hmm I don't ever get an open connection in firefox, this doesn't seem to be a problem other pages, i.e. gmail with GTalk works fine, facebook and all the messaging there works fine too. The only time I've ever seen the authentication I got with wave is when I've had facebook open too long and I think http requests get out of sync, generally this means I have to restart firefox and everything starts working fine again.
https://docs.google.com/open?id=0B5FF_Ld8SzsNN2JXSVIwdzM2Q3M https://docs.google.com/open?id=0B5FF_Ld8SzsNOV95TF9IeXZ2VGc Basically I can't open wave from behind a proxy in any configuration, I'm not sure this should be the standard behaviour, esp when most sites seem to be fine, are there any sites I could provide the wireshark trace for that we could use as a comparison? Regards hegsie On Tue, Sep 25, 2012 at 9:43 AM, Ali Lown <[email protected]> wrote: > The firefox logs do show the attempts to authenticate (which is more > than Chrome tries) at (say) #193,#194,#203,#204,#205,#213 which is a > succesful login (I assume to open the connection for the page, since > it is followed by #214 (TLSv1 Client Hello). > > The Websocket attempts (I think) look like #1841,#1842,#1850,#1851 > which are failing for some reason. > > However, it isn't a problem with Wave, rather a potential bug in > Chrome (since it doesn't even attempt to authenticate) and an > overly-restrictive (for no good reason) corporate firewall (Might I > suggest a VPN, or SSH tunnel to somewhere less restrictive). > > Ali > > (Interestingly, does GTalk work since it gets a 502 for attempting to > use a non-standard SSL'd port. You also seem to have some problematic > bit of software attempting to connect to https://uk.bp.com which fails > since the DNS records are invalid). > > On 25 September 2012 09:27, Ben Hegarty <[email protected]> wrote: > > ok hopefuly this one is cleaner for firefox, though I have to add that > > firefox keeps asking for my credentials and no matter how many times I > > enter them it just keeps returning asking for them again... then after a > > while I just get a turbulence detected... > > > > https://docs.google.com/open?id=0B5FF_Ld8SzsNUDVlN0RyQjU2Vkk > > > > hegsie > > > > On Tue, Sep 25, 2012 at 9:19 AM, Ali Lown <[email protected]> wrote: > > > >> In the chrome logs (original: #144, new: #344), in the firefox logs > >> #274 show a 407 response to the attempt to CONNECT to > >> wave.eezysys.co.uk:443. > >> > >> I would expect to possibly see a 407 once, at which stage the browser > >> should then re-attempt the connection with the proxy credentials (as > >> described here[1], but I see no attempts to authenticate. > >> > >> Does the actual page load in this situation? Do other secure sites load? > >> > >> Ali > >> > >> [1]: > >> > http://tmgblog.richardhicks.com/2011/08/29/access-to-the-web-proxy-filter-on-forefront-tmg-2010-is-denied/ > >> > >> On 25 September 2012 09:05, Ben Hegarty <[email protected]> wrote: > >> > Hey Ali, > >> > Was looking over the chrome capture and I'm not sure that the one > below > >> is > >> > very clean so I performed it again... > >> > > >> > https://docs.google.com/open?id=0B5FF_Ld8SzsNWG5rd0d0UnZVQU0 > >> > > >> > Regards > >> > hegsie > >> > > >> > On Tue, Sep 25, 2012 at 8:53 AM, Ben Hegarty <[email protected]> > wrote: > >> > > >> >> Hey Ali, > >> >> I've tested this again with firefox to no avail... > >> >> > >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNaGFVV2NabEd0RFU > >> >> > >> >> and with chrome... > >> >> > >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNdmw5aThEZXF1U0k > >> >> > >> >> Regards > >> >> hegsie > >> >> > >> >> > >> >> On Mon, Sep 24, 2012 at 9:19 PM, Ben Hegarty <[email protected]> > wrote: > >> >> > >> >>> Ok, will do when I'm back behind the firewall tomorrow, I'll let you > >> know > >> >>> how it goes. > >> >>> Cheers > >> >>> > >> >>> > >> >>> On Monday, September 24, 2012, Ali Lown wrote: > >> >>> > >> >>>> If you would like to test it again now/tomorrow? > >> >>>> > >> >>>> It took a few hours longer than I expected because I had to stop > and > >> >>>> write a patch for Wave (and have dinner, and everything else) to > make > >> >>>> it work. > >> >>>> > >> >>>> This should have all traffic going over port 443, so if you check > in > >> >>>> Wireshark all