Java Server SSL套接字和Python Client SSL套接字-服务器发送消息时出现问题

Question

I'm trying communicate a server SSL socket Java and a client SSL socket Python. The first message sent is ok, but when the server sends another messages, the client receives the messages dividing in 2 parts. For example: If the server send message "abcdefghij", the client receives first "a", and after "bcdefghij".

Somebody knows why after the first time the messages are received in two parts? Regards.

The client code:

import socket, ssl, pprint
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
ssl_sock = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1, cert_reqs=ssl.CERT_NONE)
ssl_sock.connect(('localhost', 7000))
pprint.pprint(ssl_sock.getpeercert())

while(1):
    print "Waiting"
    data = ssl_sock.recv()  
    print "Received:", data
    data = ""

ssl_sock.close()

The server code:

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;


public class SslReverseEchoer {

    public static void main(String[] args) {
        char ksPass[] = "123456".toCharArray();
        char ctPass[] = "123456".toCharArray();

        try {
            KeyStore ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream("keystore.jks"), ksPass);
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(ks, ctPass);
            SSLContext sc = SSLContext.getInstance("TLS");
            sc.init(kmf.getKeyManagers(), null, null);
            SSLServerSocketFactory ssf = sc.getServerSocketFactory();
            SSLServerSocket s = (SSLServerSocket) ssf.createServerSocket(7000);
            printServerSocketInfo(s);
            SSLSocket c = (SSLSocket) s.accept();
            printSocketInfo(c);
            BufferedWriter w = new BufferedWriter(new OutputStreamWriter(c.getOutputStream()));
            BufferedReader r = new BufferedReader(new InputStreamReader(c.getInputStream()));
            //1th time
            String m = "abcdefghj1234567890";
            w.write(m, 0, m.length());
            w.newLine();
            w.flush();
            //2th time
            String m2 = "#abcdefghj1234567890";
            w.write(m2, 0, m2.length());
            w.newLine();
            w.flush();
            //3th time
            String m3 = "?abcdefghj1234567890";
            w.write(m3, 0, m3.length());
            w.newLine();
            w.flush();
            while ((m = r.readLine()) != null) {
                if (m.equals("."))
                    break;
                char[] a = m.toCharArray();
                int n = a.length;
                for (int i = 0; i < n / 2; i++) {
                    char t = a[i];
                    a[i] = a[n - 1 - i];
                    a[n - i - 1] = t;
                }
                w.write(a, 0, n);
                w.newLine();
                w.flush();
            }
            w.close();
            r.close();
            c.close();
            s.close();
        } catch (Exception e) {
            System.err.println(e.toString());
        }
    }

    private static void printSocketInfo(SSLSocket s) {
        System.out.println("Socket class: " + s.getClass());
        System.out.println("   Remote address = " + s.getInetAddress().toString());
        System.out.println("   Remote port = " + s.getPort());
        System.out.println("   Local socket address = " + s.getLocalSocketAddress().toString());
        System.out.println("   Local address = " + s.getLocalAddress().toString());
        System.out.println("   Local port = " + s.getLocalPort());
        System.out.println("   Need client authentication = " + s.getNeedClientAuth());
        SSLSession ss = s.getSession();
        System.out.println("   Cipher suite = " + ss.getCipherSuite());
        System.out.println("   Protocol = " + ss.getProtocol());
    }

    private static void printServerSocketInfo(SSLServerSocket s) {
        System.out.println("Server socket class: " + s.getClass());
        System.out.println("   Socker address = " + s.getInetAddress().toString());
        System.out.println("   Socker port = " + s.getLocalPort());
        System.out.println("   Need client authentication = " + s.getNeedClientAuth());
        System.out.println("   Want client authentication = " + s.getWantClientAuth());
        System.out.println("   Use client mode = " + s.getUseClientMode());
    }
}

Answer 1

It seems that you expect to be always able to read whatever quantity of data you've sent in one block from the other side.

This is a common mistake, not specific to SSL/TLS, but also related to plain TCP communications.

You should always loop and read whatever you intend to read. You should also define your protocol (or use an existing one) to take into account commands and request/response terminators.

HTTP, for example, uses blank lines to tell the end of the headers and the Content-Length header or chunked transfer encoding to tell the recipient when to stop reading the body.

SMTP uses line-delimited commands and a single . for the end of a message.

Answer 2

It's a combination of the Naggle algorithm on the server side and delayed ACK in the client's TCP stack. You'll also find ~ 40ms delay between the two packets.

Disable the Naggle algo on the server side to remedy:

SSLSocket c = (SSLSocket) s.accept();
c.setTcpNoDelay(true);

More information on why this occurs here: http://www.stuartcheshire.org/papers/NagleDelayedAck/

Edit to add: Note Bruno's answer below. While this describes the specific reason for what you're seeing here, the way you're expecting data from the server is not guaranteed.

Answer 3

I tried to solve my problem in two ways, the message always break at the first character, so I decided to add three spaces at the beginning of each message and end. So when the client receives them do a trim on the message. Another way I found was using DataOutputStream, the method that delivers writeBytes byte by byte, used it on the server and the client had q change as it receives data, the message had to build client-side processing to finally do what I want to house the end of message. Thanks for the discussion!