SslHandler renegotiation

[joongonn]

Using v4 for a SmtpServer project; while using openssl s_client to test StartTLS I find that client initiated renegotiation isn't working (channel goes dead). Stepped through in debug and seems that this case in SslHandler https://github.com/joongonn/netty/commit/57e9ef8db63b68d92b2f9849a0ebe2797a8f48fa ought to be handled as such. Can anyone confirm?

Separate test against the stock SecureChatServer example:

$ openssl s_client -connect localhost:8443
CONNECTED(00000003)
depth=0 C = KR, ST = Kyunggi-do, ...
...

---
Welcome to gene secure chat service!
Your session is protected by TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.
test 1
[you] test 1
R

Server stops responding after the R renegotiation command.

Expected Result (with fix)

---
Welcome to gene secure chat service!
Your session is protected by TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.
test 1
[you] test 1
R
RENEGOTIATING
depth=0 C = KR, ST = Kyunggi-do, L = Seongnam-si, O = The Netty Project, OU = Contributors, CN = securechat.example.netty.gleamynode.net
verify error:num=18:self signed certificate
verify return:1
depth=0 C = KR, ST = Kyunggi-do, L = Seongnam-si, O = The Netty Project, OU = Contributors, CN = securechat.example.netty.gleamynode.net
verify return:1
test 2
[you] test 2

[normanmaurer]

@joongonn not sure I understand.. do you say the listed commit fix it ?

[joongonn]

Yes my commit fixes it but I'm not familiar enough with TLS/SslEngine internals to confirm that this is the correct thing to do, so checking around

On 2013-11-03, at 10:46 AM, Norman Maurer notifications@github.com wrote:

@joongonn not sure I understand.. do you say the listed commit fix it ?

�
Reply to this email directly or view it on GitHub.

[trustin]

Thanks for reporting the problem. I made the proper fix. :-)

[joongonn]

Thanks for the quick response!

On a side note, I vaguely remember akka-io exhibiting the same behavior (2.2M or something) when I was playing with it. You guys may want to tweet them or something in case it's the genuine same issue.

[normanmaurer]

Thx... Pinged the typesafe guys

Am 04.11.2013 um 17:13 schrieb joongonn notifications@github.com:

Thanks for the quick response!

On a side note, I vaguely remember akka-io exhibiting the same behavior (2.2M or something) when I was playing with it. You guys may want to tweet them or something in case it's the genuine same issue.

—
Reply to this email directly or view it on GitHub.

[viktorklang]

Thanks for the ping!

[normanmaurer]

@viktorklang I will charge Heiko for a beer at WJAX ;)

[trustin]

@viktorklang Off topic, but you might also be interested in our HashedWheelTimer fixes: 3c7d458 and 285dd79

[viktorklang]

Thanks for the heads-up @trustin!

(We recently switched from HWT to our own timer architecture)

[normanmaurer]

Do you have a link?

Am 05.11.2013 um 11:46 schrieb Viktor Klang (√) notifications@github.com:

Thanks for the heads-up @trustin!

(We recently switched from HWT to our own timer architecture)

—
Reply to this email directly or view it on GitHub.

[viktorklang]

https://github.com/akka/akka/blob/master/akka-actor/src/main/scala/akka/actor/Scheduler.scala#L183

[normanmaurer]

Thanks will check out :)

Am 05.11.2013 um 12:03 schrieb Viktor Klang (√) notifications@github.com:

https://github.com/akka/akka/blob/master/akka-actor/src/main/scala/akka/actor/Scheduler.scala#L183

—
Reply to this email directly or view it on GitHub.