Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there something in Linux that might hinder an SSL Handshake?
I know almost nothing about Linux. My client application works fine on Windows. It connects to a external server via SSLSocket. To do so, there is a handshake protocol to manage certificates issue. That occurs below my application.
The fact is that when I run the same application on Linux machines, the handshake is not completed. The application sends the ClientHello and receives the ServerHello. Then it should reveive a server certificate, but it doesn't. After a few seconds the connection times out.
I tried in Linux Red Hat 7.3, REHL4.3 and CentOS. The problem is always the same.
In all my tests (on Windows and Linux):
- The network and proxy are the same.
- The JDK are almost the same (jre1.4.2_03 and jre1.4.2_13).
- The keystores are the same, so the certificates.
The only difference that I find is that the length of the ClientHello that I send on Windows PCs is 98, and on Linux it is 77, but this is something that I can't handle.
So, to me, it seems that the problem lies on the OS Linux. Is there any Linux security directive, any service, anything that might affect ssl communications?
i'd suggest getting a copy of wireshark and actaully exploring the ssl handshake in more detail. these sorts of issues have usually been down to incompatible cipher specs when they've caught me up.
Without delving into the data on a packet by packet basis, it may well be that the client is sending a reset before the other frame has arrived as the data is known to already be unacceptable for some reason or other.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.