Hey all. This is a problem I have been trying to solve for some time.
Please read carefully, because as far as I can tell, some of these
details seem to contradict others. I am only bothering you with it
because I have no more ideas.
We are using an Intel appliance for server side SSL session handling.
Behind this appliance is a proprietary http server. We are having a
strange problem fetching content with IE on Windows NT or 98. 95 is
unverified at this time, and Windows 2000 does not demonstrate the
problem. The version of IE does not seem relevant.
Netscape does not demonstrate the problem on any platform.
Using snoop, we traced the messages between the Intel appliance and the
server, and found that everything was fine until the connection was
established. Once the application data was supposed to start, the
client just sent a TCP FIN.
In another test, we put Apache/ModSSL on the server and bypassed the
Intel appliance. The problem still presented in all the same
scenarios. Using Eric Rescorlas ssldump, we found that the exchange
does indeed get through the handshake, and fails after the server sends
its Handshake Finished message. There is some "junk" then the client
sends a TCP FIN.
Just to make sure this wasn't some problem with the browser itself, I
then pointed IE to the same icon image at my home server running the
same version of Apache and ModSSL (with a couple other modules as well)
and it worked fine.
Below is that little bit:
--------------------------------------------------------------
. . .
1 4 0.0620 (0.0002) S>CV3.0(4) Handshake
ServerHelloDone
1 5 0.1412 (0.0792) C>SV3.0(68) Handshake
ClientKeyExchange
EncryptedPreMasterSecret[64]=
ae 48 8a ef 26 20 ec 57 9d a7 4d 86 9f 2d 19 d3
d7 e1 03 30 ab 5b 43 85 85 d1 0e 92 e4 bf 0a 8f
48 8b c0 61 8f c5 ca 3d 1d 1b 84 26 f8 1a 40 74
12 4e 4a e7 f5 fe 17 bd 2f 9b f5 cb 53 ee 75 dc
1 6 0.1412 (0.0000) C>SV3.0(1) ChangeCipherSpec
1 7 0.1412 (0.0000) C>SV3.0(56) Handshake
Finished
md5_hash[16]=
e1 ea 0f 78 b5 e9 c9 c8 78 6f 4b 58 15 aa db 75
sha_hash[20]=
2f 9e 32 ce 59 5b 37 c2 a8 a7 9c 64 52 bd d1 39
23 37 74 e7
1 8 0.1472 (0.0059) S>CV3.0(1) ChangeCipherSpec
1 9 0.1472 (0.0000) S>CV3.0(56) Handshake
Finished
md5_hash[16]=
e7 da 82 93 73 0f 8f 89 c6 ff 48 fa 19 69 9d 81
sha_hash[20]=
0f 8f fa ba bf f2 c9 a9 c4 18 42 d8 80 45 e9 4e
c7 10 4e 4a
1 0.2261 (0.0788) C>S TCP FIN
1 10 0.2262 (0.0001) S>CV3.0(18) Alert
level warning
value close_notify
1 0.2265 (0.0002) S>C TCP FIN
-------------------------------------------------------------------
We have found that there are several cipher related issues with IE, but
changing the ciphers has no effect.
This problem only presented itself when we tested it in the field. Our
in house lab did not present the problem at all in any browser/os
combination we tried. Though configurations are the same, the problem
only presents itself when we go off site. Later, trying to get an
ssldump of a successful exchange, I installed Apache/ModSSL in the lab,
the problem then presented itself as it did in the field.
Any and all help will be greatly appreciated.
Thoroughly confused.
L
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
