First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

ssl_client_cert header truncated

Some calls were failing when our application is looking for ssl_client_cert header. (flow: incoming-request --> (443>haproxy>4440) --> app_server:4440)

The current assumption is, haproxy fails to forward ssl_client_cert header sometimes.

Looking at the tcpdump, I see "[truncated]ssl_client_cert". This is while sending the packet to the backend server: question: what does it mean when a http header is marked as truncated?

Frame 6886: 2005 bytes on wire (16040 bits), 2005 bytes captured (16040 bits)
Ethernet II, Src: 02:4b:47:b5:28:12 (02:4b:47:b5:28:12), Dst: MS-NLB-PhysServer-07_38:d4:91:04 (02:07:38:d4:91:04)
Internet Protocol Version 4, Src: 192.168.53.159, Dst: 192.168.193.206
Transmission Control Protocol, Src Port: 57680, Dst Port: 4440, Seq: 1, Ack: 1, Len: 1939
Hypertext Transfer Protocol
    GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n]
            [GET /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d
        Request Version: HTTP/1.1
    Accept: application/json,application/json\r\n
    User-Agent: Jersey/2.25.1 (HttpUrlConnection 11.0.8)\r\n
    Host: ken-qa.eu10.cp.abo.com\r\n
    ssl_client_user: kenAltId:e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d|gwayId:3|tenantId:8216199|instanceId:ken-qa\r\n
     **[truncated]ssl_client_cert:** MIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLoMIIEZjCCA06gAwIBAgIOFnqoiLUHXIkQAQLo
    ssl_client_cert_used: 1\r\n
    X-Forwarded-Proto: https\r\n
    X-Forwarded-For: 217.191.10.72\r\n
    Connection: close\r\n
    \r\n
    [Full request URI: http://ken-qa.eu10.cp.abo.com/commands/e869d1ed-a778-4b0e-a8c5-6b51ab0a7f4d]
    [HTTP request 1/1]
    [Response in frame: 6887]
jes's avatar
5
jes
asked 2020-09-28 11:14:06 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

This means that, in an effort of self preservation, Wireshark decides to not show all data in that field on this line because this would be excessively long (for an arbitrary value of excessive). Look in the packet bytes pane to see what is actually contained in the field, there is more data there.

Jaap's avatar
13.7k
Jaap
answered 2020-09-28 13:33:06 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you for the clarification! and if the 'ssl_client_cert' header is missing, what does it tell? I'm confused because it was missing only on some packets (about 40%) probably due to large payloads.

jes's avatar jes (2020-09-28 14:02:16 +0000) edit
more
  • delete

That would be down to HAProxy and a support venue for that software would probably be your best bet.

grahamb's avatar grahamb (2020-09-28 14:31:53 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer