|
GPT-4o mini
Yes, it's quite common for SSL/TLS clients to have different timeout
settings for the connection establishment phase versus the cipher
negotiation phase. Here's a breakdown:
Timeout Behavior in SSL/TLS
Connection Establishment Timeout
* Duration: The timeout for establishing a connection, which includes
the initial TCP handshake, is often set to be relatively long (commonly 30
seconds or more). This allows for retries and accommodates slower networks.
* Reason: This phase needs to account for potential issues outside of
the SSL/TLS layer, such as network latency, server responsiveness, and
initial response delays.
Cipher Negotiation Timeout
* Duration: The timeout during cipher negotiation is typically much
shorter, often in the milliseconds to a few seconds range.
* Reason: This phase involves a series of message exchanges
(ClientHello, ServerHello, etc.) that should ideally complete quickly if
the server is responsive. If the negotiation takes too long, it can
indicate issues like:
* Server processing delays
* Mismatched ciphers
* Network issues causing data loss or retransmission
Observations
1.
Short Timeouts: If you're experiencing short timeouts during the cipher
negotiation phase (milliseconds), it may indicate that the SSL client is
configured to fail quickly when it doesn't receive timely responses from
the server.
2.
Logs and Errors: It would be beneficial to check server logs for errors or
delays during cipher negotiation to diagnose the root cause. Look for:
* Cipher suite mismatches
* Any delays in server response to the ClientHello message
3.
Configuration Review: Review both the client and server configurations for
timeout settings. Specifically, look for:
* SSL_CTX_set_timeout (or equivalent, depending on the SSL library)
* Any connection timeouts and negotiation timeout settings that
might be set too low on the client side.
Conclusion
Different timeout durations between connection establishment and cipher
negotiation are typical. If you're seeing short timeouts during
negotiation, it's worth investigating server performance, configuration
mismatches, and network stability to identify any bottlenecks or
misconfigurations. Adjusting these settings may improve reliability and
reduce unnecessary failures.
________________________________
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of
Brad Stone <bvstone@xxxxxxxxx>
Sent: Thursday, December 11, 2025 11:10
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: David Gibbs <david@xxxxxxxxxxxx>
Subject: Re: Intermittent SQL0443 when invoking HTTP_GET_BLOB
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.
Define "too long". SSL timeouts are normally at least 10 to 30 seconds.
If it's taking that long, you have other problems. The negotiation should
take milliseconds.
Jack Woehr
Independent Consulting Programmer
303-847-8442
jack.woehr@xxxxxxxxxxx
www.procern.com
Stay Connected!
Upgrade your IT state of mind!
NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you received
this communication in error, please contact the sender and delete/destroy
all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
