Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)
Previous Next
Subject: SSL gurus! This one is for you. Please Help.
Feedback Type: Problem
Product Area: Domino Server
Technical Area: Error Message
Platform: ALL
Release: 8.5.1
Reproducible: Always

Need some analysis from an SSL guru. Have SSL configured with valid certificate on port 443. Issues with 99% of http clients trying to connect to the server using SSL. Ran wireshark trace. Info below. Seems to handshake and then stops shortly after.

Server IP 192.168.1.105
Client browser IP 192.168.0.102


No. Time Source Destination Protocol Info
1 0.000000 Intel_da:92:43 Broadcast ARP Who has 192.168.0.55? Tell 192.168.0.102

Frame 1 (42 bytes on wire, 42 bytes captured)
Ethernet II, Src: Intel_da:92:43 (00:0e:0c:da:92:43), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

No. Time Source Destination Protocol Info
2 0.002555 Cisco_29:4d:20 Intel_da:92:43 ARP 192.168.0.55 is at 00:1a:2f:29:4d:20

Frame 2 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_29:4d:20 (00:1a:2f:29:4d:20), Dst: Intel_da:92:43 (00:0e:0c:da:92:43)
Address Resolution Protocol (reply)

No. Time Source Destination Protocol Info
3 0.002577 192.168.0.102 192.168.1.105 TCP wafs > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460

Frame 3 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Intel_da:92:43 (00:0e:0c:da:92:43), Dst: Cisco_29:4d:20 (00:1a:2f:29:4d:20)
Internet Protocol, Src: 192.168.0.102 (192.168.0.102), Dst: 192.168.1.105 (192.168.1.105)
Transmission Control Protocol, Src Port: wafs (4049), Dst Port: https (443), Seq: 0, Len: 0
Source port: wafs (4049)
Destination port: https (443)
[Stream index: 0]
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x02 (SYN)
Window size: 65535
Checksum: 0x9222 [validation disabled]
Options: (8 bytes)

No. Time Source Destination Protocol Info
4 0.004550 192.168.1.105 192.168.0.102 TCP https > wafs [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460

Frame 4 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Cisco_29:4d:20 (00:1a:2f:29:4d:20), Dst: Intel_da:92:43 (00:0e:0c:da:92:43)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 192.168.0.102 (192.168.0.102)
Transmission Control Protocol, Src Port: https (443), Dst Port: wafs (4049), Seq: 0, Ack: 1, Len: 0
Source port: https (443)
Destination port: wafs (4049)
[Stream index: 0]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x12 (SYN, ACK)
Window size: 16384
Checksum: 0x2a16 [validation disabled]
Options: (8 bytes)
[SEQ/ACK analysis]

No. Time Source Destination Protocol Info
5 0.004602 192.168.0.102 192.168.1.105 TCP wafs > https [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 5 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_da:92:43 (00:0e:0c:da:92:43), Dst: Cisco_29:4d:20 (00:1a:2f:29:4d:20)
Internet Protocol, Src: 192.168.0.102 (192.168.0.102), Dst: 192.168.1.105 (192.168.1.105)
Transmission Control Protocol, Src Port: wafs (4049), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
Source port: wafs (4049)
Destination port: https (443)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65535
Checksum: 0x833a [validation disabled]
[SEQ/ACK analysis]

No. Time Source Destination Protocol Info
6 0.005521 192.168.0.102 192.168.1.105 SSLv3 Client Hello

Frame 6 (140 bytes on wire, 140 bytes captured)
Ethernet II, Src: Intel_da:92:43 (00:0e:0c:da:92:43), Dst: Cisco_29:4d:20 (00:1a:2f:29:4d:20)
Internet Protocol, Src: 192.168.0.102 (192.168.0.102), Dst: 192.168.1.105 (192.168.1.105)
Transmission Control Protocol, Src Port: wafs (4049), Dst Port: https (443), Seq: 1, Ack: 1, Len: 86
Source port: wafs (4049)
Destination port: https (443)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 87 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65535
Checksum: 0x8390 [validation disabled]
[SEQ/ACK analysis]
Secure Socket Layer
SSLv3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 81
Handshake Protocol: Client Hello

No. Time Source Destination Protocol Info
7 0.016759 192.168.1.105 192.168.0.102 SSLv3 Server Hello