you should see is some TLS traffic to 71.19.144.245. > >> >>>> > >> >>>> Ali > >> >>>> > >> >>>> On 24 September 2012 17:18, Ben Hegarty <[email protected]> wrote: > >> >>>> > Whenever you get a chance to do that I'll be happy to retest :) > >> >>>> > Thanks again > >> >>>> > > >> >>>> > On Mon, Sep 24, 2012 at 5:14 PM, Ali Lown <[email protected]> > wrote: > >> >>>> > > >> >>>> >> Yes, packet #46 because I try to make you connect over 9898. > >> >>>> >> (This is because I have the configuration mis-setup, but didn't > >> want > >> >>>> >> to reboot the wave server to fix it). > >> >>>> >> > >> >>>> >> I can move it so that websockets goes over 443, then I will let > you > >> >>>> >> try again. (At which time it should work fine). > >> >>>> >> > >> >>>> >> On 24 September 2012 17:09, Ben Hegarty <[email protected]> > wrote: > >> >>>> >> > https://docs.google.com/open?id=0B5FF_Ld8SzsNMnlmZkZWZWtEQ28 > >> >>>> >> > > >> >>>> >> > Looks like you're right there Ali I'm seeing port not allowed > in > >> >>>> the http > >> >>>> >> > packets > >> >>>> >> > Cheers > >> >>>> >> > > >> >>>> >> > On Mon, Sep 24, 2012 at 5:03 PM, Ali Lown <[email protected]> > >> wrote: > >> >>>> >> > > >> >>>> >> >> Yes. > >> >>>> >> >> > >> >>>> >> >> On 24 September 2012 17:01, Ben Hegarty <[email protected]> > >> wrote: > >> >>>> >> >> > Sure I can try there too, is it still set with the same > dets? > >> >>>> >> >> > Regards > >> >>>> >> >> > > >> >>>> >> >> > > >> >>>> >> >> > On Mon, Sep 24, 2012 at 4:59 PM, Ali Lown <[email protected]> > >> >>>> wrote: > >> >>>> >> >> > > >> >>>> >> >> >> Extracting the data as raw bytes from the first Websocket > >> >>>> response > >> >>>> >> >> >> packet (#95) gives us the following HTML page (attached). > >> >>>> >> >> >> > >> >>>> >> >> >> So, it is _definitely_ an issue with your proxy server not > >> >>>> >> >> >> understanding the Websockets. > >> >>>> >> >> >> > >> >>>> >> >> >> For more information on exactly how they work, a good > article > >> >>>> would > >> >>>> >> >> >> be: http://lucumr.pocoo.org/2012/9/24/websockets-101/ > >> >>>> >> >> >> "The protocol went through many iterations and basically > had > >> to > >> >>>> be > >> >>>> >> >> >> changed multiple times because of unforeseen security > >> problems > >> >>>> that > >> >>>> >> >> >> came up with misbehaving proxies." seems to sum-up the > >> problem. > >> >>>> >> >> >> > >> >>>> >> >> >> Ali > >> >>>> >> >> >> > >> >>>> >> >> >> NB: When you tried on my server ( > https://wave.eezysys.co.uk > >> ), > >> >>>> I am > >> >>>> >> >> >> less certain as to why it failed there given all the > traffic > >> is > >> >>>> >> >> >> encrypted. (Unless your company proxy is terminating my > SSL > >> >>>> >> >> >> connection, performing DPI on the now-decrypted data, and > >> then > >> >>>> >> >> >> re-encrypting it before presenting it to you) > >> >>>> >> >> >> Could you do a wireshark capture for that server as well? > >> >>>> >> >> >> Actually, it might be because my server still tries to > use a > >> >>>> >> >> >> non-standard port for the websockets, and it is quite > likely > >> >>>> you have > >> >>>> >> >> >> most outgoing ports blocked. > >> >>>> >> >> >> > >> >>>> >> >> >> On 24 September 2012 16:42, Ben Hegarty <[email protected] > > > >> >>>> wrote: > >> >>>> >> >> >> > Hey Ali, > >> >>>> >> >> >> > Basically I get 'A turbulance' after logging in and > never > >> go > >> >>>> online > >> >>>> >> >> and > >> >>>> >> >> >> no > >> >>>> >> >> >> > wave data is saved down, you just see 'Unsaved all the > >> time'.. > >> >>>> >> >> >> > I've uploaded the wireshark trace to the following > >> location :) > >> >>>> >> >> >> > > >> >>>> >> >> >> > > >> https://docs.google.com/open?id=0B5FF_Ld8SzsNMm5oOGJXajlOV00 > >> >>>> >> >> >> > > >> >>>> >> >> >> > HTH > >> >>>> >> >> >> > > >> >>>> > >> >>> > >> >>> > >> >>> -- > >> >>> Mobile Phone: +447767-322-122 > >> >>> Work Phone: +4420 79485612 > >> >>> > >> >>> > >> >> > >> >> > >> >> -- > >> >> Mobile Phone: +447767-322-122 > >> >> Work Phone: +4420 79485612 > >> >> > >> >> > >> > > >> > > >> > -- > >> > Mobile Phone: +447767-322-122 > >> > Work Phone: +4420 79485612 > >> > > > > > > > > -- > > Mobile Phone: +447767-322-122 > > Work Phone: +4420 79485612 > -- Mobile Phone: +447767-322-122 Work Phone: +4420 79485612
