Re: [F25] issue with SSL connexions: Failure of SSL transaction with
My ISP changed some configuration but it did not improve the situation. They asked me if docs.python.org was the only site that caused troubles and I tried to find others but was not able. So it seems that it is only docs.python.org. Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/13/17 12:53, fedora wrote: > openssl s_client -connect hostname:portnumber -starttls service FYI, is you look back on the thread the port number/service being tested is 443/https. -starttls prot - use the STARTTLS command before starting TLS for those protocols that support it, where 'prot' defines which one to assume. Currently, only "smtp", "pop3", "imap", "ftp" and "xmpp" are supported. -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> for a try with SSL: did you ever use > openssl s_client -connect hostname:portnumber this one with docs.python.org showed error 104. > openssl s_client -connect hostname:portnumber -starttls service Would it be the same? Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
Hi Frédéric for a try with SSL: did you ever use openssl s_client -connect hostname:portnumber or openssl s_client -connect hostname:portnumber -starttls service suomi On 04/12/2017 10:49 AM, Frédéric Bron wrote: I contacted my ISP. They do not want to look at the problem if I cannot show that I loose packets. But I tried to ping doc.python.org and never get an error. Apparently, it is related to SSL? What could I show as a "as simple as possible example"? They say there are plenty of thing involving IPv6 and that it could come from my configuration... Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
I contacted my ISP. They do not want to look at the problem if I cannot show that I loose packets. But I tried to ping doc.python.org and never get an error. Apparently, it is related to SSL? What could I show as a "as simple as possible example"? They say there are plenty of thing involving IPv6 and that it could come from my configuration... Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Wed, 2017-04-12 at 06:45 +0800, Ed Greshko wrote: > On 04/12/17 06:10, Patrick O'Callaghan wrote: > > On Wed, 2017-04-12 at 05:05 +0800, Ed Greshko wrote: > > > (I think there may be a claim of redundancy to be made > > > about that paring of words) > > > > I think there may be a claim of orthography against that spelling. > > Pedantic, moi? > > > > I see the knives are out :-) One man's fish is another man's poisson ... poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/12/17 06:10, Patrick O'Callaghan wrote: > On Wed, 2017-04-12 at 05:05 +0800, Ed Greshko wrote: >> (I think there may be a claim of redundancy to be made >> about that paring of words) > I think there may be a claim of orthography against that spelling. > Pedantic, moi? > I see the knives are out :-) -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Wed, 2017-04-12 at 05:05 +0800, Ed Greshko wrote: > (I think there may be a claim of redundancy to be made > about that paring of words) I think there may be a claim of orthography against that spelling. Pedantic, moi? poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/12/17 04:48, Rick Stevens wrote: > On 04/11/2017 11:42 AM, Gordon Messmer wrote: >> On 04/10/2017 11:54 PM, Ed Greshko wrote: You mean my ISP does not handle IPv6 correctly, right? For the short term, is there any harm to stick to IPv4? >>> In my opinion, it is not clear that it is your ISP as there are probably >>> many boxes between your system and the destination. Some owned by your >>> ISP, others not. >> >> >> It's true that there are intermediary routers, but is there really a >> useful distinction between an IPv6 problem in his ISP, and an IPv6 >> problem at his ISP's network provider? > Gotta go with Gordon here...to the end user, the problem is at the ISP. > Whether it's with the ISP itself or upstream of the ISP with one of its > providers is up to the ISP to chase down. Most decent ones will as it's > very likely that if it affects one of their customers, it'll affect a > lot of them. I just went through this as a peer of our ISP had a batch > of circular routes in their BGP tables which caused lots of connection > issues for us. Our ISP was clean, their peer was screwed up so they > worked with the peer to get it solved. I agree with what you and Gordon have said. My statement was just an overly pedantic (I think there may be a claim of redundancy to be made about that paring of words) observation about network topology. I didn't mean to imply that the ISP should not be contacted or be responsible to helping to track down the source of the problem. -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/11/2017 11:42 AM, Gordon Messmer wrote: > On 04/10/2017 11:54 PM, Ed Greshko wrote: >>> You mean my ISP does not handle IPv6 correctly, right? >>> For the short term, is there any harm to stick to IPv4? >> In my opinion, it is not clear that it is your ISP as there are probably >> many boxes between your system and the destination. Some owned by your >> ISP, others not. > > > > It's true that there are intermediary routers, but is there really a > useful distinction between an IPv6 problem in his ISP, and an IPv6 > problem at his ISP's network provider? Gotta go with Gordon here...to the end user, the problem is at the ISP. Whether it's with the ISP itself or upstream of the ISP with one of its providers is up to the ISP to chase down. Most decent ones will as it's very likely that if it affects one of their customers, it'll affect a lot of them. I just went through this as a peer of our ISP had a batch of circular routes in their BGP tables which caused lots of connection issues for us. Our ISP was clean, their peer was screwed up so they worked with the peer to get it solved. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 226437340 Yahoo: origrps2 - -- - 500: Internal Fortune Cookie Error - -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/10/2017 11:54 PM, Ed Greshko wrote: You mean my ISP does not handle IPv6 correctly, right? For the short term, is there any harm to stick to IPv4? In my opinion, it is not clear that it is your ISP as there are probably many boxes between your system and the destination. Some owned by your ISP, others not. It's true that there are intermediary routers, but is there really a useful distinction between an IPv6 problem in his ISP, and an IPv6 problem at his ISP's network provider? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/10/2017 11:37 PM, Ed Greshko wrote: Yes, openssl does take ipv6 addresses. You just need to enclose in brackets openssl s_client -connect [2a04:4e42::223]:443 works fine Huh. Seems Fedora patches openssl for that[1]. Upstream openssl doesn't support IPv6. Adding to my confusion, there's an IPv6 outage in my home network. I'll have to call my ISP about that. :( 1: https://src.fedoraproject.org/cgit/rpms/openssl.git/tree/openssl-1.0.2a-ipv6-apps.patch?h=f25 ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/11/17 14:37, Frédéric Bron wrote: >>> In your opinion, is this an issue with fedora or with my ISP (which is >>> OVH)? >> Probably your ISP, given the packet sequence you saw. Unless someone else >> can replicate the problem with that IP address. I might try tomorrow, but >> openssl's s_client doesn't take ipv6 addresses as arguments, so testing is >> more involved. > You mean my ISP does not handle IPv6 correctly, right? > For the short term, is there any harm to stick to IPv4? In my opinion, it is not clear that it is your ISP as there are probably many boxes between your system and the destination. Some owned by your ISP, others not. I tried all these addresses several times each... python.map.fastly.net has IPv6 address 2a04:4e42::223 python.map.fastly.net has IPv6 address 2a04:4e42:200::223 python.map.fastly.net has IPv6 address 2a04:4e42:400::223 python.map.fastly.net has IPv6 address 2a04:4e42:600::223 without error. I also tried the address 2a04:4e42:9::223 from one of your posts several times without error. Since the error you are seeing is inconsistent I think there is a flaky box somewhere in the path. Again, my opinion. :-) No harm to stick with only IPv4 unless there is some IPv6-only site you need to get to. -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
