental use of setUseSSLSessionResumption and setPreferKeepAlive).
  • Listening for OnCloseConnection events to figure out the stacktrace leading to the closure, but the listener was not called.
  • Creating the SSL connection explicitely by using setAddress, setPort and open() in the setup phase (and close later). It did open the SSL connection, but it was closed anyway as soon as httpsClient.post(url, requestData) completed. Also this led to a NullPointerException from within SBB (see below).

So what is the proper way to reuse the SSL connection?

This what the wireshark summary of a single request looks like :

277 3.766903000 TCP 66 60383→443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
278 3.767263000 TCP 66 443→60383 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=128
279 3.767343000 TCP 54 60383→443 [ACK] Seq=1 Ack=1 Win=65536 Len=0
280 3.772572000 TLSv1.2 335 Client Hello
281 3.773867000 TCP 60 443→60383 [ACK] Seq=1 Ack=282 Win=15744 Len=0
282 3.775512000 TLSv1.2 1514 Server Hello, Certificate, Server Key Exchange
283 3.775514000 TLSv1.2 161 Certificate Request, Server Hello Done
284 3.775643000 TCP 54 60383→443 [ACK] Seq=282 Ack=1568 Win=65536 Len=0
298 3.926587000 TLSv1.2 1227 Certificate
299 3.967181000 TCP 60 443→60383 [ACK] Seq=1568 Ack=1455 Win=18048 Len=0
345 4.183640000 TLSv1.2 193 Client Key Exchange
346 4.184911000 TCP 60 443→60383 [ACK] Seq=1568 Ack=1594 Win=20480 Len=0
379 4.364589000 TLSv1.2 195 Certificate Verify
380 4.366022000 TCP 60 443→60383 [ACK] Seq=1568 Ack=1735 Win=22784 Len=0
381 4.366074000 TLSv1.2 60 Change Cipher Spec
382 4.367429000 TCP 60 443→60383 [ACK] Seq=1568 Ack=1741 Win=22784 Len=0
383 4.375472000 TLSv1.2 99 Encrypted Handshake Message
384 4.376025000 TCP 60 443→60383 [ACK] Seq=1568 Ack=1786 Win=22784 Len=0
385 4.376297000 TLSv1.2 105 Change Cipher Spec, Encrypted Handshake Message
387 4.395744000 TCP 54 60383→443 [FIN, ACK] Seq=1786 Ack=1619 Win=65536 Len=0
388 4.397433000 TLSv1.2 85 Encrypted Alert
389 4.397434000 TCP 60 443→60383 [FIN, ACK] Seq=1650 Ack=1787 Win=22784 Len=0
391 4.397514000 TCP 54 60383→443 [ACK] Seq=1787 Ack=1651 Win=65536 Len=0

This is the NullPointerException stacktrace we get :
java.lang.NullPointerException: null
at SecureBlackbox.Base.SBStrUtils.upperCase(SBStrUtils.pas:4575) ~[na:0.0]
at SecureBlackbox.HTTPClient.TElHTTPSClient.initiateRequest(SBHTTPSClient.pas:2438) ~[na:0.0]
at SecureBlackbox.HTTPClient.TElHTTPSClient.performRequest(SBHTTPSClient.pas:2544) ~[na:0.0]
at SecureBlackbox.HTTPClient.TElHTTPSClient.post(SBHTTPSClient.pas:2886) ~[na:0.0]
//more frames in our packages
Posted: 06/23/2015 12:15:41
by Eugene Mayevski (EldoS Corp.)

As your problem has a very specific nature, I welcome you to continue in HelpDesk ( https://www.eldos.com/helpdesk/ ). I have created a new support ticket based on your above message. You will see your (and only your) support tickets by following this URL. You will also get e-mail notifications about updates related to your support ticket.

Sincerely yours
Eugene Mayevski



Topic viewed 577 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!