SSL Handshake on CSS 11500 - trouble shooting advice needed
The following is a snapshot description of the problem experienced when we try and establish an SSL session our embedded device (4500) which contains an SSL (V3.1) client and the Cisco concentrator (SSL Server).
This information was obtained from sniffing the message exchange.
A TCP session is established - this consists of 3 messages being exchanged (3 way handshake):
4500->Cisco (TCP SYN)
Cisco->4500 (TCP SYN ACK)
4500->Cisco (TCP ACK)
An SSL CLIENT_HELLO message is sent from the 4500. This message is broken up over two TCP packets. The first contains just the 5 bytes of the TLS record protocol header as follows:
Second message contains the actual CLIENT_HELLO message - random number, cipher suite options etc.)
At this point the Cisco sends back a TCP FIN - no SSL content (no SSL Alert or other clue as to what the problem was).
A couple of other observations:
The TCP FIN sent by Cisco may be sent out even before the 4500 sends out the 2nd packet with the CLIENT_HELLO data. Which comes first may be a race condition. The Cisco end may have decided to end things immediately upon receiving the packet with the incomplete record.
Also the CLIENT_HELLO data occasionally contains a session ID which may/may not be valid.
So the question is - how can we gather information on the Cisco as to why it's (abruptly) ending the session?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.