>> In your opinion, is this an issue with fedora or with my ISP (which is >> OVH)? > > Probably your ISP, given the packet sequence you saw. Unless someone else > can replicate the problem with that IP address. I might try tomorrow, but > openssl's s_client doesn't take ipv6 addresses as arguments, so testing is > more involved. You mean my ISP does not handle IPv6 correctly, right? For the short term, is there any harm to stick to IPv4? Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/11/17 14:34, Gordon Messmer wrote: > Probably your ISP, given the packet sequence you saw. Unless someone > else can replicate the problem with that IP address. I might try > tomorrow, but openssl's s_client doesn't take ipv6 addresses as > arguments, so testing is more involved. Yes, openssl does take ipv6 addresses. You just need to enclose in brackets openssl s_client -connect [2a04:4e42::223]:443 works fine -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/10/2017 11:09 PM, Frédéric Bron wrote: It would be useful to disable IPv6 for this connection and try again. So applied the command proposed by Ed as root: $ echo 1 > /proc/sys/net/ipv6/conf/(name of interface)/disable_ipv6 It might be simpler to disable IPv6 on one connection. From your networkmanager applet, select your connection's settings, click on IPv6 on the left, and turn that off. and now I never have any error, the page always shows in firefox, konqueror or chrome. Also openssl s_client -connect docs.python.org:443 seems to always succeed (attached is the output of tcpdump). In your opinion, is this an issue with fedora or with my ISP (which is OVH)? Probably your ISP, given the packet sequence you saw. Unless someone else can replicate the problem with that IP address. I might try tomorrow, but openssl's s_client doesn't take ipv6 addresses as arguments, so testing is more involved. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> It would be useful to disable IPv6 for this connection and try again. So applied the command proposed by Ed as root: $ echo 1 > /proc/sys/net/ipv6/conf/(name of interface)/disable_ipv6 and now I never have any error, the page always shows in firefox, konqueror or chrome. Also openssl s_client -connect docs.python.org:443 seems to always succeed (attached is the output of tcpdump). In your opinion, is this an issue with fedora or with my ISP (which is OVH)? Frédéric tcpdump: listening on enp62s0u1u4, link-type EN10MB (Ethernet), capture size 262144 bytes 08:01:50.489389 IP (tos 0x0, ttl 64, id 9205, offset 0, flags [DF], proto TCP (6), length 60) 192.168.1.79.53260 > 151.101.36.223.443: Flags [S], cksum 0x7e6a (incorrect -> 0x8d25), seq 4080566988, win 29200, options [mss 1460,sackOK,TS val 1875972848 ecr 0,nop,wscale 7], length 0 08:01:50.536534 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto TCP (6), length 60) 151.101.36.223.443 > 192.168.1.79.53260: Flags [S.], cksum 0x106b (correct), seq 1649336775, ack 4080566989, win 27360, options [mss 1380,sackOK,TS val 3222175746 ecr 1875972848,nop,wscale 9], length 0 08:01:50.536599 IP (tos 0x0, ttl 64, id 9206, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.79.53260 > 151.101.36.223.443: Flags [.], cksum 0x7e62 (incorrect -> 0xa8b4), seq 1, ack 1, win 229, options [nop,nop,TS val 1875972896 ecr 3222175746], length 0 08:01:50.587023 IP (tos 0x0, ttl 64, id 9207, offset 0, flags [DF], proto TCP (6), length 253) 192.168.1.79.53260 > 151.101.36.223.443: Flags [P.], cksum 0x7f2b (incorrect -> 0x2527), seq 1:202, ack 1, win 229, options [nop,nop,TS val 1875972946 ecr 3222175746], length 201 08:01:50.637936 IP (tos 0x0, ttl 57, id 25042, offset 0, flags [DF], proto TCP (6), length 1420) 151.101.36.223.443 > 192.168.1.79.53260: Flags [.], cksum 0x478f (correct), seq 1:1369, ack 202, win 56, options [nop,nop,TS val 3222175771 ecr 1875972946], length 1368 08:01:50.638064 IP (tos 0x0, ttl 64, id 9208, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.79.53260 > 151.101.36.223.443: Flags [.], cksum 0x7e62 (incorrect -> 0xa1ff), seq 202, ack 1369, win 251, options [nop,nop,TS val 1875972997 ecr 3222175771], length 0 08:01:50.638977 IP (tos 0x0, ttl 57, id 25043, offset 0, flags [DF], proto TCP (6), length 1420) 151.101.36.223.443 > 192.168.1.79.53260: Flags [.], cksum 0x2784 (correct), seq 1369:2737, ack 202, win 56, options [nop,nop,TS val 3222175771 ecr 1875972946], length 1368 08:01:50.639044 IP (tos 0x0, ttl 64, id 9209, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.79.53260 > 151.101.36.223.443: Flags [.], cksum 0x7e62 (incorrect -> 0x9c8f), seq 202, ack 2737, win 274, options [nop,nop,TS val 1875972998 ecr 3222175771], length 0 08:01:50.640141 IP (tos 0x0, ttl 57, id 25044, offset 0, flags [DF], proto TCP (6), length 1104) 151.101.36.223.443 > 192.168.1.79.53260: Flags [P.], cksum 0x4de6 (correct), seq 2737:3789, ack 202, win 56, options [nop,nop,TS val 3222175771 ecr 1875972946], length 1052 08:01:50.640206 IP (tos 0x0, ttl 64, id 9210, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.79.53260 > 151.101.36.223.443: Flags [.], cksum 0x7e62 (incorrect -> 0x985c), seq 202, ack 3789, win 296, options [nop,nop,TS val 1875972999 ecr 3222175771], length 0 08:01:50.641753 IP (tos 0x0, ttl 64, id 9211, offset 0, flags [DF], proto TCP (6), length 178) 192.168.1.79.53260 > 151.101.36.223.443: Flags [P.], cksum 0x7ee0 (incorrect -> 0x542f), seq 202:328, ack 3789, win 296, options [nop,nop,TS val 1875973001 ecr 3222175771], length 126 08:01:50.688839 IP (tos 0x0, ttl 57, id 25045, offset 0, flags [DF], proto TCP (6), length 278) 151.101.36.223.443 > 192.168.1.79.53260: Flags [P.], cksum 0x2536 (correct), seq 3789:4015, ack 328, win 56, options [nop,nop,TS val 3222175784 ecr 1875973001], length 226 08:01:50.729683 IP (tos 0x0, ttl 64, id 9212, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.79.53260 > 151.101.36.223.443: Flags [.], cksum 0x7e62 (incorrect -> 0x967f), seq 328, ack 4015, win 318, options [nop,nop,TS val 1875973089 ecr 3222175784], length 0 13 packets captured 13 packets received by filter 0 packets dropped by kernel ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/10/2017 09:30 PM, Ed Greshko wrote: May I suggest that IP address be used instead of the host name? I specifically wanted to use the hostname because I assumed that if this were an IPv6 vs IPv4 sort of problem, we'd see that difference in successful and unsuccessful connections. We didn't. All of the successful and unsuccessful connections were to the same IPv6 address. That mostly rules out an IPv6 problem. It could still be an intermittent IPv6 problem... It would be useful to disable IPv6 for this connection and try again. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/10/2017 08:56 PM, Frédéric Bron wrote: # tcpdump -nn port 443 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp62s0u1u4, link-type EN10MB (Ethernet), capture size 262144 bytes 05:38:34.536393 IP6 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038 > 2a04:4e42:9::223.443: Flags [S], seq 341004267, win 27920, options [mss 1396,sackOK,TS val 193352749 ecr 0,nop,wscale 7], length 0 05:38:34.588361 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [S.], seq 2353121035, ack 341004268, win 27360, options [mss 1380,sackOK,TS val 1661200257 ecr 193352749,nop,wscale 9], length 0 ... 05:38:34.693359 IP6 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038 > 2a04:4e42:9::223.443: Flags [.], ack 3789, win 283, options [nop,nop,TS val 193352906 ecr 1661200282], length 0 05:38:34.694875 IP6 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038 > 2a04:4e42:9::223.443: Flags [P.], seq 202:328, ack 3789, win 283, options [nop,nop,TS val 193352908 ecr 1661200282], length 126 05:38:34.745931 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [R], seq 2353123732, win 0, length 0 05:38:34.748264 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [R], seq 2353124824, win 0, length 0 05:38:34.749457 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [R], seq 2353124824, win 0, length 0 05:38:34.938558 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [P.], seq 2697:3789, ack 202, win 56, options [nop,nop,TS val 1661200344 ecr 193352904], length 1092 05:38:34.938616 IP6 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038 > 2a04:4e42:9::223.443: Flags [R], seq 341004469, win 0, length 0 05:38:35.233371 IP6 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60038: Flags [.], seq 1349:2697, ack 202, win 56, options [nop,nop,TS val 1661200418 ecr 193352904], length 1348 It looks to me like early on in this connection, you're getting "reset" packets (the [R] flagged packets) from 2a04:4e42:9::223, followed by more data from the server. That seems all wrong. If the server is resetting the connection, it shouldn't be sending more packets. Once the reset packets are received by your system, your system begins sending "reset" packets of its own in response to any packets the server sends, and the server continues to try to send "seq 1349:2697" every two seconds. All of this looks like some system in the middle is interrupting the connection, sending reset packets to your system and dropping packets that your system is sending. I can't imagine that this has anything to do with Fedora. Who provides your Internet connection? Do they have any firewalls that might require a proxy server or perform intrusion detection? That sort of thing would explain what you're seeing. