Thursday, August 30, 2007

An SSL puzzler

One thing I've noticed lately is that hitting NetWare SSL webpages gives me a 20-60 second lag if I hit them with Seamonkey or Firefox. IE6 doesn't give the same lag. In order to see what's happening at the network level I broke out Wireshark.

Weirdly, the IE6 trace has 6 packets until the SSLv3 Server Hello, and the Seamonkey trace is 16 packets (and a big delay) until then. Some other differences in the Seamonkey trace (firefox shows the same delay, so I'm assuming similar reasons):
  • Uniformly, packet 6 in the Seamonkey trace is a FIN, ACK from the client
  • Packets 7-10 are connection tear-down
  • Packets 11-13 are connection setup
  • Packet 14 is an SSLv2 Client Hello (it was SSLv3 up there in packet 4)
  • Packet 15 is an ACK from the server
  • Packet 16 is the SSLv3 Server Hello
So what is going on that the NetWare SSL provider is not reponding? It looks to me that the client, Seamonkey, is timing out and failing back to an older SSL spec. What's strange, is that in the Seamonkey trace, the SSL Server Hello lists protocol SSLv3 after the SSLv2 Hello.

Another difference in the traces is that the first SSLv3 Client Hello in the Seamonkey trace includes 28 Cipher Suites, to IE's 11. Wireshark can only identify 12 of them (for the curious, most of the identifiable ciphers are different than the IE ones). I can only suppose that the NetWare SSL provider gets this Hello and goes +++OUT OF CHEESE ERROR+++ and waits to get more sensible data.

This is a tricky one. Tomorrow I delve into the Novell KB database and see if I can find anything like it. And if that and delving the support forums fails, a call in.

PS: I'd post some packet traces, but wireshark here on openSUSE 10.2 is crashing hard everytime I try and bring up a 'browse files' window. This makes saving traces difficult.

Labels: ,


<permalink> posted by riedesg : 8/30/2007 04:15:00 PM
Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?