Https – Yeri Tiete https://yeri.be/tag/https/ Yeri Tiete's blog en © Yeri Tiete Fri, 18 Feb 2011 01:35:44 +0100 blog over ssl https://yeri.be/blog-over-ssl/ Fri, 18 Feb 2011 01:35:44 +0100 Yeri Tiete https://yeri.be/blog-over-ssl/ <p>Starting a SSL test on this domain as of today. Free cert by <a href="https://www.startssl.com/" target="_blank" rel="noopener noreferrer">StartSSL</a>.</p> <p>SSL is clearly the new hype, and this time I won&rsquo;t be last to join it! ;)</p> <p>Just going to check how much (if any) SSL slows down my site.</p> <p>Every <a href="https://yeri.be">http</a> requests gets automatically rewritten to <a href="https://yeri.be">https</a>.</p> Starting a SSL test on this domain as of today. Free cert by StartSSL.

SSL is clearly the new hype, and this time I won’t be last to join it! ;)

Just going to check how much (if any) SSL slows down my site.

Every http requests gets automatically rewritten to https.

]]> miscnetworkingwww tuinslakbloghttpsssl Linux gateway/router + unable to access certain (HTTPS) sites https://yeri.be/linux-gatewayrouter-unable-to-access-certain-https-sites/ Sat, 27 Feb 2010 13:56:47 +0100 Yeri Tiete https://yeri.be/linux-gatewayrouter-unable-to-access-certain-https-sites/ <p>I&rsquo;ve had an issue for a while, being unable to access certain websites such as <a href="https://fon.com" target="_blank"><a href="https://fon.com" target="_blank" rel="noopener noreferrer">https://fon.com</a></a>, but also certain parts of the Apple, Fortis and Microsoft site, while other (https) websites worked fine.</p> <p>Running Wireshark I found that only about 5ish packets got transferred, and all other data to that website abruptly stopped.</p> <p>I&rsquo;m using ADSL (<a href="http://www.edpnet.be/" target="_blank">EDPnet</a>), which has an MTU of 1492, however, I was able to access all websites from the router (using lynx, for example), but not from any other PC within the network.</p> I’ve had an issue for a while, being unable to access certain websites such as https://fon.com, but also certain parts of the Apple, Fortis and Microsoft site, while other (https) websites worked fine.

Running Wireshark I found that only about 5ish packets got transferred, and all other data to that website abruptly stopped.

I’m using ADSL (EDPnet), which has an MTU of 1492, however, I was able to access all websites from the router (using lynx, for example), but not from any other PC within the network.

# ifconfig ppp0
ppp0      Link encap:Point-to-Point Protocol
inet addr:85.234.196.57  P-t-P:85.234.196.1  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492 Metric:1
RX packets:38804442 errors:0 dropped:0 overruns:0 frame:0
TX packets:28930886 errors:0 dropped:5020 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:45941523311 (42.7 GiB)  TX bytes:2887926670 (2.6 GiB)

As it had worked before without any issues, I was more thinking about a kernel problem (or a module of it), however, stripping down unnecessary modules and updating my kernel a few times didn't resolve the issue. I even booted an old kernel I had still lying around from when I could access the websites. However, all these attempts were in vain.

Thinking it might have been a firewall issue, I flushed all my iptables rules, and started over from scratch. However, this too didn’t solve my issue.

When I VPN’ed or used my Macbook Pro directly as PPPoE device (by-passing the Gentoo router) I was able to access all the websites as well.

After being close to giving up, I found the following iptables rule:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -t mangle

And try again.

This did solve my issue. :)

This is because the default 100mbit MTU is 1500, instead of 1492 for PPPoE.

http://www.edpnet.be/
]]> errorslinuxnetworking linuxhttpsmturouter