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/11/17 00:25, Gordon Messmer wrote: > On 04/09/2017 11:46 PM, Frédéric Bron wrote: >> First try and apprently maybe a first error (write:errno=104): > > > OK, errno 104 is ECONNRESET (Connection reset by peer). That might be > because some firewall or router in between your system and the server > is sending a TCP reset packet to disrupt the connection, or it might > be a reset from the server itself. > > Either way, I think the possibility of an IPv6 problem is worth > investigating. Close all of your applications, then open two > terminals. In one, run: > > $ sudo tcpdump -nn port 443 > > In the other, run the same s_client command to connect to the python > docs server. Send us the output of tcpdump, describing both a > successful and an unsuccessful connection. May I suggest that IP address be used instead of the host name? Suggest the OP does a "host docs.python.org" and then uses the IP addresses returned. For example I get this docs.python.org is an alias for python.map.fastly.net. python.map.fastly.net has address 151.101.0.223 python.map.fastly.net has address 151.101.64.223 python.map.fastly.net has address 151.101.128.223 python.map.fastly.net has address 151.101.192.223 python.map.fastly.net has IPv6 address 2a04:4e42::223 python.map.fastly.net has IPv6 address 2a04:4e42:200::223 python.map.fastly.net has IPv6 address 2a04:4e42:400::223 python.map.fastly.net has IPv6 address 2a04:4e42:600::223 For IPv4 it would be sufficient to use openssl s_client -connect 151.101.0.223:443 But for IPv6 the IP address must be enclosed in [ ] brackets like so... openssl s_client -connect [2a04:4e42::223]:443 This way you can be assured of what address type is being used for testing. -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/11/17 11:56, Frédéric Bron wrote: > apparently, although I ticked "IPv4 required for this connexion", IPv6 is > used. Just a quick note on the meaning of that check box. It means that in order for that interface to be marked as UP it needs to have an IPv4 address. That's all it means. It has nothing to do with what address type will be utilized. -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> Either way, I think the possibility of an IPv6 problem is worth > investigating. Close all of your applications, then open two terminals. In > one, run: > > $ sudo tcpdump -nn port 443 > > In the other, run the same s_client command to connect to the python docs > server. Send us the output of tcpdump, describing both a successful and an > unsuccessful connection. 4 logs attached: - on_error104 and on_error104-vv (I also added -vv option to have verbose output). - on_success and on_sucess-vv (same) apparently, although I ticked "IPv4 required for this connexion", IPv6 is used. Frédéric tcpdump: listening on enp62s0u1u4, link-type EN10MB (Ethernet), capture size 262144 bytes 05:44:02.086711 IP6 (flowlabel 0x91a5a, hlim 64, next-header TCP (6) payload length: 40) 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056 > 2a04:4e42:9::223.443: Flags [S], cksum 0xa71f (incorrect -> 0xaff0), seq 381705055, win 27920, options [mss 1396,sackOK,TS val 3208799896 ecr 0,nop,wscale 7], length 0 05:44:02.140275 IP6 (flowlabel 0xdafee, hlim 57, next-header TCP (6) payload length: 40) 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056: Flags [S.], cksum 0xdc44 (correct), seq 1546151322, ack 381705056, win 27360, options [mss 1380,sackOK,TS val 216598317 ecr 3208799896,nop,wscale 9], length 0 05:44:02.140357 IP6 (flowlabel 0x91a5a, hlim 64, next-header TCP (6) payload length: 32) 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056 > 2a04:4e42:9::223.443: Flags [.], cksum 0xa717 (incorrect -> 0x7493), seq 1, ack 1, win 219, options [nop,nop,TS val 3208799949 ecr 216598317], length 0 05:44:02.184162 IP6 (flowlabel 0x91a5a, hlim 64, next-header TCP (6) payload length: 233) 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056 > 2a04:4e42:9::223.443: Flags [P.], cksum 0xa7e0 (incorrect -> 0x15a1), seq 1:202, ack 1, win 219, options [nop,nop,TS val 320873 ecr 216598317], length 201 05:44:02.241730 IP6 (flowlabel 0xdafee, hlim 57, next-header TCP (6) payload length: 1380) 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056: Flags [.], cksum 0xfeb8 (correct), seq 1:1349, ack 202, win 56, options [nop,nop,TS val 216598342 ecr 320873], length 1348 05:44:02.241838 IP6 (flowlabel 0x91a5a, hlim 64, next-header TCP (6) payload length: 32) 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056 > 2a04:4e42:9::223.443: Flags [.], cksum 0xa717 (incorrect -> 0x6df2), seq 202, ack 1349, win 240, options [nop,nop,TS val 3208800051 ecr 216598342], length 0 05:44:02.242765 IP6 (flowlabel 0xdaf02, hlim 57, next-header TCP (6) payload length: 2472) 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056: Flags [P.], cksum 0xb09f (incorrect -> 0x9b37), seq 1349:3789, ack 202, win 56, options [nop,nop,TS val 216598342 ecr 320873], length 2440 05:44:02.242819 IP6 (flowlabel 0x91a5a, hlim 64, next-header TCP (6) payload length: 32) 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056 > 2a04:4e42:9::223.443: Flags [.], cksum 0xa717 (incorrect -> 0x6443), seq 202, ack 3789, win 278, options [nop,nop,TS val 3208800052 ecr 216598342], length 0 05:44:02.244262 IP6 (flowlabel 0x91a5a, hlim 64, next-header TCP (6) payload length: 158) 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056 > 2a04:4e42:9::223.443: Flags [P.], cksum 0xa795 (incorrect -> 0x35ea), seq 202:328, ack 3789, win 278, options [nop,nop,TS val 3208800053 ecr 216598342], length 126 05:44:02.296568 IP6 (flowlabel 0x42594, hlim 57, next-header TCP (6) payload length: 20) 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056: Flags [R], cksum 0x4c0c (correct), seq 1546155111, win 0, length 0 05:44:02.298896 IP6 (flowlabel 0x42594, hlim 57, next-header TCP (6) payload length: 20) 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056: Flags [R], cksum 0x4c0c (correct), seq 1546155111, win 0, length 0 05:44:02.496722 IP6 (flowlabel 0xdafee, hlim 57, next-header TCP (6) payload length: 1124) 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056: Flags [P.], cksum 0xc107 (correct), seq 2697:3789, ack 202, win 56, options [nop,nop,TS val 216598406 ecr 3208800051], length 1092 05:44:02.496777 IP6 (flowlabel 0xf3509, hlim 64, next-header TCP (6) payload length: 20) 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056 > 2a04:4e42:9::223.443: Flags [R], cksum 0xa70b (incorrect -> 0xa9b2), seq 381705257, win 0, length 0 05:44:02.824027 IP6 (flowlabel 0x7cd00, hlim 57, next-header TCP (6) payload length: 1380) 2a04:4e42:9::223.443 > 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056: Flags [.], cksum 0x428a (correct), seq 1349:2697, ack 202, win 56, options [nop,nop,TS val 216598488 ecr 3208800051], length 1348 05:44:02.824084 IP6 (flowlabel 0xf3509, hlim 64, next-header TCP (6) payload length: 20) 2001:41d0:fe0b:8000:9a64:ff80:35b8:7d03.60056 > 2a04:4e42:9::223.443: Flags [R], cksum 0xa70b (incorrect -> 0xa9b2), seq 381705257, win 0, length 0 05:44:03.431547 IP6 (flowlabel 0xcf603, hlim 57, next-
