Communication over TLS/SSL failing with alert code 21?

1
votes

I am new to TLS/SSL. I am facing an issue with SSL/TLS connectivity.

I could see in tcpdump traces that the handshake is done succefully(clienthello,serverhello,certificate,certifcate request,server hello done, client certificate, client key exchange,certificate verify,change cipher suite exchange and finished message from both server and client side). My understanding is that if finished message exchnaged means handshake is completed. Is it correct?

After 'finished' message, Client sending application data which is http get request. There is no response from server for ~2 minutes and client is sending an alert close_notify after that.

"11905 14:51:54.122049 10.62.73.221 10.62.68.4 TLSv1 105 Alert (Level: Warning, Description: Close Notify)"

Alert message 21 is received by server.

could any one please explain why the alert message has been received by server.?

Thanks for support.

2
ssl

2 Answers

0
votes

Well, with the details in your question, it could be that the GET request is not properly formed or the TLS Record is not proper - perhaps there is a discrepancy in the payload specified and what it is. Are you constructing the TLS Record on your own or using an established library? It seems, that since you are new to SSL, an established library is being used. In this case, please make sure that the GET Request is formatted as per the HTTP spec with the necessary HTTP headers.

0
votes

close_notify is normal. Nothing to be alarmed about. It is just the TLS version of close().