#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    2
    Rep Power
    0

    Open SSL Communication TimeOut(SSL_CTX_set_timeout) Problem


    Dear All,
    I am using Open SSL for Client Server Communication.It is working fine but session time out is not working.

    Below is the code
    -----------------------
    SSL_CTX *ctx;
    OpenSSL_add_all_algorithms();
    if(SSL_library_init() != 1)
    return -1; //SSl Library init fail
    SSL_load_error_strings(); /* Load the error strings for SSL & CRYPTO APIs */
    meth = SSLv3_method(); /* Create an SSL_METHOD structure*/
    ctx = SSL_CTX_new(meth);
    SSL_CTX_set_timeout(ctx,180);//set timeout


    But SSL_CTX_set_timeout(ctx,180) is not working even though the
    client does not receive any message from server for more than 5 min.

    Kindly advice me to solve the issue.

    Regards
    SAM
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    2
    Rep Power
    0
    SSL Communication time out problem
    SSL_CTX_set_timeout(ctx,180)//not working
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    187
    Rep Power
    83
    Setting the timeout on an SSL session causes the session to expire after the timeout, but that just means that the client has to create a new SSL session with a full handshake next time he connects (because a new connection cannot join an expired session). It doesn't mean that the existing connection gets invalidated.

    SSL setup and data exchange over a TCP connection takes place in two phases: handshake and data transfer. The handshake phase involves negotiation of the cipher-suite, authentication of end-points and agreement on cryptographic keys for subsequent encryption and decryption of application data. This establishes a SSL Session between two end-points. The data transfer phase involves message digest computation, encryption and transmission of the encrypted data blocks at one end and reception, decryption and digest verification at the other end.

    If a client has a invalid session because the session timed out, it has to go thru the handshaking process again. But the underlying TCP connection is still valid

    The timeout is probably working since you didn't post the complete code but it appears that it is not working in the way I believe you expect it to work.

IMN logo majestic logo threadwatch logo seochat tools logo