On 10/16/2019 3:03 AM, Keith Moore wrote:
On 10/15/19 11:30 PM, Hector Santos wrote:
What I am seeing for the first time ever in HTTP history, HTTP comm
I/O is ok, HTTPS is degraded by the ISP if self-signed.
How do you know that it's the ISP that's doing the degrading?
I provided detailed info off-list, but you're right. I don't know for
sure, but the ISP escalation engineer has acknowledged the HTTPS
degradation problem is occurring with WAN comm I/O. Not LAN comm I/O,
and only HTTPS. HTTP is fine.
I am trying to get a handle on it. Technically, at this point, it
appears when CA-signed certs are used or a HTTP 1.1 persistent socket
connection is in play, this "mysterious," passive network security
proxy degradation problem disappears. It appears to be new, isolated
and experimental with my small biz as a guinea pig.
If SMTP operations evolve to where similar enforcement with CA-signed
certs occurs, we probably won't see much of a degradation to notice
anything since for the most part, it is a single-shot transfer of a
payload. But with HTTPS, a page can have 10s, 100s of requests to
complete the page display.
ietf-smtp mailing list