HTTP/1.1 needs a "Host:" Header. But also, I don't get the self-signed
cert issue. Probably because I added it already.
Cheers
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
Session-ID-ctx:
Master-Key:
AA87F49702DFF428CC726B86ACC621114F781CC56224566F984E75C73DF95A5A7CB40D7138E3BAA2464E8BD2E550A3DD
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1377797035
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
GET / HTTP/1.1
_*Host: www.prestocard.ca*_
HTTP/1.1 302 Redirect
Set-Cookie: ACE-Cookie-Insert=R3357932631; path=/
Content-Type: text/html; charset=UTF-8
Location: https://www.prestocard.ca/Pages/VariationRoot.aspx
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6029
Date: Thu, 29 Aug 2013 17:24:10 GMT
Content-Length: 172
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a
HREF="http://www.prestocard.ca/Pages/VariationRoot.aspx";>here</a></body>
On 29/08/13 13:21, Barry McLarnon wrote:
On 08/29/2013 12:46 PM, Jean-Luc cooke wrote:
Usually yes. Another case where this happens is when the browser and
the site cannot negotiate common ciphers. When I connect to
prestocard.ca using Linux Chrome and Linux Firefox they both go to
RC4-128 with MD4 MACs.
Have you eliminated the router as the source of the issue?
Can you telnet to prestocard.ca port 443 through the router?
There is no external router involved - my Linux box is connected
directly to the cable modem.
I can telnet to port 443. But this is interesting:
bm@darth:~> openssl s_client -connect www.prestocard.ca:443
CONNECTED(00000003)
depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref.
(limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net
Certification Authority (2048)
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=CA/ST=Ontario/L=Toronto/O=METROLINX/CN=www.prestocard.ca
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority
- L1C
1 s:/C=CA/ST=Ontario/L=Toronto/O=METROLINX/CN=www.prestocard.ca
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority
- L1C
2 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority
- L1C
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref.
(limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net
Certification Authority (2048)
3 s:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref.
(limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net
Certification Authority (2048)
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref.
(limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net
Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
<certificate omitted>
-----END CERTIFICATE-----
subject=/C=CA/ST=Ontario/L=Toronto/O=METROLINX/CN=www.prestocard.ca
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority
- L1C
---
No client certificate CA names sent
---
SSL handshake has read 5102 bytes and written 630 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
Session-ID-ctx:
Master-Key:
207D21864CA0EC57D895E305C4E40A506ABF42C8FFDABE8865C734F49F6AE39B746AC2BA27BC34ACC95D2616B58ADD6D
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1377795730
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
GET / HTTP/1.1
HTTP/1.1 301 Moved Permanently
Connection: close
Location: https://www.prestocard.ca/
closed
That's the end of the session (I entered the GET request). If I'm
interpreting this correctly, the server is responding with a permanent
redirect, but the redirect is pointing to exactly the same URL as I
started with.
This gets weirder and weirder...
Barry
--
Jean-Luc Cooke
+1-613-263-2983