Persistent SSL connection

Question

Hi,

How can I keep an SSL connection alive.  This problem is somewhat related to the previous question I asked.  But, I think it is more of a generic question so I am posting it here.  Basically, when I establish a connection it does not seem to keep the connection alive.  So, when I send the second request it fails as the Apache server is configured with SSLSessionCacheTimeout 300.   So, If I wait 5 minutes between requests then everything seems to work.  So, how can I keep the connection alive?

Thank you.

Answer 1

KeepAlive is a property of the underlying HttpWebRequest that .NET will use to make the web service request. You have to modify that particular instance. You can do this by using the partial class feature of .NET 2.0:

 

Code Snippet

using System;

using System.Net;

 

namespace MyProgram.WebReference

{

    public partial class SimpleService

    {

        protected override WebRequest GetWebRequest(Uri uri)

        {

            HttpWebRequest request = (HttpWebRequest) base.GetWebRequest(uri);

            request.KeepAlive = true;

            return request;

        }

    }

}

 

There are many other properties of HttpWebRequest that you can customize using this technique. You may be interested in the following that I found in the documentation of the HttpWebRequest class:

 

Note:
The Framework caches SSL sessions as they are created and attempts to reuse a cached session for a new request, if possible. When attempting to reuse an SSL session, the Framework uses the first element of ClientCertificates (if there is one), or tries to reuse an anonymous sessions if ClientCertificates is empty.

Answer 2

Thank you John,

 

But after making this modification, I am still getting the same error.  I am running out of ideas now.

 

 

Code Snippet

using System;

using System.Collections.Generic;

using System.Text;

using System.Net;

 

namespace TestApp.WebReference

{

public partial class UserFeatures

{

protected override WebRequest GetWebRequest(Uri uri)

{

HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(uri);

request.KeepAlive = true;

return request;

}

}

}

 

 

Answer 3

I setup break point in the new function, and it get called correctly.

Answer 4

Sorry, but I really don't know enough about SSL to know why it would need to stay connected. If it was not SSL, then you'd expect it to connect when needed.

Answer 5

The apache web server is configured with "SslCacheTimeout 300".  So, when I send the first one, it is okay.  But, I have to wait 5 mins before sending the next one.  I verified this and if I stay 5 mins after every request all seems to be happy.  So, the problem I am suspecting is that I should stay connected using a keep alive.

 

 

Answer 6

I think you may have the opposite problem. The note I posted earlier from the documentation suggests that .NET attempts to keep SSL connections cached. I suspect this is in because of the overhead of establishing an SSL connection. I think that the reason it works after five minutes is that after five minutes, Apache is no longer caching the connection (or perhaps .NET has the same timeout). When you then go to create a new connection after the five minutes are up, it works. But, for some reason, when you attempt to use the connection that is already open, you get the error.

 

Please consider the following test. Wait only three minutes between attempts. Based on what you say, this should fail. Then, temporarily reconfigure the Apache server with a timeout of 180. See if the second attempt now succeeds. If it does, then you will know that the three minutes is due to the timeout on the Apache server side.

 

Finally, if this is the same code as in your other thread, I suggest that you try not using the ServerCertificateValidationCallback at all. Use the default instead. Make this the simplest code it can be and still fail.

 

Answer 7

I tried it for 2 minutes and it failed.  Then I changed the SslSessionCacheTimeout to 120, and it start to work after 2 minutes.  So, I think our assumetion is right.  But, how can I resolve this, so that .Net keeps the connection alive.

 

 

Answer 8

Are you still getting network traces? Can you look at the trace in the two minute case to see if the connection is being closed?

 

It's late for me, and I may not be thinking straight - but again, I think this is backwards. I think that the reason that it works after two minutes is because the connection has closed. I think the problem only exists when the connection is still open from last time.

 

Please also remove that ServerCertificateValidationCallback delegate and try again. If the problem still happens, then you didn't need the delegate.

Answer 9

I removed the callback and I am getting the error. "Could not establish trust relationship for the SSL/TLS secure

channel.".  This is needed because the server is going to provide its certificate during the SSL handshake.  And the client has to decide weather to accept or reject it. 

Answer 10

You Need add the Certificate....

Code Example

 Dim request As System.Net.HttpWebRequest

 Dim certificadoData As System.Security.Cryptography.X509Certificates.X509Certificate2

certificadoData = New System.Security.Cryptography.X509Certificates.X509Certificate2("fileName", _

                                                                                                "PassWord", _

                                                                                                MachineKeySet)

request.ClientCertificates.Add(certificadoData)