Frame 7 (117 bytes on wire, 117 bytes captured)
Ethernet II, Src: Cisco_29:4d:20 (00:1a:2f:29:4d:20), Dst: Intel_da:92:43 (00:0e:0c:da:92:43)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 192.168.0.102 (192.168.0.102)
Transmission Control Protocol, Src Port: https (443), Dst Port: wafs (4049), Seq: 1, Ack: 87, Len: 63
Source port: https (443)
Destination port: wafs (4049)
[Stream index: 0]
Sequence number: 1 (relative sequence number)
[Next sequence number: 64 (relative sequence number)]
Acknowledgement number: 87 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65449
Checksum: 0xc2f1 [validation disabled]
[SEQ/ACK analysis]
Secure Socket Layer
SSLv3 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 58
Handshake Protocol: Server Hello

No. Time Source Destination Protocol Info
8 0.017161 192.168.1.105 192.168.0.102 SSLv3 Change Cipher Spec

Frame 8 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_29:4d:20 (00:1a:2f:29:4d:20), Dst: Intel_da:92:43 (00:0e:0c:da:92:43)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 192.168.0.102 (192.168.0.102)
Transmission Control Protocol, Src Port: https (443), Dst Port: wafs (4049), Seq: 64, Ack: 87, Len: 6
Source port: https (443)
Destination port: wafs (4049)
[Stream index: 0]
Sequence number: 64 (relative sequence number)
[Next sequence number: 70 (relative sequence number)]
Acknowledgement number: 87 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65449
Checksum: 0x8189 [validation disabled]
[SEQ/ACK analysis]
Secure Socket Layer
SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: SSL 3.0 (0x0300)
Length: 1
Change Cipher Spec Message

No. Time Source Destination Protocol Info
9 0.017192 192.168.0.102 192.168.1.105 TCP wafs > https [ACK] Seq=87 Ack=70 Win=65466 Len=0

Frame 9 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_da:92:43 (00:0e:0c:da:92:43), Dst: Cisco_29:4d:20 (00:1a:2f:29:4d:20)
Internet Protocol, Src: 192.168.0.102 (192.168.0.102), Dst: 192.168.1.105 (192.168.1.105)
Transmission Control Protocol, Src Port: wafs (4049), Dst Port: https (443), Seq: 87, Ack: 70, Len: 0
Source port: wafs (4049)
Destination port: https (443)
[Stream index: 0]
Sequence number: 87 (relative sequence number)
Acknowledgement number: 70 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65466
Checksum: 0x833a [validation disabled]
[SEQ/ACK analysis]

No. Time Source Destination Protocol Info
10 0.017655 192.168.1.105 192.168.0.102 SSLv3 Encrypted Handshake Message

Frame 10 (115 bytes on wire, 115 bytes captured)
Ethernet II, Src: Cisco_29:4d:20 (00:1a:2f:29:4d:20), Dst: Intel_da:92:43 (00:0e:0c:da:92:43)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 192.168.0.102 (192.168.0.102)
Transmission Control Protocol, Src Port: https (443), Dst Port: wafs (4049), Seq: 70, Ack: 87, Len: 61
Source port: https (443)
Destination port: wafs (4049)
[Stream index: 0]
Sequence number: 70 (relative sequence number)
[Next sequence number: 131 (relative sequence number)]
Acknowledgement number: 87 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65449
Checksum: 0xf9dc [validation disabled]
[SEQ/ACK analysis]
Secure Socket Layer
SSLv3 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 56
Handshake Protocol: Encrypted Handshake Message

No. Time Source Destination Protocol Info
11 0.018682 192.168.0.102 192.168.1.105 SSLv3 Change Cipher Spec, Encrypted Handshake Message

Frame 11 (121 bytes on wire, 121 bytes captured)
Ethernet II, Src: Intel_da:92:43 (00:0e:0c:da:92:43), Dst: Cisco_29:4d:20 (00:1a:2f:29:4d:20)
Internet Protocol, Src: 192.168.0.102 (192.168.0.102), Dst: 192.168.1.105 (192.168.1.105)
Transmission Control Protocol, Src Port: wafs (4049), Dst Port: https (443), Seq: 87, Ack: 131, Len: 67
Source port: wafs (4049)
Destination port: https (443)
[Stream index: 0]
Sequence number: 87 (relative sequence number)
[Next sequence number: 154 (relative sequence number)]
Acknowledgement number: 131 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65405
Checksum: 0x837d [validation disabled]
[SEQ/ACK analysis]
Secure Socket Layer
SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: SSL 3.0 (0x0300)
Length: 1
Change Cipher Spec Message
SSLv3 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 56
Handshake Protocol: Encrypted Handshake Message