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/09/2017 11:46 PM, Frédéric Bron wrote: First try and apprently maybe a first error (write:errno=104): OK, errno 104 is ECONNRESET (Connection reset by peer). That might be because some firewall or router in between your system and the server is sending a TCP reset packet to disrupt the connection, or it might be a reset from the server itself. Either way, I think the possibility of an IPv6 problem is worth investigating. Close all of your applications, then open two terminals. In one, run: $ sudo tcpdump -nn port 443 In the other, run the same s_client command to connect to the python docs server. Send us the output of tcpdump, describing both a successful and an unsuccessful connection. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> Just because I am out of ideas at the moment could you try disabling > IPv6 to see if that helps? You can do it without rebooting by (as root) > > echo 1 > /proc/sys/net/ipv6/conf/(name of interface)/disable_ipv6 > And then see if this makes any difference. in fact, some time ago, I contacted my ISP to see if my issue could come from their DNS and they asked me to change the default DNS and I also set the "IPv4 required for this connexion". So I guess I am already fully IPv4? Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> nss doesn't have a test client that I'm aware of, but since you're having > trouble with an OpenSSL application, you might be able to get more > information by using the "s_client" app: > > openssl s_client -connect docs.python.org:443 First try and apprently maybe a first error (write:errno=104): $ openssl s_client -connect docs.python.org:443 CONNECTED(0003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA verify return:1 depth=0 businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = Delaware, serialNumber = 3359300, street = 16 Allen Rd, postalCode = 03894-4801, C = US, ST = NH, L = Wolfeboro, O = Python Software Foundation, CN = www.python.org verify return:1 write:errno=104 --- Certificate chain 0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA --- ... tried 3-4 times with same result, then got a trial without error. Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 4/7/17 3:39 PM, Ed Greshko wrote: On 04/07/17 12:32, Frédéric Bron wrote: gnutls has this on its web page: Support for TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols I have Name: gnutls Version : 3.5.10 Release : 1.fc25 installed. Do you have gnutls installed? gnutls: Version : 3.5.10 Release : 1.fc25 Repo: @System openssl: Version : 1.0.2k Release : 1.fc25 Repo: @System nss: Version : 3.29.3 Release : 1.1.fc25 Repo: @System firefox: Version : 52.0.2 Release : 2.fc25 Repo: @System This morning, I had to try 6-7 times before getting the page https://docs.python.org/2/library/shutil.html in firefox Just to add to the thread, I tried the above site in Firefox and it displayed fine. I'm on F25 and I'm using Firefox 55.0a1. regards, Steve One would think that if this really was a "fedora" issue then many others would be seeing the same problem. I've not seen evidence for that. You said you have a Windows system that doesn't have the problem. I'm assuming you only have those 2 systems. Could you boot an F25 Live image on that machine to see if it also exhibits the problem? Have you had a look at network traffic to see if you're getting many packets being re-transmitted? A while back we had a system that worked perfectly well most of the time downloading files using ftp. Only when certain compressed files would be corrupt. Turned out to be a bad network card. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
OK, so you're having intermittent problems with both firefox and konqueror within a fresh user account. That's useful information, because those two browsers use completely separate SSL implementations. Mozilla develops their own "nss" library for encryption, and Konqueror uses OpenSSL. nss doesn't have a test client that I'm aware of, but since you're having trouble with an OpenSSL application, you might be able to get more information by using the "s_client" app: openssl s_client -connect docs.python.org:443 On my system, I see: CONNECTED(0003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA verify return:1 depth=0 businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = Delaware, serialNumber = 3359300, street = 16 Allen Rd, postalCode = 03894-4801, C = US, ST = NH, L = Wolfeboro, O = Python Software Foundation, CN = www.python.org verify return:1 --- Certificate chain 0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA --- ...indicating a successfully verified certificate chain. Try connecting a few times in sequence on your system and see if you ever get failures from s_client. That might give you more information to go on. As far as Firefox goes, you *should* get information beyond the simple error message you posted earlier. Firefox will let you view the certificate when there's a negotiation problem, and should tell you more specifically what's wrong when that happens. Click on "Advanced" for details and let us know what Firefox tells you. You can also "add an exception" and then "view" the certificate. Those details might also help clarify what's happening. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/07/17 22:44, Frédéric Bron wrote: >> I think I may have lost part of the thread due to my "expiration" >> policy. Just to verify. Both your Win and F25 systems are connected >> via Wifi? > No wired connexion. > OK. If I am not mistaken the slow transfer rates in previous posts have been about Wifi speeds. Just because I am out of ideas at the moment could you try disabling IPv6 to see if that helps? You can do it without rebooting by (as root) echo 1 > /proc/sys/net/ipv6/conf/(name of interface)/disable_ipv6 And then see if this makes any difference. -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> I think I may have lost part of the thread due to my "expiration" > policy. Just to verify. Both your Win and F25 systems are connected > via Wifi? No wired connexion. > And, when they connect they are both connected to the same SSID? same ISP/box. > Assuming Wifi again, is the brand of HW and driver being used in the > liveOS the same as your installed F25 system? no wired connexion. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/07/17 18:00, Patrick O'Callaghan wrote: > I'm wondering if this could be related to MTU issues, which in the past > have sometimes caused very mysterious behaviour. Not sure how to check > though. Maybe use tracepath (not traceroute), or ping with different > size packets might show something. I do not know But another possibility (thinking about another thread) [root@meimei enp2s0]# host docs.python.org docs.python.org is an alias for python.map.fastly.net. python.map.fastly.net has address 151.101.0.223 python.map.fastly.net has address 151.101.192.223 python.map.fastly.net has address 151.101.64.223 python.map.fastly.net has address 151.101.128.223 python.map.fastly.net has IPv6 address 2a04:4e42::223 python.map.fastly.net has IPv6 address 2a04:4e42:200::223 python.map.fastly.net has IPv6 address 2a04:4e42:400::223 python.map.fastly.net has IPv6 address 2a04:4e42:600::223 So that host has 4 IPv4 and 4 IPv6 addresses. Probably a long shot, but if the system isn't configured properly for IPv6 it may explain why it works sometimes and not others. In looking at wireshark earlier trying to see what a re-transmitted packet would be displayed I found my system seems to prefer IPv6 for that particular host. :-) Not sure what good tracepath would be since [root@meimei enp2s0]# tracepath -n 151.101.192.223 1?: [LOCALHOST] pmtu 1500 1: 192.168.1.1 0.577ms 1: 192.168.1.1 0.560ms 2: 211.75.128.2549.495ms 3: 168.95.229.46 9.464ms 4: 220.128.4.10210.177ms asymm 6 5: 220.128.1.18216.220ms asymm 6 6: 220.128.4.21 31.501ms 7: 211.22.33.53 34.772ms asymm 9 8: 61.14.157.82 38.363ms asymm 9 9: 61.14.157.78 74.545ms asymm 13 10: 61.14.158.41 70.767ms asymm 12 11: 61.14.158.41 66.320ms asymm 12 12: no reply 13: no reply 14: no reply -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Fri, 2017-04-07 at 17:51 +0800, Ed Greshko wrote: > On 04/07/17 16:32, Frédéric Bron wrote: > > > One would think that if this really was a "fedora" issue then many > > > others would be seeing the same problem. I've not seen evidence for that. > > > > I have seen another thread with very slow wifi connexion. I wonder if > > it is not the same issue. > > I think I may have lost part of the thread due to my "expiration" > policy. Just to verify. Both your Win and F25 systems are connected > via Wifi? And, when they connect they are both connected to the same SSID? > > > You said you have a Windows system that doesn't have the problem. I'm > > > assuming you only have those 2 systems. Could you boot an F25 Live > > > image on that machine to see if it also exhibits the problem? > > > > Excellent idea. I just