»RSS Benchmark sajt

      Prikazani rezultati od 1 do 6 od ukupno 6

      Tema: Slow TLS handshake

      1. #1
        Member Avatar korisnika fluxy
        Na forumu od
        May 2007
        Poruka
        59

        Slow TLS handshake

        Da li je neko imao slucajeve sporog tls handshake-a prilikom koriscenja mail klijenta i to samo na odredjenim segmentima mreze. Za server hello poruku treba 20 sekundi.
        Menjao fluxy : 17.04.2019. u 13:43

      2. #2
        Member Avatar korisnika Sass Drake
        Na forumu od
        Jun 2009
        Lokacija
        Hypnos Control Room
        Poruka
        1.043
      3. Moja mašina
        • CPU: i5-6600K @ 4.1-4.4GHz, CM Hyper 212 EVO
        • MoBo: Asus Z170-A
        • RAM: 16GiB DDR4 3200MHz 16-18-18-36 (2x Kingston HyperX Predator HX432C16PB3K2/16))
        • VGA: Gainward GeForce GTX 750 2GiB GDDR5 singleslot
        • MON: Dell P2414H
        • HDD: Samsung 850 EVO && WD2003FZEX-00Z4SA0 && Barracuda 7200.12 500418 ST3500418AS
        • OPT: LG SH-224DB
        • Case: CM Silencio 452 + Corsair VS550
        • SND: Integrisana Realtek ALC892
        • OS: Windows 10 Enterprise 2016 LTSB x64
        • LAP: Dell E6410 (i7-620M, 8GiB, NVS3100M, 320GB Win2016 x64)
        • INET: DSL
        • Ostalo: Samsung SM-G388F Galaxy Xcover 3 (Android v5.1.1)
      4. Provjeri da li je u antivirusu uključeno skeniranje SSL/TLS saobraćaja i ako jeste ugasi ga pa testiraj opet.
        There is no place like ::1

      5. #3
        Member Avatar korisnika e6111
        Na forumu od
        Oct 2006
        Lokacija
        Belgrade
        Poruka
        1.356
        Kako si zakljucio da je spor tls handshake. HELO/EHLO se desava pre uspostavljanja TLS na portovima 25, 587, jer je kijent duzan da proveri STARTTLS capability. Jedino na portu 465 uspostavlja TLS bez prethodnog HELO/EHLO zahteva.
        Menjao e6111 : 17.04.2019. u 19:38
        Interplanetarna Galakticka Republika Srbija.

      6. #4
        Member Avatar korisnika fluxy
        Na forumu od
        May 2007
        Poruka
        59
        Na klijentu ne postoji antivirus.

        Uz pomoc wiresharka. Nakon client hello poruke upucene serveru (dest. port 465) od servera stize ack paket nakon cega se ceka 20 sekundi do server hello.

