HTTPS Server Packet Leak with Chrome and Self-Signed Certificate

I have recently converted our HTTP Server over to a HTTPS Server per the example in the Express Logic manual and experience a packet pool issue when I use Chrome and Microsoft Edge.  All works well with Firefox.  About 50% of the time when the client attempts to connect with my server I get a fatal alert from the client indicating an unknown certificate.  In these cases it appears that the TLS or underlying TCP code is not releasing packets and after enough attempts I eventually run out of packets in the pool.  I am using a self-signed certificate. I can run using Firefox for days with connections happening every 5-10 seconds without any issues (no unknown certificate errors either).  There is a mention in the release notes regarding the use of Chrome which indicates a hard fault in the HTTPS Server code but this does not appear to be the same.  Ia this a known issue with the Express logic HTTPS implementation?

  • Hi Mark,

    How's this issue? Were you able to find out the cause of issue when using chrome and edge?

    JB
    RenesasRulz Forum Moderator

    https://renesasrulz.com/
    https://academy.renesas.com/
    https://en-us.knowledgebase.renesas.com/

  • Which version of the SSP are you using? I have created a test HTTPS Server using SSP 1.7.5 and it uses self signed certificates. I see no connection issues with Firefox (76.0.1), Chrome (81.0.4044) or Edge (81.0.416.72).

    EDIT: After a bit more playing around I see Chrome and Edge failing as you describe, and a packet pool issue as you describe.

  • In reply to JB:

    I still have not found the source of the issues. I should have mentioned that I am using SSP 1.7.5.
  • In reply to Mark Chaffee:

    The issue seems to be with the way that NetX secure handles the alert that the Chrome browser sends when it tries to connect without the correct certificate:-

    The Alert that firefox sends when it tries to connect without the correct certificate is different :-

    and NetX secure handles this alert from Firefox without packet loss occuring.

  • In reply to Jeremy:

    I have reported this issue to the SSP developers.
  • In reply to Jeremy:

    I am glad you were able to duplicate my issue. Thanks Jeremy!
  • In reply to Mark Chaffee:

    Microsoft(Express Logic) have confirmed that this issue is caused by the HTTPS server. It will be fixed in a future version of the HTTPS server, however, I don't know which version of the SSP that will be included in.