did that and got the same behaviour: I started > > fedora, typed the address of the python doc, nothing appeared. I had > > to retry about 10 times before it came. > > Just after that, I restarted the computer on windows and got the page > > immediately. > > Assuming Wifi again, is the brand of HW and driver being used in the > liveOS the same as your installed F25 system? > > > Have you had a look at network traffic to see if you're getting many > > > packets being re-transmitted? > > > > how can I check that? > > I normally use wireshark for that. Not sure how familiar you are with > that. But I set up a trace between my system and the target and the > capture the packets. I forget how they are labeled but I recall > retransmitted packets to be shown in red and the INFO spelling it out > rather clearly. > > > A while back we had a system that worked > > > perfectly well most of the time downloading files using ftp. Only when > > > certain compressed files would be corrupt. Turned out to be a bad > > > network card. I'm wondering if this could be related to MTU issues, which in the past have sometimes caused very mysterious behaviour. Not sure how to check though. Maybe use tracepath (not traceroute), or ping with different size packets might show something. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/07/17 16:32, Frédéric Bron wrote: >> One would think that if this really was a "fedora" issue then many >> others would be seeing the same problem. I've not seen evidence for that. > I have seen another thread with very slow wifi connexion. I wonder if > it is not the same issue. I think I may have lost part of the thread due to my "expiration" policy. Just to verify. Both your Win and F25 systems are connected via Wifi? And, when they connect they are both connected to the same SSID? >> You said you have a Windows system that doesn't have the problem. I'm >> assuming you only have those 2 systems. Could you boot an F25 Live >> image on that machine to see if it also exhibits the problem? > Excellent idea. I just did that and got the same behaviour: I started > fedora, typed the address of the python doc, nothing appeared. I had > to retry about 10 times before it came. > Just after that, I restarted the computer on windows and got the page > immediately. Assuming Wifi again, is the brand of HW and driver being used in the liveOS the same as your installed F25 system? >> Have you had a look at network traffic to see if you're getting many >> packets being re-transmitted? > how can I check that? I normally use wireshark for that. Not sure how familiar you are with that. But I set up a trace between my system and the target and the capture the packets. I forget how they are labeled but I recall retransmitted packets to be shown in red and the INFO spelling it out rather clearly. >> A while back we had a system that worked >> perfectly well most of the time downloading files using ftp. Only when >> certain compressed files would be corrupt. Turned out to be a bad >> network card. > but apparently, it should not be the network card because it does the > same on the other computer. Probably true Very odd -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> One would think that if this really was a "fedora" issue then many > others would be seeing the same problem. I've not seen evidence for that. I have seen another thread with very slow wifi connexion. I wonder if it is not the same issue. > You said you have a Windows system that doesn't have the problem. I'm > assuming you only have those 2 systems. Could you boot an F25 Live > image on that machine to see if it also exhibits the problem? Excellent idea. I just did that and got the same behaviour: I started fedora, typed the address of the python doc, nothing appeared. I had to retry about 10 times before it came. Just after that, I restarted the computer on windows and got the page immediately. > Have you had a look at network traffic to see if you're getting many > packets being re-transmitted? how can I check that? > A while back we had a system that worked > perfectly well most of the time downloading files using ftp. Only when > certain compressed files would be corrupt. Turned out to be a bad > network card. but apparently, it should not be the network card because it does the same on the other computer. Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/07/17 12:32, Frédéric Bron wrote: gnutls has this on its web page: Support for TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols I have Name: gnutls Version : 3.5.10 Release : 1.fc25 installed. Do you have gnutls installed? > gnutls: > Version : 3.5.10 > Release : 1.fc25 > Repo: @System > > openssl: > Version : 1.0.2k > Release : 1.fc25 > Repo: @System > > nss: > Version : 3.29.3 > Release : 1.1.fc25 > Repo: @System > > firefox: > Version : 52.0.2 > Release : 2.fc25 > Repo: @System > > This morning, I had to try 6-7 times before getting the page > https://docs.python.org/2/library/shutil.html in firefox > One would think that if this really was a "fedora" issue then many others would be seeing the same problem. I've not seen evidence for that. You said you have a Windows system that doesn't have the problem. I'm assuming you only have those 2 systems. Could you boot an F25 Live image on that machine to see if it also exhibits the problem? Have you had a look at network traffic to see if you're getting many packets being re-transmitted? A while back we had a system that worked perfectly well most of the time downloading files using ftp. Only when certain compressed files would be corrupt. Turned out to be a bad network card. -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
>> > gnutls has this on its web page: >> > Support for TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols >> > >> > I have >> > Name: gnutls >> > Version : 3.5.10 >> > Release : 1.fc25 >> > installed. >> > >> > Do you have gnutls installed? gnutls: Version : 3.5.10 Release : 1.fc25 Repo: @System openssl: Version : 1.0.2k Release : 1.fc25 Repo: @System nss: Version : 3.29.3 Release : 1.1.fc25 Repo: @System firefox: Version : 52.0.2 Release : 2.fc25 Repo: @System This morning, I had to try 6-7 times before getting the page https://docs.python.org/2/library/shutil.html in firefox Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Thu, 6 Apr 2017 14:52:48 -0700 stan wrote: > On Thu, 6 Apr 2017 14:26:54 -0700 > stan wrote: > > > On Thu, 6 Apr 2017 22:29:30 +0200 > > Frédéric Bron wrote: > > > > > How do I now if I have TLS 1.2? > > > > gnutls has this on its web page: > > Support for TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols > > > > I have > > Name: gnutls > > Version : 3.5.10 > > Release : 1.fc25 > > installed. > > > > Do you have gnutls installed? > > I did a quick search of the source code for firefox, and it appears > that they implement their own internal version of tls, and they > support up to tls 1.3, if allowed, and fall back to up to 1.2 if 1.3 > is disabled. So, it is unlikely that it is the protocol that is > causing the problem. If it was causing it on your system, it would > be causing it on mine. > > Name: firefox > Version : 52.0.2 > Release : 2.fc25 Further research finds this page https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations that says that nss and openssl also implement tls 1.2. And there doesn't appear to be a tls 1.3, that must just be firefox preparing for the future. Name: openssl Epoch : 1 Version : 1.0.2k Release : 1.fc25 Name: nss Version : 3.29.3 Release : 1.1.fc25 ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Thu, 6 Apr 2017 14:26:54 -0700 stan wrote: > On Thu, 6 Apr 2017 22:29:30 +0200 > Frédéric Bron wrote: > > > How do I now if I have TLS 1.2? > > gnutls has this on its web page: > Support for TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols > > I have > Name: gnutls > Version : 3.5.10 > Release : 1.fc25 > installed. > > Do you have gnutls installed? I did a quick search of the source code for firefox, and it appears that they implement their own internal version of tls, and they support up to tls 1.3, if allowed, and fall back to up to 1.2 if 1.3 is disabled. So, it is unlikely that it is the protocol that is causing the problem. If it was causing it on your system, it would be causing it on mine. Name: firefox Version : 52.0.2 Release : 2.fc25 ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Thu, 6 Apr 2017 22:29:30 +0200 Frédéric Bron wrote: > How do I now if I have TLS 1.2? gnutls has this on its web page: Support for TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols I have Name: gnutls Version : 3.5.10 Release : 1.fc25 installed. Do you have gnutls installed? