On 08/29/2013 12:46 PM, Jean-Luc cooke wrote:
Usually yes. Another case where this happens is when the browser and
the site cannot negotiate common ciphers. When I connect to
prestocard.ca using Linux Chrome and Linux Firefox they both go to
RC4-128 with MD4 MACs.
Have you eliminated the router as the source of the issue?
Can you telnet to prestocard.ca port 443 through the router?
There is no external router involved - my Linux box is connected
directly to the cable modem.
I can telnet to port 443. But this is interesting:
bm@darth:~> openssl s_client -connect www.prestocard.ca:443
CONNECTED(00000003)
depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref.
(limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net
Certification Authority (2048)
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=CA/ST=Ontario/L=Toronto/O=METROLINX/CN=www.prestocard.ca
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
1 s:/C=CA/ST=Ontario/L=Toronto/O=METROLINX/CN=www.prestocard.ca
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
2 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
3 s:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
<certificate omitted>
-----END CERTIFICATE-----
subject=/C=CA/ST=Ontario/L=Toronto/O=METROLINX/CN=www.prestocard.ca
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
---
No client certificate CA names sent
---
SSL handshake has read 5102 bytes and written 630 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
Session-ID-ctx:
Master-Key:
207D21864CA0EC57D895E305C4E40A506ABF42C8FFDABE8865C734F49F6AE39B746AC2BA27BC34ACC95D2616B58ADD6D
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1377795730
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
GET / HTTP/1.1
HTTP/1.1 301 Moved Permanently
Connection: close
Location: https://www.prestocard.ca/
closed
That's the end of the session (I entered the GET request). If I'm
interpreting this correctly, the server is responding with a permanent
redirect, but the redirect is pointing to exactly the same URL as I
started with.
This gets weirder and weirder...
Barry
--
Barry McLarnon Ottawa, ON