No. Time Source Destination Protocol Info
12 0.019437 192.168.0.102 192.168.1.105 TCP wafs > https [FIN, ACK] Seq=154 Ack=131 Win=65405 Len=0

Frame 12 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_da:92:43 (00:0e:0c:da:92:43), Dst: Cisco_29:4d:20 (00:1a:2f:29:4d:20)
Internet Protocol, Src: 192.168.0.102 (192.168.0.102), Dst: 192.168.1.105 (192.168.1.105)
Transmission Control Protocol, Src Port: wafs (4049), Dst Port: https (443), Seq: 154, Ack: 131, Len: 0
Source port: wafs (4049)
Destination port: https (443)
[Stream index: 0]
Sequence number: 154 (relative sequence number)
Acknowledgement number: 131 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 65405
Checksum: 0x833a [validation disabled]

No. Time Source Destination Protocol Info
13 0.020928 192.168.1.105 192.168.0.102 TCP https > wafs [ACK] Seq=131 Ack=155 Win=65382 Len=0

Frame 13 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_29:4d:20 (00:1a:2f:29:4d:20), Dst: Intel_da:92:43 (00:0e:0c:da:92:43)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 192.168.0.102 (192.168.0.102)
Transmission Control Protocol, Src Port: https (443), Dst Port: wafs (4049), Seq: 131, Ack: 155, Len: 0
Source port: https (443)
Destination port: wafs (4049)
[Stream index: 0]
Sequence number: 131 (relative sequence number)
Acknowledgement number: 155 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65382
Checksum: 0x9657 [validation disabled]
[SEQ/ACK analysis]

No. Time Source Destination Protocol Info
14 0.021243 192.168.1.105 192.168.0.102 TCP https > wafs [FIN, ACK] Seq=131 Ack=155 Win=65382 Len=0

Frame 14 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_29:4d:20 (00:1a:2f:29:4d:20), Dst: Intel_da:92:43 (00:0e:0c:da:92:43)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 192.168.0.102 (192.168.0.102)
Transmission Control Protocol, Src Port: https (443), Dst Port: wafs (4049), Seq: 131, Ack: 155, Len: 0
Source port: https (443)
Destination port: wafs (4049)
[Stream index: 0]
Sequence number: 131 (relative sequence number)
Acknowledgement number: 155 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 65382
Checksum: 0x9656 [validation disabled]

No. Time Source Destination Protocol Info
15 0.021264 192.168.0.102 192.168.1.105 TCP wafs > https [ACK] Seq=155 Ack=132 Win=65405 Len=0

Frame 15 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_da:92:43 (00:0e:0c:da:92:43), Dst: Cisco_29:4d:20 (00:1a:2f:29:4d:20)
Internet Protocol, Src: 192.168.0.102 (192.168.0.102), Dst: 192.168.1.105 (192.168.1.105)
Transmission Control Protocol, Src Port: wafs (4049), Dst Port: https (443), Seq: 155, Ack: 132, Len: 0
Source port: wafs (4049)
Destination port: https (443)
[Stream index: 0]
Sequence number: 155 (relative sequence number)
Acknowledgement number: 132 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65405
Checksum: 0x833a [validation disabled]
[SEQ/ACK analysis]


Feedback number WEBB7WUHLM created by ~Kirk Xankikonyjip on 10/15/2009

Status: Open
Comments:

SSL gurus! This one is for you. Ple... (~Kirk Xankikony... 15.Oct.09)
. . Forwarded to development <> (~Dean Umkrother... 15.Oct.09)
. . . . fwd to development. This mean it is... (~Kirk Xankikony... 15.Oct.09)
. . . . . . No - Fwd to dev means that I am ask... (~Dean Umkrother... 16.Oct.09)
. . . . . . . . seems to be ssl certs created in Do... (~Kirk Xankikony... 19.Oct.09)




Printer-friendly

Search this forum

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS