wood burning stoves*
The moose likes Web Services and the fly likes Question about SSL debug test Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Question about SSL debug test" Watch "Question about SSL debug test" New topic
Author

Question about SSL debug test

Ravi Danum
Ranch Hand

Joined: Jan 13, 2009
Posts: 104
Hello,

I am using ssl between a client and a web service. I have installed certificates into the key stores and trust stores of both the client and web service. This results in mutual authentication of client and server.

In the client java app, I call a method in the web service, and then use the same Call object to call a different method in the web service.

Between the two method calls, I looked at the ssl debug text and saw the following. I commented out some of the data values just for brevity. My question is: Is this the proper amount of ssl communication after the initial handshake has taken place, or is this too mch ssl communication? It seems like a lot to me. I want the client to run as quickly as possible despite ssl, and want to optimize if possible.

%% Client cached [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
%% Try resuming [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA] from port 2473
*** ClientHello, TLSv1
RandomCookie: GMT: 1236719517 bytes = { 182, 182, 151, 98, 164, 119, 107, 15, 54, 86, 223, 154, 252, 86, 148, 148, 64, 251, 37, 123, 143, 60, 227, 9, 181, 226, 246, 8 }
Session ID: {74, 183, 216, 157, 224, 246, 97, 91, 171, 167, 208, 104, 118, 96, 245, 49, 226, 22, 109, 5, 110, 40, 227, 131, 195, 187, 219, 90, 125, 62, 15, 125}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 105
main, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1236719517 bytes = { 201, 11, 78, 37, 154, 65, 24, 19, 159, 252, 35, 84, 41, 25, 145, 207, 88, 246, 143, 70, 62, 240, 186, 205, 151, 201, 108, 59 }
Session ID: {74, 183, 216, 157, 224, 246, 97, 91, 171, 167, 208, 104, 118, 96, 245, 49, 226, 22, 109, 5, 110, 40, 227, 131, 195, 187, 219, 90, 125, 62, 15, 125}
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Compression Method: 0
***
CONNECTION KEYGEN:
Client Nonce:
0000: ……
0010: ……
Server Nonce:
0000: ……
0010: ……
Master Secret:
0000: ……
0010: ……
0020: ……
Client MAC write Secret:
0000: ……
0010: ……
Server MAC write Secret:
0000: ……
0010: ……
Client write key:
0000: ……
Server write key:
0000: ……
Client write IV:
0000: ……
Server write IV:
0000: ……
%% Server resumed [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data: { 236, 69, 73, 239, 0, 51, 63, 120, 22, 153, 173, 50 }
***
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 238, 183, 221, 76, 2, 95, 151, 204, 251, 65, 100, 132 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, setSoTimeout(600000) called
main, WRITE: TLSv1 Application Data, length = 768
main, READ: TLSv1 Application Data, length = 720
main, READ: TLSv1 Alert, length = 32
main, RECV TLSv1 ALERT: warning, close_notify
main, called closeInternal(false)
main, SEND TLSv1 ALERT: warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 32
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)


Thanks so much in advance.

-Ravi

Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
I am not an expert in SSL, but my guess is that the amount of SSL communication you see is perfectly normal and that there is little you can do about it.
This is a problem with using SSL - it is "all or nothing". If you want to improve speed, I would suggest looking at XML encryption, with which you can encrypt selected parts of a SOAP message. You will also have more control over the encryption/decryption with XML encryption - for instance, decryption of the encrypted section of a SOAP message can be deferred to some later point in time.
Best wishes!
Ravi Danum
Ranch Hand

Joined: Jan 13, 2009
Posts: 104
Hello Ivan,

Thanks so much for this information.

-Ravi
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Question about SSL debug test