[clug] ssl and https

Scott Ferguson scott.ferguson.clug at gmail.com
Mon Feb 28 03:58:10 MST 2011


On Mon, 28 Feb 2011 13:56:43 +1100 Brad Hards wrote:
> 
> On Mon, 28 Feb 2011 09:59:54 am dylan porter wrote:
>> > yeh it works with wired lan just not on wifi
> I still think this would be a lot easier if you'd made up a proper summary. So 
> I'll give it a go:
>  * all SSL/TLS sites (that you've tried) work over wired LAN
>  * some SSL/TLS sites work over wireless, but not all.
>  * you don't see some sites sometimes working - its deterministic by which 
> host you're trying to connect to.
>  * it doesn't seem to matter where you try to connect from (in terms of 
> wireless access point)
>  * it doesn't seem to matter what client (e.g. which browser) you use.
> 
> Any thing else?
> 
> The only thing I can think of is that this isn't an SSL problem at all. Does 
> your wireless device have an IPv6 address? Does your wired interface have an 
> IPv6 address?
> 
> Maybe you can try using wget with the --verbose option on a couple of sites 
> that do work, and a couple of sites that don't work, and comparing the 
> results. Of course, if you want us to help, you might care to post the results 
> of each.
> 
> Brad

Being able to connect using ethernet is interesting... (in the Chinese
sense).

Perhaps his wireless card has similar problems to the AMD NICs using
forcedeth (which have caused problems for me with S-HTTP, though
inconsistently)

I note that previously Dylan has stated that he can connect using
Windoof XP VirtualBox guest on a Ubuntu host (I "assumed" he meant while
using a wireless connection) - and still can't work out how that is
possible if the issue is the driver for the wireless connection - I
always "assumed" that even access to block devices by the guest are
limited by the host access...

In the last post I made on this thread I made a suggestion (#2) that the
results of a (specific) Google search result might be useful. Some of
the articles in the search results refer to issues with the local
certificates used by fffacebook and MSN in GNU Linux. Have those issues
(encountered by other Ubuntu users) been resolved?

Going back through again I can see where fffacebook is asking for a
local certificate - which I presumed I wouldn't be able to provide as I
don't have an account there (hence the suggestion to use gmail).

fffacebook and MSN use IPV6?
So changing the top layer impacts on the (lower) security layer?
XP supports IPV6?
Does Dylan's ISP?
Wouldn't the vm scenario require something um, strange, like tunneling
IPV6 through IPV4? :-x
I seem to recall https being introduced very recently on fffacebook
(result of founder account being hacked?) Is it possibly something to do
with a new certificate? Surely MSN uses an older certificate....

Is there anyone on this list who uses GNU Linux to connect to either of
the sites Dylan is interested in?

Certainly I'll be interested to see what wget yields that s_client doesn't.

Perhaps if Dylan is still with us he could post his full netstat results
and we can see if he has IPV6 enabled (default in Ubuntu?) and in use

So many questions.. :-)

Curiouser and curiouser






More information about the linux mailing list