You are not logged in.
- Topics: Active | Unanswered
#1 2006-06-29 02:56:02
- nsa141901
- Member
- Registered: 2006-06-26
- Posts: 21
openssl? problem with individual website?? [WORK AROUND]
Since the big update I have been unable to reach 1 website (http://www.hushmail.com, https://www.hushmail.com). Other websites using ssl or https like my bank's website have worked without problems. I have this issue with firefox and with konqueror, and given the other problems with the openssl package lately, it is probably related??? The website is up and running and it loads fine when I use an old knoppix CD with older packages.
I don't know how to get debug output for this problem so I can't post it here. Any ideas of what could be wrong, anyone? Or can anyone else who is up to date reach this website?
thanks
Offline
#2 2006-06-29 04:31:40
- Snowman
- Developer/Forum Fellow
- From: Montreal, Canada
- Registered: 2004-08-20
- Posts: 5,212
Re: openssl? problem with individual website?? [WORK AROUND]
I could load both (http://www.hushmail.com, https://www.hushmail.com here (firefox on up2date sytem). However they took a lot of time to load.
Offline
#3 2006-06-29 16:44:33
- nsa141901
- Member
- Registered: 2006-06-26
- Posts: 21
Re: openssl? problem with individual website?? [WORK AROUND]
thanks for the reply snowman. Are other people able to reach it without problems? Is there anything I should recompile against the new openssl package?
Offline
#4 2006-06-29 18:48:55
- JGC
- Developer
- Registered: 2003-12-03
- Posts: 1,664
Re: openssl? problem with individual website?? [WORK AROUND]
The website loads very slowly and then drops the connection, nothing that OpenSSL can help about. Also, firefox doesn't even use openssl, Firefox uses mozilla NSS instead.
Offline
#5 2006-06-29 19:42:51
- hudson
- Member
- Registered: 2004-07-06
- Posts: 78
Re: openssl? problem with individual website?? [WORK AROUND]
Got the same results here...
Offline
#6 2006-06-29 21:19:48
- nsa141901
- Member
- Registered: 2006-06-26
- Posts: 21
Re: openssl? problem with individual website?? [WORK AROUND]
Well, at least i'm not the only one, i guess. Thanks for testing hudson and JGC. Also thanks for pointing out the use of mozilla NSS, I did not know that.
Offline
#7 2006-06-30 22:15:21
- nsa141901
- Member
- Registered: 2006-06-26
- Posts: 21
Re: openssl? problem with individual website?? [WORK AROUND]
For whatever it's worth, downgrading to kernel 2.6.15 seems to have fixed the problem. Is it possible that the hushmail website sends some kind of irregularly formatted packets that don't play nice with the 2.6.17 kernel? I clearly don't know what i'm talking about, but if anyone else does, i'd be interested to know.
Offline
#8 2006-09-05 06:03:21
- nsa141901
- Member
- Registered: 2006-06-26
- Posts: 21
Re: openssl? problem with individual website?? [WORK AROUND]
Admins, you may want to move this thread to the kernel section.
Well, it appears this problem has to do with window scaling -- more specifically, certain boxes ignoring the window scaling parameter. When the kernel upgraded, the default window sizing was changed:
2.6.16: 4096 87380 174760
2.6.17: 4096 87380 2097152
As a workaround, I added this line to my /etc/rc.local:
echo 4096 87380 174760 > /proc/sys/net/ipv4/tcp_rmem
now hushmail.com works as it is supposed to with the latest kernel.
Lots more info here:
http://kerneltrap.org/node/6723
Offline