home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] Connection Reset Oddity

On 08/29/2013 12:46 PM, Jean-Luc cooke wrote:
Usually yes. Another case where this happens is when the browser and the site cannot negotiate common ciphers. When I connect to prestocard.ca using Linux Chrome and Linux Firefox they both go to RC4-128 with MD4 MACs.

Have you eliminated the router as the source of the issue?

Can you telnet to prestocard.ca port 443 through the router?
There is no external router involved - my Linux box is connected directly to the cable modem.

I can telnet to port 443.  But this is interesting:

bm@darth:~> openssl s_client -connect www.prestocard.ca:443
CONNECTED(00000003)
depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/C=CA/ST=Ontario/L=Toronto/O=METROLINX/CN=www.prestocard.ca
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
 1 s:/C=CA/ST=Ontario/L=Toronto/O=METROLINX/CN=www.prestocard.ca
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C 2 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) 3 s:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
<certificate omitted>
-----END CERTIFICATE-----
subject=/C=CA/ST=Ontario/L=Toronto/O=METROLINX/CN=www.prestocard.ca
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
---
No client certificate CA names sent
---
SSL handshake has read 5102 bytes and written 630 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID:
    Session-ID-ctx:
Master-Key: 207D21864CA0EC57D895E305C4E40A506ABF42C8FFDABE8865C734F49F6AE39B746AC2BA27BC34ACC95D2616B58ADD6D
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1377795730
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
GET / HTTP/1.1

HTTP/1.1 301 Moved Permanently
Connection: close
Location: https://www.prestocard.ca/

closed

That's the end of the session (I entered the GET request). If I'm interpreting this correctly, the server is responding with a permanent redirect, but the redirect is pointing to exactly the same URL as I started with.

This gets weirder and weirder...

Barry

--
Barry McLarnon  Ottawa, ON