I'm currently on vacation, I'll send you a wireshark dump when I'm back (assuming that Eitan hasn't solved it by then ;)).
Thanks for your help so far. On Tue, Mar 11, 2014 at 10:49 AM, Daniel Kahn Gillmor <[email protected] > wrote: > On 03/10/2014 07:17 PM, Austin English wrote: > > An example URL: > > http://www.bbc.co.uk/news/magazine-25816000 which then redirects to > > http://www.bbc.com/news/magazine-25816000 > > Interesting, i'm not seeing this behavior at all on my end. i wonder if > it's particular to your network path. > > > See the attached screenshot (slightly edited for privacy reasons). > > > > @Daniel, I'm not sure how to get the IP address of the server being used. > > Running host on those domains returns several IPs..any tips? > > one thing you could do is to run tcpdump or wireshark to capture your > own traffic when the web page is visited; then inspect the traffic (e.g. > with wireshark) to see which server sends a "CertificateRequest" TLS > message. > > to start capturing packets with tcpdump to a file named debug.pcap if > your network interface is named "eth0", do: > > tcpdump -w debug.pcap -i eth0 -s 2048 'tcp port 443' > > (you might need to have superuser privileges to run tcpdump like this) > > then as your regular user, visit the web page to get it to trigger the > certificate request in your browser. > > then hit Ctrl-C in the terminal running tcpdump. > > as a regular user, you can point wireshark at that packet dump to > inspect it. If you are comfortable sharing it privately, and you want > help investigating it, you can send it to me off-list and i'll take a > look at it with you. > > > One other important thing I just noticed. The BBC (partial) rule is > enabled > > (by default), but BBC.com (false MCB) is not. Enabling that rule the > gives > > me https bbc.com urls, but Firefox warns me that the page is only > partially > > encryped. The page still pops up the certificate dialog, however. > > yep, they've definitely got a mixed-content problem at the BBC :( > > hth, > > --dkg > > -- -Austin
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
