Client/Server TCP TLS communication problem

[tatanas]

That's the one I'm using.

[idle]

I have no issues with that on windows 11 using my send and receive functions,

[tatanas]

I moved the delay(10) inside the Case 0 so that it only waits in that specific scenario. Maybe one day I will figure out why this error occurs...

Code: Select all

  Select error 
    Case 0 
      ret = 0
      delay(10)
      Debug "None"

[tatanas]

I found a new problem (since I activated TLS).
My console application, a client-like connected to the server (permanent connection) can't communicate with the server after 15-30 seconds of inactivity. However the console is not disconnected from the server.
If I reinitialize the connection (disconnect/reconnect), it works fine.
If I keep requesting the server at regular intervals, it works fine.

Is there a inactivity timeout when TLS is used ?

[PBJim]

To the extent it helps you, I would suggest you write a basic client server, using TLS as you've done, but avoiding any of your other existing code and test that basic framework.

When you can get that to stay connected, then go from there. With a sizable application that's suffering disconnections, it's difficult otherwise to diagnose whether the problem is logic or PB's TLS.

[tatanas]

Ok, the more I dig, the more I'm lost...

I tested by modifying the client/server example from PB doc to keep client connection up and sent every 15/30/60 seconds a string to the TLS server : no problem detected.

Then I went back to my program and removed the TLS security from the client and the server : no problem detected.

I put TLS back (both side), added a Debug() at the beginning of the "Case #PB_NetworkEvent_Data" and when the problem arise, there is no Data Event at all as if the connection is broken but there is no Disconnect event either. Forcing the disconnection (client side) then connecting again makes it work again.

There are 2 major differences between the small debug TLS client/server and mine : the number of clients connected (1 vs 100+) and connections type (1 TLS vs 50+ TLS 50+ non TLS).

EDIT : I modified my program by changing the listen port to prevent old non TLS clients from connecting and changed the port on only one client (and my console) : no problem anymore.
Could the non TLS clients connecting to the TLS server be the problem ?

[idle]

set keep alive socket option on the pb network connection I'm not sure if it's set by default and I set it in the web server.

Code: Select all

 Procedure KeepAlive(ID,set.l=#True) 
    Protected option.l,oplen.l=4 
    If setsockopt_(ID,#SOL_SOCKET,#SO_KEEPALIVE,@set,oplen) = 0 
      If getsockopt_(ID,#SOL_SOCKET,#SO_KEEPALIVE,@option,@oplen ) = 0 
        ProcedureReturn option    
      EndIf 
      ProcedureReturn -1     
    EndIf   
    
  EndProcedure    

[PBJim]

set keep alive socket option on the pb network connection I'm not sure if it's set by default and I set it in the web server.

I also thought about keepalives but noted that Tatanas said it disconnects every few seconds. It seemed a bit too quick to require keepalive, but maybe you're right Idle.

What sort of network are you working over, Tatanas?

If it's a WAN or VPN, then they can behave very differently from one another I've installed applications on some WANs before that didn't ever disconnect, while others were more aggressive in their management of connections — they can expect connections to be brief. We developed our own keepalive within the application's protocol and eliminated disconnections which previously would happen after around five minutes' inactivity. That was mostly over a mobile data network.

[PBJim]

Could the non TLS clients connecting to the TLS server be the problem ?

I assume you have separate network event loops, one for TLS, and one without? Are you mixing some of the logic between them, maybe?

Can you easily split them into two separate server applications — TLS and non-TLS?

[tatanas]

idle, I tested the keepalive setsockopt option server side and client side a few days ago (didn't mention it sorry) and unfortunately it doesn't fix the problem.

PBJim, I'm working on LAN. And for now, I don't have separate loops to handle TLS and non TLS clients. I will change the port on TLS clients so only them could connect to the TLS server.

Maybe the 2 types of connection are messing the connections ?

[tatanas]

I think I found where the problem is coming from. It seems that the mixing of TLS and non-TLS clients connecting to the TLS server is the cause. Since changing the port for about a hundred clients and the server, only TLS clients are connecting, and I no longer have issues with dialogue loss on the client side. Is this a normal behavior, or should it be fixed ? Only Fred can tell us.

[idle]

you could try using the tlsStatic.pbi see if that makes any difference

[PBJim]

you could try using the tlsStatic.pbi see if that makes any difference

I noticed that you are not checking for WSAGetLastError_() in there. How are you dealing with, for instance, #WSAEWOULDBLOCK or #WSAECONNABORTED ?

[idle]

you could try using the tlsStatic.pbi see if that makes any difference

I noticed that you are not checking for WSAGetLastError_() in there. How are you dealing with, for instance, #WSAEWOULDBLOCK or #WSAECONNABORTED ?

I do that in the web server code, the tls wrapper simply abstracts the network functions.
I posted a tip and trick with full send and receive with a network continue function.

https://www.purebasic.fr/english/viewtopic.php?t=86576

[PBJim]

Ah yes, all understood now Idle, I remember that thread. Thanks very much.