Apache Reverse Proxy with SSL mutul Auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

We are using apache as reverse proxy and backend as tomact.

In Apache we are terminating the SSL connection and also enabled the
client authentication.

We are using soapui to test the connectivity and wireshark to check
the SSL handshake.

Below is wireshark flow dump. I noticed 2 “Change Cipher Spec”
messages (2903 and 2999).  Why there is 2 “Change Cipher Spec” and is
this normal ?

No.     Time        Source                Destination
Protocol Length Info
   2811 3.440639    172.168.78.64         10.250.250.188         TCP
   74     36556 > https [SYN, ECN, CWR] Seq=0 Win=5840 Len=0 MSS=1460
SACK_PERM=1 TSval=3497146518 TSecr=0 WS=256
   2843 3.457441    10.250.250.188         172.168.78.64         TCP
   74     https > 36556 [SYN, ACK, ECN] Seq=0 Ack=1 Win=5792 Len=0
MSS=1380 SACK_PERM=1 TSval=2174348895 TSecr=3497146518 WS=128
   2844 3.457459    172.168.78.64         10.250.250.188         TCP
   66     36556 > https [ACK] Seq=1 Ack=1 Win=5888 Len=0
TSval=3497146522 TSecr=2174348895
   2845 3.457683    172.168.78.64         10.250.250.188         TLSv1
   173    Client Hello
   2865 3.473604    10.250.250.188         172.168.78.64         TCP
   66     https > 36556 [ACK] Seq=1 Ack=108 Win=5888 Len=0
TSval=2174348912 TSecr=3497146522
   2888 3.482350    10.250.250.188         172.168.78.64         TLSv1
   1434   Server Hello
   2889 3.482356    172.168.78.64         10.250.250.188         TCP
   66     36556 > https [ACK] Seq=108 Ack=1369 Win=8960 Len=0
TSval=3497146528 TSecr=2174348920
   2890 3.482359    10.250.250.188         172.168.78.64         TCP
   1434   [TCP segment of a reassembled PDU]
   2891 3.482363    172.168.78.64         10.250.250.188         TCP
   66     36556 > https [ACK] Seq=108 Ack=2737 Win=11776 Len=0
TSval=3497146528 TSecr=2174348920
   2892 3.482366    10.250.250.188         172.168.78.64         TLSv1
   1426   Certificate
   2893 3.482371    172.168.78.64         10.250.250.188         TCP
   66     36556 > https [ACK] Seq=108 Ack=4097 Win=14592 Len=0
TSval=3497146528 TSecr=2174348920
   2898 3.509659    10.250.250.188         172.168.78.64         TLSv1
   465    Server Key Exchange
   2899 3.509666    172.168.78.64         10.250.250.188         TCP
   66     36556 > https [ACK] Seq=108 Ack=4496 Win=17152 Len=0
TSval=3497146535 TSecr=2174348937
   2900 3.517916    172.168.78.64         10.250.250.188         TLSv1
   264    Client Key Exchange, Change Cipher Spec, Encrypted Handshake
Message
   2903 3.541547    10.250.250.188         172.168.78.64         TLSv1
   125    Change Cipher Spec, Encrypted Handshake Message
   2904 3.541700    172.168.78.64         10.250.250.188         TLSv1
   375    Application Data
   2905 3.541777    172.168.78.64         10.250.250.188         TLSv1
   343    Application Data
   2939 3.562193    10.250.250.188         172.168.78.64         TCP
   66     https > 36556 [ACK] Seq=4555 Ack=892 Win=9088 Len=0
TSval=2174349001 TSecr=3497146543
   2940 3.562846    10.250.250.188         172.168.78.64         TLSv1
   103    Encrypted Handshake Message
   2941 3.562945    172.168.78.64         10.250.250.188         TLSv1
   183    Encrypted Handshake Message
   2955 3.587402    10.250.250.188         172.168.78.64         TLSv1
   1434   Encrypted Handshake Message
   2956 3.587919    10.250.250.188         172.168.78.64         TLSv1
   1434   Encrypted Handshake Message
   2957 3.587928    172.168.78.64         10.250.250.188         TCP
   66     36556 > https [ACK] Seq=1009 Ack=7328 Win=23040 Len=0
TSval=3497146554 TSecr=2174349026
   2958 3.587932    10.250.250.188         172.168.78.64         TLSv1
   582    Encrypted Handshake Message
   2963 3.597538    172.168.78.64         10.250.250.188         TLSv1
   1434   Encrypted Handshake Message
   2964 3.597543    172.168.78.64         10.250.250.188         TLSv1
   371    Encrypted Handshake Message
   2983 3.613528    10.250.250.188         172.168.78.64         TCP
   66     https > 36556 [ACK] Seq=7844 Ack=2682 Win=14720 Len=0
TSval=2174349052 TSecr=3497146557
   2999 3.620452    10.250.250.188         172.168.78.64         TLSv1
   156    Change Cipher Spec, Encrypted Handshake Message
   3001 3.637337    10.250.250.188         172.168.78.64         TLSv1
   609    Application Data, Application Data, Application Data
   3002 3.637472    172.168.78.64         10.250.250.188         TCP
   66     36556 > https [ACK] Seq=2682 Ack=8477 Win=28416 Len=0
TSval=3497146567 TSecr=2174349059
   3003 3.640371    10.250.250.188         172.168.78.64         TLSv1
   103    Application Data
   3106 3.676451    172.168.78.64         10.250.250.188         TCP
   66     36556 > https [ACK] Seq=2682 Ack=8514 Win=28416 Len=0
TSval=3497146577 TSecr=2174349079
   7214 8.646676    10.250.250.188         172.168.78.64         TCP
   66     https > 36556 [FIN, ACK] Seq=8514 Ack=2682 Win=14720 Len=0
TSval=2174354085 TSecr=3497146577
   7215 8.646809    172.168.78.64         10.250.250.188         TLSv1
   103    Encrypted Alert
   7216 8.646853    172.168.78.64         10.250.250.188         TCP
   66     36556 > https [FIN, ACK] Seq=2719 Ack=8515 Win=28416 Len=0
TSval=3497147819 TSecr=2174354085
   7261 8.661712    10.250.250.188         172.168.78.64         TCP
   66     https > 36556 [ACK] Seq=8515 Ack=2720 Win=14720 Len=0
TSval=2174354101 TSecr=3497147819


Regards
Chima

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux