Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Security
  3. Articles

Effects of Disabling 3-Way Handshaking

Overview

The TCP 3-way handshake in Transmission Control Protocol (also called the TCP-handshake; three message handshake, or SYN-SYN-ACK) is the method used by TCP to set up a TCP/IP connection over an Internet Protocol-based network. TCP's 3-way handshaking technique is often referred to as SYN-SYN-ACK (or more accurately SYN, SYN-ACK, ACK) because there are three messages transmitted by TCP to negotiate and start a TCP session between two computers. The TCP handshaking mechanism is designed so that two computers attempting to communicate can negotiate the parameters of the network TCP socket connection before transmitting data, such as SSH and HTTP web browser requests.

The 3-way handshake process is also designed so that both ends can initiate and negotiate separate TCP socket connections at the same time. Being able to negotiate multiple TCP socket connections in both directions at the same time allows a single physical network interface, such as Ethernet, to be multiplexed.

Read on to learn more about identifying issues related to 3-way handshaking in Kerio Control, and the impact this option has when enabled in the system.

 

Identifying the Issue

The debug logs below show packets dropped due to a 3-way handshake not completed:

 

[15/Feb/2019 00:01:04] {pktdrop} packet dropped: 3-way handshake not completed (from DMZ, proto:TCP, len:465, 4.85.78.63:443 -> 172.1.5.84:59928, flags:[ ACK PSH ], seq:2583892222 ack:4237640823, win:1022, tcplen:425)

[15/Feb/2019 00:01:04] {pktdrop} packet dropped: 3-way handshake not completed (from DMZ, proto:TCP, len:40, 4.85.78.63:443 -> 172.1.5.84:59927, flags:[ RST ACK ], seq:1463469989 ack:2425530693, win:0, tcplen:0)

 

Impact 

When the network is not configured properly, the LAN segment switches could cause a data leak because the 3-way handshaking could not be completed. Users then experience slowness or are disconnected from the network.

By default, the 3-way handshake is enabled in Kerio Control. The debug logs show errors (if any) related to packet drops (for some reason) when this option is enabled.

After disabling the 3-way handshake setting, in terms of Kerio VPN, you will notice the following:

Please refer to the article Modifying Configuration Parameters in Kerio Control for the procedure on how to disable 3-way handshaking.

 

Back to top

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments