I can tell looking at the IP trace, there is more data sent from Netscape to the TPF server (a packet with three chunks in it), but for whatever reason SSL_read is only called once. These chunks would seem to correspond nicely with the number of SSL_reads performed on Linux for a similar POST.
I tried installing ssldump on a Linux client here, but it doesn't appear to support our Token Ring network. Is there a version of ssldump, either Linux or Windows, that will work with TR? If ssldump doesn't support TR, I can provide TCP trace output; TPF has a native ability to trace its network activity at the IP level. Regards, Evan Jennings TPF Development, IBM Corp. Poughkeepsie NY (845) 435-1918 Eric Rescorla <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent by: cc: owner-modssl-users Subject: Re: engine io question @modssl.org 09/27/2001 08:05 PM Please respond to modssl-users "Evan Jennings" <[EMAIL PROTECTED]> writes: > Looking again at OS/390 for comparison, I did misstate the flow. Below are > the actual intercepted SSL_read outputs on TPF. The "S_r: " prefix > indicates each SSL_read: > > S_r: POST /cgi-bin/cgi-forms HTTP/1.0 > Referer: https://1.2.3.4/cgiform.html > Connection: Keep-Alive > User-Agent: Mozilla/4.77 .en. (Windows NT 5.0; U) > Host: 1.2.3.4 > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* > Accept-Encoding: gzip > Accept-Language: en,de > Accept-Charset: iso-8859-1,*,utf-8 > >The same thing on OS/390 shows me: > > S_r: POST /cgi-bin/test-cgi HTTP/1.0 > Referer: https://5.6.7.8:8443/cgiform2.html > Connection: Keep-Alive > User-Agent: Mozilla/4.77 [en] (Windows NT 5.0; U) > Host: 5.6.7.8:8443 > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* > Accept-Encoding: gzip > Accept-Language: en,de > Accept-Charset: iso-8859-1,*,utf-8 > S_r: Content-type: application/x-www-form-urlencoded > Content-length: 9 > S_r: > S_r: entry=123 Note that these are totally different requests. It's a little hard to tell whether the first request actually contains a CRLF at the end or not. Can you clarify? It might be useful if you used ssldump to record the actual traffic being sent by the client (provide it with the private key so we can see the plaintext). -Ekr ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]