February 7th, 2013, 06:34 AM
Open SSL Communication TimeOut(SSL_CTX_set_timeout) Problem
I am using Open SSL for Client Server Communication.It is working fine but session time out is not working.
Below is the code
if(SSL_library_init() != 1)
return -1; //SSl Library init fail
SSL_load_error_strings(); /* Load the error strings for SSL & CRYPTO APIs */
meth = SSLv3_method(); /* Create an SSL_METHOD structure*/
ctx = SSL_CTX_new(meth);
But SSL_CTX_set_timeout(ctx,180) is not working even though the
client does not receive any message from server for more than 5 min.
Kindly advice me to solve the issue.
February 7th, 2013, 06:39 AM
SSL Communication time out problem
February 8th, 2013, 12:16 AM
Setting the timeout on an SSL session causes the session to expire after the timeout, but that just means that the client has to create a new SSL session with a full handshake next time he connects (because a new connection cannot join an expired session). It doesn't mean that the existing connection gets invalidated.
SSL setup and data exchange over a TCP connection takes place in two phases: handshake and data transfer. The handshake phase involves negotiation of the cipher-suite, authentication of end-points and agreement on cryptographic keys for subsequent encryption and decryption of application data. This establishes a SSL Session between two end-points. The data transfer phase involves message digest computation, encryption and transmission of the encrypted data blocks at one end and reception, decryption and digest verification at the other end.
If a client has a invalid session because the session timed out, it has to go thru the handshaking process again. But the underlying TCP connection is still valid
The timeout is probably working since you didn't post the complete code but it appears that it is not working in the way I believe you expect it to work.