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> Before you condemn F25, try some other browser than Konqueror and make > sure you update your system fully. My system is always up to date. I tested with firefox and konqueror. I normally use firefox. > The SSL negotiation may have to do > with an outdated SSL or TLS library (that site uses TLS 1.2 and if all > you have is TLS 1.1 or 1.0 you could have an issue). How do I now if I have TLS 1.2? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> Can you create an entirely new user on the F25 system and replicate the > problem there? > > What did you copy from opensuse to F25 when you made the switch (if > anything)? I installed F25 from scratch: no upgrade from oan lder fedora release. The account was completely new on one computer (I have 2 computers: one was with opensuse before and the other is completely new). Same issue on both. Also I update my system every day with dnf update (I see now that 'dnf --best update' does not change anything compared to 'dnf update'). I just created a new user and tested the same python page https://docs.python.org/2/library/shutil.html - worked in firefox, - not in konqueror (SSL error) then, later it worked also in konqueror. back on the first user account: - still not working in firefox, - working in konqueror but very badly (like the css stylesheet not loaded...) and then constantly failing with SSL error. - working again in firefox. back to the new account: - constantly working in firefox - constantly failing in konqueror. back to the old account: - konqueror: first worked without styles, then constantly failing with SSL error - firefox: first failing, then working all the time ... ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/05/2017 10:49 PM, Frédéric Bron wrote: Where could it come from? Can you create an entirely new user on the F25 system and replicate the problem there? What did you copy from opensuse to F25 when you made the switch (if anything)? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Thu, 6 Apr 2017 07:49:43 +0200 Frédéric Bron wrote: > I have now the proof my connexion issues come from fedora. > Today, again, from firefox, I could not reach this page: > https://docs.python.org/2/library/shutil.html > From konqueror, I couldn't reach it but got the same SSL error > message. > > I tested the same page from a windows computer with firefox on the > same internet access and the page came immediately. > > Where could it come from? I tested that page with the distribution version of firefox, a locally compiled firefox nightly, midori, and seamonkey, and they all worked just fine. This is on a fully updated F25. I think there must be something wrong in your setup. Maybe it is as Rick suggested, or maybe you have some historical block in place if you've upgraded your system for several versions of Fedora. By that I mean that an obsolete package from a previous version is blocking an update that is needed to get this to work for you. You could try dnf --best update to see if that is the case. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 04/05/2017 10:49 PM, Frédéric Bron wrote: >> I often experience very slow internet surf. No idea where it comes >> from, just that it started when I switched from opensuse to F25. >> >> Today, I may have obtained a clue: >> >> I normally use firefox. >> Today I got the following issue: >> - searched in google for "python os.path" >> - clicked on the first linked https://docs.python.org/2/library/os.path.html >> - nothing happened (tried many times) >> >> - I removed all firefox cookies and cache -> same issue >> - I removed current firefox profile and created a new one -> same issue >> - I tried the search on a windows computer + firefox on the same >> internet connexion -> no issue >> - I did the same on fedora with konqueror -> no issue >> - again with konqueror -> got an error message: >> "Adresse : https://docs.python.org/2/library/os.path.html >> Protocole : https >> Date et heure : mercredi 22 mars 2017 16:47 >> Informations complémentaires : Échec de la négociation SSL avec >> docs.python.org" >> Which means: >> - again with konqueror -> error message: >> "Address: https://docs.python.org/2/library/os.path.html >> Protocol: https >> Date and time: Wednesday 22nd March 2017 16:47 >> Additionnal informations: Failure of SSL transaction with docs.python.org" > > I have now the proof my connexion issues come from fedora. > Today, again, from firefox, I could not reach this page: > https://docs.python.org/2/library/shutil.html > From konqueror, I couldn't reach it but got the same SSL error message. > > I tested the same page from a windows computer with firefox on the > same internet access and the page came immediately. > > Where could it come from? Before you condemn F25, try some other browser than Konqueror and make sure you update your system fully. I just tested with Chrome and Konqueror on F25 and it works fine. The SSL negotiation may have to do with an outdated SSL or TLS library (that site uses TLS 1.2 and if all you have is TLS 1.1 or 1.0 you could have an issue). -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 226437340 Yahoo: origrps2 - -- - UNIX is actually quite user friendly. The problem is that it's - - just very picky of who its friends are! - -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> I often experience very slow internet surf. No idea where it comes > from, just that it started when I switched from opensuse to F25. > > Today, I may have obtained a clue: > > I normally use firefox. > Today I got the following issue: > - searched in google for "python os.path" > - clicked on the first linked https://docs.python.org/2/library/os.path.html > - nothing happened (tried many times) > > - I removed all firefox cookies and cache -> same issue > - I removed current firefox profile and created a new one -> same issue > - I tried the search on a windows computer + firefox on the same > internet connexion -> no issue > - I did the same on fedora with konqueror -> no issue > - again with konqueror -> got an error message: > "Adresse : https://docs.python.org/2/library/os.path.html > Protocole : https > Date et heure : mercredi 22 mars 2017 16:47 > Informations complémentaires : Échec de la négociation SSL avec > docs.python.org" > Which means: > - again with konqueror -> error message: > "Address: https://docs.python.org/2/library/os.path.html > Protocol: https > Date and time: Wednesday 22nd March 2017 16:47 > Additionnal informations: Failure of SSL transaction with docs.python.org" I have now the proof my connexion issues come from fedora. Today, again, from firefox, I could not reach this page: https://docs.python.org/2/library/shutil.html From konqueror, I couldn't reach it but got the same SSL error message. I tested the same page from a windows computer with firefox on the same internet access and the page came immediately. Where could it come from? Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> Nonetheless, I'm on the side of there being some sort of dns issue, > especially if using any ad blockers (404's, timeouts, etc). Could you develop a little bit? I have AdBlock Plus extension in firefox. Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Thu, 23 Mar 2017 12:38:07 +1030 Tim wrote: > Way back in the past, I used to do that kind of thing, but found that > my PCs struggled with moderately large hosts files, never mind one > that big. It made all domain name look-ups slow, as it everything > had to trawl through that hosts file, first. > > Whether that's still an issue, I don't know. But, instead, I ended up > doing the same thing with my local DNS server, instead, it offloaded > the burden to a central point, to software that was designed to be > good at DNS resolutions. So one thing in my LAN takes care of all my > computers. [snip] Thanks for an interesting read. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
stan:
>> One thing I know slows down browsing is the way sites outsource much
>> of their content. The browser has to access many sites on the web to
>> put together a page for you to view. Blocking this as much as
>> possible not only speeds up page loading, but also hinders tracking
>> sites.