      7. #5
        Member Avatar korisnika e6111
        Na forumu od
        Oct 2006
        Lokacija
        Belgrade
        Poruka
        1.356
        Kod:
        $ openssl s_client -connect smtp.gmail.com:465
        CONNECTED(00000003)
        depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
        verify return:1
        depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
        verify return:1
        depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
        verify return:1
        ---
        Certificate chain
         0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=smtp.gmail.com
           i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
         1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
           i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
        ---
        Server certificate
        -----BEGIN CERTIFICATE-----
        MIIEijCCA3KgAwIBAgIQaiGCOBlBFzCgFMqcMuRIjzANBgkqhkiG9w0BAQsFADBU
        MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUw
        IwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDMyNjEz
        MzAzM1oXDTE5MDYxODEzMjMwMFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
        bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2ds
        ZSBMTEMxFzAVBgNVBAMMDnNtdHAuZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEF
        AAOCAQ8AMIIBCgKCAQEAt4YgqfwyCcfbiK1Fkiq9lXCCzH8V1nza5MgaAcAPYTlv
        708e9Wa/N1BHYV/ZuSAFHrcMQR4Y2WfzaOLItYbN1pQSMCIfB7//5X6AXatdhsGQ
        caAFCqw+C4pp9iA4K9WcjHGMHXxOJBLpZxKKoxvjj0yz/jqp97BfXZsdgVJg6HbI
        w1wbkTrr5TZ21vzbdJMfQg4HUvvByORj3m4cxWvdAldlIScL/d3CR1ulje6Ao7da
        COwL6XJE6xROWEQm6M91w70a6LpsZfCZc3R+WeTJzbDjPVfC0jlhc0EHs9x0Pr1g
        U6w5XprIKPgL99nDS2ervxyqqTDuf9t87N0qdTXSDQIDAQABo4IBQjCCAT4wEwYD
        VR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYI
        KwYBBQUHAQEEXDBaMC0GCCsGAQUFBzAChiFodHRwOi8vcGtpLmdvb2cvZ3NyMi9H
        VFNHSUFHMy5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnBraS5nb29nL0dU
        U0dJQUczMB0GA1UdDgQWBBRKhPsaFl9Ax4JvivUJr6BIaD4uTTAMBgNVHRMBAf8E
        AjAAMB8GA1UdIwQYMBaAFHfCuFCaZ3Z2sS3ChtCDoH6mfrpLMCEGA1UdIAQaMBgw
        DAYKKwYBBAHWeQIFAzAIBgZngQwBAgIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov
        L2NybC5wa2kuZ29vZy9HVFNHSUFHMy5jcmwwDQYJKoZIhvcNAQELBQADggEBAIrG
        whEhlDZFQmYVGcpNT47QS3W/U4R6rlybAkpNR9Ak8AtJrtwHZtp9sklb0aG0BB+T
        4NuXu8pM/P5m3QvsgdKIo5pkjrJFRQjmiHiyxuQCZUuXgeu2d2nS2Ro2WB/lBuBY
        PripR7Z+rko4CrmNr4BJKymfGuZRVe9/ADYt9+a9MByLcIgoe22Pfxd87w+noZnS
        2EpGf5u8rfwh2N47hRIyvC4GyU3+j0lwReavyETGuKugVJuEYoZsCXV1/sWnAE4w
        dk1IaD6w/A3Y+xHWiaTgOoUIkT0Qa7xhMuorgJMjzGIxMkcGU/SC2iiRyrQKH4pQ
        fhldLEHkmtdnfCFfmG0=
        -----END CERTIFICATE-----
        subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=smtp.gmail.com
        issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
        ---
        No client certificate CA names sent
        Peer signing digest: SHA256
        Server Temp Key: ECDH, P-256, 256 bits
        ---
        SSL handshake has read 2994 bytes and written 434 bytes
        ---
        New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
        Server public key is 2048 bit
        Secure Renegotiation IS supported
        Compression: NONE
        Expansion: NONE
        No ALPN negotiated
        SSL-Session:
            Protocol  : TLSv1.2
            Cipher    : ECDHE-RSA-AES128-GCM-SHA256
            Session-ID: B3889FF0A30CF5AE07DD48861C8D15A8B1C85F1C3E4FBE2D66F17EE939F09BCA
            Session-ID-ctx: 
            Master-Key: 471A9DB66A087471BB18A23B1EBC796027FFAC6CA8E5FC7CD7CF7667637BD3C6016360B8B71A131402C088AADEF79C38
            Key-Arg   : None
            PSK identity: None
            PSK identity hint: None
            SRP username: None
            TLS session ticket lifetime hint: 100800 (seconds)
            TLS session ticket:
            0000 - 00 29 08 43 4c 65 bf 15-a7 c9 51 d2 2f b7 da 58   .).CLe....Q./..X
            0010 - 81 e9 67 78 9a ce 60 4c-e5 ac 3d 94 e9 1a 87 79   ..gx..`L..=....y
            0020 - ac 77 6b a8 87 a7 9b cc-91 6f bf a8 29 89 c7 41   .wk......o..)..A
            0030 - 11 2c 4a 52 0a 79 8c ca-5d 2c 30 2f a1 f8 8f 48   .,JR.y..],0/...H
            0040 - 0b a0 f1 09 36 34 39 d6-8f 52 16 76 fd 5f 2c b5   ....649..R.v._,.
            0050 - 89 26 bb 7a ef fc 01 3e-6c 74 61 c1 1f 02 3e 7d   .&.z...>lta...>}
            0060 - a1 04 72 22 79 a3 0a 22-dc 38 40 75 0a 78 3c db   ..r"y..".8@u.x<.
            0070 - 3e 09 23 9d 7a 24 e9 ab-2c 75 45 46 5e 1c aa ab   >.#.z$..,uEF^...
            0080 - 51 d9 0a 53 e4 e8 fd 2c-25 86 b5 cb 32 26 83 3b   Q..S...,%...2&.;
            0090 - 75 f4 53 4f d4 c2 f2 16-84 52 67 b9 ec 49 41 20   u.SO.....Rg..IA 
            00a0 - e4 89 01 36 65 db 02 49-de 77 ba 5b 7c 71 27 9a   ...6e..I.w.[|q'.
            00b0 - 99 58 c3 ca c0 90 1f 61-4c f5 e6 07 52 94 a6 bb   .X.....aL...R...
            00c0 - ea 4f ba 3e 5d ca df 20-1d dc 8d 5c 7e 4b 90 3a   .O.>].. ...\~K.:
            00d0 - ab e1 04 64 f5                                    ...d.
        
            Start Time: 1555671882
            Timeout   : 300 (sec)
            Verify return code: 0 (ok)
        ---
        220 smtp.gmail.com ESMTP h12sm1678307wrw.36 - gsmtp
        HELO [1.1.1.1]
        250 smtp.gmail.com at your service
        Ako je pauza tek nakon sto klijent posalje HELO ( nakon 220 greet, dok ceka 250 resp. ), onda je TLS morao vec biti upostavljen. Tako da uzrok te pauze od 20 sec. verovatno nije na strani klijenta, vec nesto na serveru.
        Menjao e6111 : 19.04.2019. u 13:22
        Interplanetarna Galakticka Republika Srbija.

      8. #6
        Member Avatar korisnika fluxy
        Na forumu od
        May 2007
        Poruka
        59
        na segmentu mreze koji je problematican zadrska od 20 sekundi nakon pokretanja ove komande se javlja odmah posle CONNECTED(00000003), ali ni na jednom ni na jednom klijentu ne dobijam nista nakon 220

      Bookmarks

      Dozvoljeni tagovi

      • Ne možete pokrenuti nove teme
      • Ne možete odgovoriti u temi
      • Ne možete okačiti atačmente
      • Ne možete izmeniti svoje poruke
      •