"web problems" "ssl issues"

• Previous message (by thread): Clueful T-Mobile contact on the Circuit switched side?
• Next message (by thread): "web problems" "ssl issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Not sure if others are running into this or not, but we had a few 
vague support calls come in at once about browser 'ssl problems' and 
some issues with some websites 'taking forever to come up'...  It 
looks like the common problem is bringing up pages that have

src="https://siteseal.thawte.com/cgi/server/thawte_seal_generator.exe">

embedded in the web page the end user goes to.

Depending on how the page is written, it can seem (to the end user 
anyways) as if the page is taking for ever to come up. The browser is 
blocking on talking to the site seal server.


e.g. from the first syn, it was almost 25 seconds before the 
verisign/thawte server responded.

10:37:18.894068 IP 199.212.134.18.65064 > 65.205.248.240.443: S 
2515327385:2515327385(0) win 64240 <mss 1460,nop,wscale 0,nop,nop,sackOK>
10:37:21.860159 IP 199.212.134.18.65064 > 65.205.248.240.443: S 
2515327385:2515327385(0) win 64240 <mss 1460,nop,wscale 0,nop,nop,sackOK>
10:37:27.794374 IP 199.212.134.18.65064 > 65.205.248.240.443: S 
2515327385:2515327385(0) win 64240 <mss 1460,nop,wscale 0,nop,nop,sackOK>
10:37:39.865205 IP 199.212.134.18.62217 > 65.205.248.242.443: S 
3464052443:3464052443(0) win 64240 <mss 1460,nop,wscale 0,nop,nop,sackOK>
10:37:42.881109 IP 199.212.134.18.62217 > 65.205.248.242.443: S 
3464052443:3464052443(0) win 64240 <mss 1460,nop,wscale 0,nop,nop,sackOK>
10:37:42.961994 IP 65.205.248.242.443 > 199.212.134.18.62217: S 
3993252659:3993252659(0) ack 3464052444 win 5840 <mss 
1460,nop,nop,sackOK,nop,wscale 2>
10:37:42.962311 IP 199.212.134.18.62217 > 65.205.248.242.443: . ack 1 win 64240
10:37:42.962799 IP 199.212.134.18.62217 > 65.205.248.242.443: P 
1:103(102) ack 1 win 64240
10:37:43.035470 IP 65.205.248.242.443 > 199.212.134.18.62217: . ack 
103 win 1460
10:37:43.037779 IP 65.205.248.242.443 > 199.212.134.18.62217: . 
1:1461(1460) ack 103 win 1460
10:37:43.041639 IP 65.205.248.242.443 > 199.212.134.18.62217: . 
1461:2921(1460) ack 103 win 1460
10:37:43.042292 IP 199.212.134.18.62217 > 65.205.248.242.443: . ack 
2921 win 64240
10:37:43.118203 IP 65.205.248.242.443 > 199.212.134.18.62217: P 
2921:3967(1046) ack 103 win 1460
10:37:43.119345 IP 199.212.134.18.62217 > 65.205.248.242.443: P 
103:285(182) ack 3967 win 63194

network connectivity to 65.205.248.0/24 is fine for me.  It looks to 
be at the application layer at verisign ?

Just a heads up in case your helpdesk runs into this issue as well as 
it seems to be a rather obscure problem that sent us on a wild goose 
chase at first.  Some browsers deal with it differently. on IE, most 
of the page does not display until the seal comes up or times out.

         ---Mike

--------------------------------------------------------------------
Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications,                            mike at sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                         www.sentex.net/mike

• Previous message (by thread): Clueful T-Mobile contact on the Circuit switched side?
• Next message (by thread): "web problems" "ssl issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]