Re^3: IS socket messages

Replies are listed 'Best First'.
Re^4: IS socket messages by eth4rendil (Initiate) on Nov 21, 2014 at 10:55 UTC
Thank you for the link. My debug level is set to 3. Here is simplified what I'm trying to ask: My perl script is connected to remote https server and doing repeated actions. Response from the server take 1 second. After those messages appears the response from server takes 5 seconds. It looks like this - POST to server, server respons in 1 sec - POST to server,server respons in 1 sec - POST to server server respons in 1 sec - debug messages appears - POST to server server respons in 5 sec - POST to server server respons in 5 sec Debug messages comes each day in same time. Is this result of Secure Renegotiation or it might be some kind of SSL IDS ? remote server analyse from ssllabs.com: Protocol Details Secure Renegotiation Supported Secure Client-Initiated Renegotiation No Insecure Client-Initiated Renegotiation No BEAST attack Not mitigated server-side (more info) SSL 3: 0x39, TLS 1.0: 0x39 POODLE attack Vulnerable INSECURE (more info) Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more info) TLS compression No RC4 No Heartbeat (extension) No Heartbleed (vulnerability) No (more info) OpenSSL CCS vuln. (CVE-2014-0224) No (more info) Forward Secrecy With some browsers (more info) Next Protocol Negotiation No Session resumption (caching) No (IDs assigned but not accepted) Session resumption (tickets) Yes OCSP stapling No Strict Transport Security (HSTS) Yes max-age=3456000 TOO SHORT (less than 180 days) Long handshake intolerance No TLS extension intolerance No TLS version intolerance TLS 2.98 SSL 2 handshake compatibility Yes Protocols TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 INSECURE Yes SSL 2 No Is there anything I can do to prevent this ?	[reply]

Replies are listed 'Best First'.

Re^4: IS socket messages
by eth4rendil (Initiate) on Nov 21, 2014 at 10:55 UTC

Thank you for the link. My debug level is set to 3. Here is simplified what I'm trying to ask: My perl script is connected to remote https server and doing repeated actions. Response from the server take 1 second. After those messages appears the response from server takes 5 seconds.

It looks like this

- POST to server, server respons in 1 sec
- POST to server,server respons in  1 sec
- POST to server server respons in 1 sec
- debug messages appears
- POST to server server respons in 5 sec 
- POST to server server respons in 5 sec

Debug messages comes each day in same time. Is this result of Secure Renegotiation or it might be some kind of SSL IDS ?

remote server analyse from ssllabs.com:

Protocol Details
Secure Renegotiation	Supported
Secure Client-Initiated Renegotiation	No
Insecure Client-Initiated Renegotiation	No
BEAST attack	Not mitigated server-side (more info)   SSL 3: 0x39, TLS 1.0: 0x39
POODLE attack	Vulnerable   INSECURE (more info)
Downgrade attack prevention	No, TLS_FALLBACK_SCSV not supported (more info)
TLS compression	No
RC4	No
Heartbeat (extension)	No
Heartbleed (vulnerability)	No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)	No (more info)
Forward Secrecy	With some browsers (more info)
Next Protocol Negotiation	No
Session resumption (caching)	No (IDs assigned but not accepted)
Session resumption (tickets)	Yes
OCSP stapling	No
Strict Transport Security (HSTS)	Yes   max-age=3456000   TOO SHORT (less than 180 days)
Long handshake intolerance	No
TLS extension intolerance	No
TLS version intolerance	TLS 2.98 
SSL 2 handshake compatibility	Yes
 

Protocols
TLS 1.2	No
TLS 1.1	No
TLS 1.0	Yes
SSL 3   INSECURE	Yes
SSL 2	No

Is there anything I can do to prevent this ?

[reply]