Peter SkensvedL:
> mvps is your friend here :
>
> http://winhelp2002.mvps.org/hosts.htm
Way back in the past, I used to do that kind of thing, but found that my
PCs struggled with moderately large hosts files, never mind one that
big. It made all domain name look-ups slow, as it everything had to
trawl through that hosts file, first.
Whether that's still an issue, I don't know. But, instead, I ended up
doing the same thing with my local DNS server, instead, it offloaded the
burden to a central point, to software that was designed to be good at
DNS resolutions. So one thing in my LAN takes care of all my computers.
I also did it slightly differently, rather than return a bogus IP for
the blocked sites, such as their 0.0.0.0 answer, I return a no-answer
(i.e. no such domain exists). That quickly kills off any connection
attempt.
Some software will try to do something with a 0.0.0.0 IP, regardless of
whether they ought to, or not. Likewise, giving forbidden domains the
127.0.0.1 IP of your own computer causes its own problems, masses of
bogus connection attempts to non-existent things on your own computer.
All of which wait for the attempt to time-out and fail. Or, if you have
a local webserver, hammer your webserver for non-existent files.
My named.conf file is populated with configuration lines like this:
zone "adimages.com" { type master; file "dead.zone"; };
zone "admonitor.com"{ type master; file "dead.zone"; };
zone "adsfac.net" { type master; file "dead.zone"; };
zone "advertising.com" { type master; file "dead.zone"; };
One per forbidden domain, or sub-domain (if I want partial blocking,
such as doing nothing about example.com but killing ads.example.com).
To avoid cluttering your named.conf file, you could use a second
"blocking" file, that named.conf imports when it starts up. That would
allow easier manipulation of it, with less risk to the normal
configuration.
And this is the entire contents of the dead.zone file:
$TTL 10
@ IN SOA ns.localdomain. hostmaster.mail.localdomain. (
202 ; serial
20 ; refresh
20 ; retry
20 ; expire
20 ; ttl
)
IN NS ns.localdomain.
It has the basic details required for a zone file (in that incarnation
of the BIND DNS server), but no records to return any IPs.
However, all of these methods start to fail in some modern browsers,
which started doing their own DNS look-ups. Why they do that can be
guessed at being due to two things:
Realising that many users have awful ISPs (as I did, which is why I've
run my own DNS servers for many years), they took the easy solution of
having their web browser product use some *other* DNS server.
As a counteraction so that adblockers wouldn't stop their product from
showing adverts.
There's been a bit of an outcry about that last issue. And I'd noticed
some blocked things (by my DNS server) getting through in recent times.
If advertisers weren't such bastards, there wouldn't be a need for such
blocking. Some small advert sitting out of the way on the side of a
page isn't worth caring about. But there are sites where there's more
advertising than content, badly written scripts that peg your CPU at
100%, tracking, spyware, malware, etc. If advertisers want to bitch
about being blocked, they need to take a long hard look in the mirror.
--
[tim@localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64
Boilerplate: All mail to my mailbox is automatically deleted, there is
no point trying to privately email me, I only get to see the messages
posted to the mailing list.
