I’ve a driver that use an https rest API and from time to time the device send a TLSv1.2 Encrypted Alert. This alert seems delay the execution of call on the API. Is it a normal behavior for a device to send this message? what could be the reason ?
Hi Bernard,
The encrypted alert is very likely the start of the orderly termination of the secured TCP connection.
It is a ‘close notification’ being sent by the server indicating that the socket application issued an SSL shutdown.
That suspicion is further strengthened by the FIN package sent straight after the alert, indicating that the remote system is ending the TCP connection (gracefully).
There is some more interesting info on the SSL alerts available in RFC5246
Hi Bernard,
I don’t believe 21 is not the alert number.
21 is the record type of all alert records, and since the alert record is encrypted and Wireshark can’t decrypt it displays it as a generic “Encrypted Alert”.
Debugging this from the dataminer side will be difficult since it’s the remote system that sends the alert and terminates the connection. It might be that this is still a valid TCP connection termination after a full response was provided.
The protocol should be aware of the connection termination.
Ofcourse all of this is depending on how you have your SSL communication integrated in your protocol.
Thanks Ive,
The alert code is 21 decryption_failed
Decryption of a TLSCiphertext record is decrypted in an invalid way: either it was not an even multiple of the block length or its padding values, when checked, were not correct. This message is always fatal.
Does a protocol is aware that the https connection will be renew ?