Linda
I get this all the time with a small number of websites of which the one
I use most is ietf.org website.
I can see that the html for the page downloads as does the Certificate
Revocation List for the certificates that SSL using and then the session
hangs, for hours. Turning off CRL checking beforehand, and so weakening
the security of the connection, always allows access.
Further, selecting 'Stop' on the browser and then clicking 'Refresh'
often bypasses the problem but the timing of the second step is
critical; this suggests that SSL session resumption has a role in this.
My browser is Internet Explorer (what else?:-).
Tom Petch
(not an https expert)
----- Original Message -----
From: "Barry Leiba" <barryleiba(_at_)computer(_dot_)org>
To: "Linda Dunbar" <linda(_dot_)dunbar(_at_)huawei(_dot_)com>
Cc: "IETF Discussion" <ietf(_at_)ietf(_dot_)org>
Sent: Wednesday, December 11, 2013 7:17 PM
Does anyone know potential causes of a device that can connect remote
peers
via “http” but can’t connect to remote peers via “https”? e.g. can’t
reach
https://mail.google.com/.., but can reach http://www.google.com,
whereas
other devices can reach both sites. So it is not issue at remote
peer, it
is the local device issue.
I presume the difference in domain names is a typo, and you meant the
same domain name for both.
In any case, "can't connect" and "can't reach" aren't specific enough
to do any problem determination. Is the problem one of these?:
- Tries to connect to port 443, and the connection attempt times out.
- Connects to port 443, and fails in attempting the TLS handshake.
- Understands the TLS handshake, but doesn't accept the server's
certificate.
...or is it something else? What, exactly, is the failure?
Barry