[plug] Kernel 2.4.4 and accessing *some* SSL web sites.
James Bromberger
james at rcpt.to
Wed May 23 14:28:01 WST 2001
On Wed, May 23, 2001 at 09:26:00AM +0800, Matt Kemner wrote:
> On Tue, 22 May 2001, James Bromberger wrote:
>
> > Has anyone had any intermittent problems with accessing some HTTPS web
> > sites (port 443)? I have a pair of linux boxen (Debian, naturally) both
> > of which have the 2.4 kernel series on them (as I described last week
> > when I was looking at PPTP, which turned out to be my local firewall
> > at home *cough*). I can't seem to telnet to port 443 on some web servers,
>
> You don't perchance have ECN enabled do you?
At 7 am this mornign when I got to the office, I sat down and through more
carefully about this. I had discarded ECN since all the debate I have been
seeing on the kernel-traffic list said that ECN was *disabled* by default.
Guess what.
My 2.4.4 Debian kernel image on the gateway had it on, as did the internal
server (2.4.1). Since no other host was setting ECN bits, they werent
having this problem, Interesting to note that having ECN on behind
a firewall can also cause the masqueraded hosts to suffer the same
problems. ECN bits set in TCP headers must stay in the masqueraded
packet.
> That shouldn't restrict your problems to just port 443, but maybe the
> sites you are accessing have more restrictive (read: stupid) firewalls in
> front of the secure servers.
Well, it does seem to. Another test I did was to my corporate web site I
run here at Hartley Poynton (HP JDV). Although I can't go into detail from
that end, the symptoms I saw from my Linux box were the same: port 80
was fine, port 443 was not.
> Other than that, I have no idea what could be causing it.
Thanks to everyone who suggested something.
Yours,
James
--
James Bromberger <james_AT_rcpt.to> www.rcpt.to/~james
* * C u in Bordeaux - 1st Debian Conference, July 2001 * *
Remainder moved to http://www.rcpt.to/~james/james/sig.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20010523/91c99d0f/attachment.pgp>
More information about the plug
mailing list