SSL and the content-length http header

[GaryM]

I am debugging a SSL conversation from a java applet at 1.4.2_06.

When setting the content-length http header we use the length of the
request String. On the packet capture we observe this is set to 114
bytes. When we look at the transmission packet that contains the data
portion, it set to 110 bytes. The payload is now encrytped of course.

Is the discrepany due to the encryption and is thus OK?

TIA,

Gary

 

[Pete Barrett]

I am debugging a SSL conversation from a java applet at 1.4.2_06.

When setting the content-length http header we use the length of the
request String. On the packet capture we observe this is set to 114
bytes. When we look at the transmission packet that contains the data
portion, it set to 110 bytes. The payload is now encrytped of course.

Is the discrepany due to the encryption and is thus OK?

I've seen such discrepancies, and you certainly can't expect the
lengths of encrypted and unencrypted data to be the same. In my
experience, though, the length tends to increase, not decrease.

The thing is, is it being decrypted successfully at the other end?
Presumably not, or you wouldn't have asked about it. There's a Java VM
switch (which I can't remember at the moment, but I'm sure it's
documented somewhere) which will output SSL debugging information, and
I usually find that's more useful than debugging at the packet level
(though that may be my lack of expertise at the TCP level).


Pete Barrett

 

[GaryM]

The thing is, is it being decrypted successfully at the other end?
Presumably not, or you wouldn't have asked about it. There's a
Java VM switch (which I can't remember at the moment, but I'm sure
it's documented somewhere) which will output SSL debugging
information, and I usually find that's more useful than debugging
at the packet level (though that may be my lack of expertise at
the TCP level).

Actually it works fine for most people. I am working with one client
who is using a proxy server. The problem is that when the url request
leaves the applet at his facility, his does not like our reply ("200
Connection Established") and sends RSTs to both ends. The content-
length question was prompted when I compared a working log over a
proxy; however, it was a shot in the dark, because the log for the
problem I am looking at does not even get a chance to send its payload.

I don't suppose you know of a good resource in this whole area?

 

[Pete Barrett]

Actually it works fine for most people. I am working with one client
who is using a proxy server. The problem is that when the url request
leaves the applet at his facility, his does not like our reply ("200
Connection Established") and sends RSTs to both ends. The content-
length question was prompted when I compared a working log over a
proxy; however, it was a shot in the dark, because the log for the
problem I am looking at does not even get a chance to send its payload.

You're not working with or for T-Mobile are you? They were saying that
they had this problem (odd sending of RST) with one of their other
clients (ie. not my program, guv!) when connecting to one of their
servers. They haven't put this new server live yet, so have probably
not solved the problem.

I don't suppose you know of a good resource in this whole area?

Not really - what I know I've picked up through use and experience.
Sorry.


Pete Barrett