that then let us
track back exactly what was going on.
Thanks for the input everyone!
Rob
On 29/04/2021 14:36, Rob Emery wrote:
Assuming your site is public facing, give this evaluation a try and
see if anything interesting is mentioned.
https://www.ssllabs.com/ssltest/
It is indeed
On 29/04/2021 17:51, Nick Folino wrote:
Can you look at the Hello in the capture to see if it is OK?
Certainly, it looks perfect to me (I've attached a screenie of the
Wireshark decode in-case I've missed something).
Thanks,
Rob
--
I actually thought your suggestion of a reverse proxy or load balancer
presenting a problem had merit. I still think that's a good question
so we know are we dealing with the error coming from a back end
apacheĀ or something in front of it.
Indeed, I think (excluding the packet itself
Apologies for the delay, been a crazy few days. Thanks for the reply.
Looking at common code paths that lead to a 400 error, I'd imagine two
possible scenarios:
1. Something is mangling the initial TLS hello, can you verify that
the raw packet makes sense?
2. Worker exhaustion, given that you
Assuming your site is public facing, give this evaluation a try and
see if anything interesting is mentioned.
https://www.ssllabs.com/ssltest/
It is indeed public and I've just run that. Nothing strikes me as weird
or unusual about it at all unfortunately:
Hiya Jim
Thanks for the reply.
> If not already included, you could include %{SSL_PROTOCOL}x
%{SSL_CIPHER}x in your request log and see if there is any commonality
in requests assuming the communication is open long enough for the
logging to occur or if the client's desired protocol and
Hiya Nick,
Thanks for the reply.
> Do the clients that fail always fail?
No, they work most of the time with the same settings (as confirmed with
a friendly integrator).
> Do they support the protocols you require?
Yes, with the exact same configuration on the clients they work on the
Hello,
We have a problem where intermittently users are getting a plaintext
400 Bad Request response in the middle of the TLS handshake (always
the 6th packet in the TCP stream); it happens about 1 in 40K requests
at current. As far as we can tell, there is no difference between a
successful