Ha ha ha ha... (I couldn't think of a good joke, so I supplied a laugh
track, instead.)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Wed, 22 Mar 2017 20:36:59 -0400 Peter Skensved wrote: > > One thing I know slows down browsing is the way sites outsource much > > of their content. The browser has to access many sites on the web > > to put together a page for you to view. Blocking this as much as > > possible not only speeds up page loading, but also hinders tracking > > sites. > > mvps is your friend here : > > http://winhelp2002.mvps.org/hosts.htm Thank you. That was eye opening. All those sites dedicated to serving ads and tracking. The linux specific information link on that page is http://www.putorius.net/2012/01/block-unwanted-advertisements-on.html ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> One thing I know slows down browsing is the way sites outsource much > of their content. The browser has to access many sites on the web to > put together a page for you to view. Blocking this as much as > possible not only speeds up page loading, but also hinders tracking > sites. mvps is your friend here : http://winhelp2002.mvps.org/hosts.htm peter ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 03/22/2017 05:05 PM, Rick Stevens wrote: Standard rule: Do NOT make your page rendering block on external events, feeds, whatnot. People will blame your page, not the events that are blocking it. Especially if they've blocked those sites. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 03/22/2017 04:36 PM, Tim wrote: > Allegedly, on or about 22 March 2017, stan sent: >> One thing I know slows down browsing is the way sites outsource much >> of their content. The browser has to access many sites on the web to >> put together a page for you to view. Blocking this as much as >> possible not only speeds up page loading, but also hinders tracking >> sites. > > Though, occasionally, you get the opposite: Sites waiting for some > external content to load before anything will proceed. Script blocking > can help with that, but can also kill a site from doing anything. It's > very much a two-edged sword. We had that with a client. They were bitching that their site was "slow". We pointed out that their home page was loading data from about 100 twitter feeds, 30 facebook items, snapchats, blogs and other assorted crap before the page would even start to render. We had them disable that stuff and lo and behold! It rendered in less than a second. Standard rule: Do NOT make your page rendering block on external events, feeds, whatnot. People will blame your page, not the events that are blocking it. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 226437340 Yahoo: origrps2 - -- -If your broker is so damned smart...why is he still working?- -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
Allegedly, on or about 22 March 2017, stan sent: > One thing I know slows down browsing is the way sites outsource much > of their content. The browser has to access many sites on the web to > put together a page for you to view. Blocking this as much as > possible not only speeds up page loading, but also hinders tracking > sites. Though, occasionally, you get the opposite: Sites waiting for some external content to load before anything will proceed. Script blocking can help with that, but can also kill a site from doing anything. It's very much a two-edged sword. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 Boilerplate: All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I only get to see the messages posted to the mailing list. Hooray! I finally finished typing this email. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Wed, 22 Mar 2017 13:12:19 -0700 Joe Zeff wrote: > Why not simply run it in a terminal? It doesn't *have* to be > maximized, you know. True. Just a habit that I avoid having root running in X for long periods of time. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 03/22/2017 12:12 PM, stan wrote: On Wed, 22 Mar 2017 12:05:43 -0700 stan wrote: One thing I know slows down browsing is the way sites outsource much of their content. The browser has to access many sites on the web to put together a page for you to view. Blocking this as much as possible not only speeds up page loading, but also hinders tracking sites. A site I used to see a lot of was fonts.googleapis.com. That hits both of the above, slows down browsing I was concerned about that too, but it turns out the typical webfont file coming from google is between 13k and 22k, with most fonts on the smaller side. Probably not the source of the slowdown. I'd be much more suspicious of the trackers and beacons that set up interactive connections that are left open. A 3k news article can easily pull in more than a meg of crap. I'd recommend the OP install some sort of plugin/extension that blocks autoplay. Makes a yuuuge difference. Nonetheless, I'm on the side of there being some sort of dns issue, especially if using any ad blockers (404's, timeouts, etc). ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 03/22/2017 12:05 PM, stan wrote: There are probably better ways to do this, but you could install iftop, open a virtual console, login as root, and leave iftop running. When the problem occurs, flip to the virtual console, and see a snapshot of the current connections. That might point you to the culprit. Why not simply run it in a terminal? It doesn't *have* to be maximized, you know. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Wed, 22 Mar 2017 12:05:43 -0700 stan wrote: > One thing I know slows down browsing is the way sites outsource much > of their content. The browser has to access many sites on the web to > put together a page for you to view. Blocking this as much as > possible not only speeds up page loading, but also hinders tracking > sites. A site I used to see a lot of was fonts.googleapis.com. That hits both of the above, slows down browsing, and lets google track you. In firefox preferences, it is possible to set the browser under content -> fonts and colors to use only local fonts. That removes at least that as an issue. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Wed, 22 Mar 2017 19:10:21 +0100 Frédéric Bron wrote: > > Given your description of what you've already tried to isolate the > > problem, I think it is something in your web access, either DNS or > > ISP. > > I also suspect that but when I run their speed test everything is > fine! There are probably better ways to do this, but you could install iftop, open a virtual console, login as root, and leave iftop running. When the problem occurs, flip to the virtual console, and see a snapshot of the current connections. That might point you to the culprit. One thing I know slows down browsing is the way sites outsource much of their content. The browser has to access many sites on the web to put together a page for you to view. Blocking this as much as possible not only speeds up page loading, but also hinders tracking sites. NoScript used to have a middle click that took me to a site with comments about the various sites, and how they track. It has been removed for some reason, and only the bland pablum left behind, but it used to pinpoint sites whose only reason was tracking, like addthis. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> It could be the way Firefox is handling SSL connections > I'd suggest ensuring you are running the latest Firefox I update F25 very often, thanks. Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
> Given your description of what you've already tried to isolate the > problem, I think it is something in your web access, either DNS or > ISP. I also suspect that but when I run their speed test everything is fine! Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On 03/22/2017 09:59 AM, stan wrote: > On Wed, 22 Mar 2017 17:07:49 +0100 > Frédéric Bron wrote: > >> I often experience very slow internet surf. No idea where it comes >> from, just that it started when I switched from opensuse to F25. >> >> Today, I may have obtained a clue: >> >> I normally use firefox. >> Today I got the following issue: >> - searched in google for "python os.path" >> - clicked on the first linked >> https://docs.python.org/2/library/os.path.html >> - nothing happened (tried many times) > > As a point of reference, that site comes up almost instantly for me on > F25, running a custom compiled version of nightly (the rawhide of > firefox). And also when I run the Fedora package version of Firefox > (current as of yesterday). > > Given your description of what you've already tried to isolate the > problem, I think it is something in your web access, either DNS or > ISP. Another possibility; when web response is slow here, it is > usually a traffic problem on the site I am accessing, that they are > slowing down because of heavy usage, but I doubt that is the case for > the python.org site. > > I don't see how switching distros could cause this; maybe someone else > can think of a way. It could be the way Firefox is handling SSL connections (note the URLs involved are "https://";). There was an issue (can't recall exactly what it was) where Firefox wasn't handling TLS properly due to an openSSL library thing. I'd suggest ensuring you are running the latest Firefox and all of the associated openSSL/gnuTLS libraries. I can't speak to this precisely as I use Chrome most of the time (I've found Firefox's various plugin woes, memory hemorrhaging and orphaned stray processes too annoying to put up with). -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 226437340 Yahoo: origrps2 - -- -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: [F25] issue with SSL connexions: Failure of SSL transaction with
On Wed, 22 Mar 2017 17:07:49 +0100 Frédéric Bron wrote: > I often experience very slow internet surf. No idea where it comes > from, just that it started when I switched from opensuse to F25. > > Today, I may have obtained a clue: > > I normally use firefox. > Today I got the following issue: > - searched in google for "python os.path" > - clicked on the first linked > https://docs.python.org/2/library/os.path.html > - nothing happened (tried many times) As a point of reference, that site comes up almost instantly for me on F25, running a custom compiled version of nightly (the rawhide of firefox). And also when I run the Fedora package version of Firefox (current as of yesterday). Given your description of what you've already tried to isolate the problem, I think it is something in your web access, either DNS or ISP. Another possibility; when web response is slow here, it is usually a traffic problem on the site I am accessing, that they are slowing down because of heavy usage, but I doubt that is the case for the python.org site. I don't see how switching distros could cause this; maybe someone else can think of a way. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
[F25] issue with SSL connexions: Failure of SSL transaction with
I often experience very slow internet surf. No idea where it comes from, just that it started when I switched from opensuse to F25. Today, I may have obtained a clue: I normally use firefox. Today I got the following issue: - searched in google for "python os.path" - clicked on the first linked https://docs.python.org/2/library/os.path.html - nothing happened (tried many times) - I removed all firefox cookies and cache -> same issue - I removed current firefox profile and created a new one -> same issue - I tried the search on a windows computer + firefox on the same internet connexion -> no issue - I did the same on fedora with konqueror -> no issue - again with konqueror -> got an error message: "Adresse : https://docs.python.org/2/library/os.path.html Protocole : https Date et heure : mercredi 22 mars 2017 16:47 Informations complémentaires : Échec de la négociation SSL avec docs.python.org" Which means: - again with konqueror -> error message: "Address: https://docs.python.org/2/library/os.path.html Protocol: https Date and time: Wednesday 22nd March 2017 16:47 Additionnal informations: Failure of SSL transaction with docs.python.org" I suspect that firefox has the same error but just does nothing. What does that mean? Frédéric ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
