The firefox logs do show the attempts to authenticate (which is more than Chrome tries) at (say) #193,#194,#203,#204,#205,#213 which is a succesful login (I assume to open the connection for the page, since it is followed by #214 (TLSv1 Client Hello).
The Websocket attempts (I think) look like #1841,#1842,#1850,#1851 which are failing for some reason. However, it isn't a problem with Wave, rather a potential bug in Chrome (since it doesn't even attempt to authenticate) and an overly-restrictive (for no good reason) corporate firewall (Might I suggest a VPN, or SSH tunnel to somewhere less restrictive). Ali (Interestingly, does GTalk work since it gets a 502 for attempting to use a non-standard SSL'd port. You also seem to have some problematic bit of software attempting to connect to https://uk.bp.com which fails since the DNS records are invalid). On 25 September 2012 09:27, Ben Hegarty <heg...@gmail.com> wrote: > ok hopefuly this one is cleaner for firefox, though I have to add that > firefox keeps asking for my credentials and no matter how many times I > enter them it just keeps returning asking for them again... then after a > while I just get a turbulence detected... > > https://docs.google.com/open?id=0B5FF_Ld8SzsNUDVlN0RyQjU2Vkk > > hegsie > > On Tue, Sep 25, 2012 at 9:19 AM, Ali Lown <a...@lown.me.uk> wrote: > >> In the chrome logs (original: #144, new: #344), in the firefox logs >> #274 show a 407 response to the attempt to CONNECT to >> wave.eezysys.co.uk:443. >> >> I would expect to possibly see a 407 once, at which stage the browser >> should then re-attempt the connection with the proxy credentials (as >> described here[1], but I see no attempts to authenticate. >> >> Does the actual page load in this situation? Do other secure sites load? >> >> Ali >> >> [1]: >> http://tmgblog.richardhicks.com/2011/08/29/access-to-the-web-proxy-filter-on-forefront-tmg-2010-is-denied/ >> >> On 25 September 2012 09:05, Ben Hegarty <heg...@gmail.com> wrote: >> > Hey Ali, >> > Was looking over the chrome capture and I'm not sure that the one below >> is >> > very clean so I performed it again... >> > >> > https://docs.google.com/open?id=0B5FF_Ld8SzsNWG5rd0d0UnZVQU0 >> > >> > Regards >> > hegsie >> > >> > On Tue, Sep 25, 2012 at 8:53 AM, Ben Hegarty <heg...@gmail.com> wrote: >> > >> >> Hey Ali, >> >> I've tested this again with firefox to no avail... >> >> >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNaGFVV2NabEd0RFU >> >> >> >> and with chrome... >> >> >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNdmw5aThEZXF1U0k >> >> >> >> Regards >> >> hegsie >> >> >> >> >> >> On Mon, Sep 24, 2012 at 9:19 PM, Ben Hegarty <heg...@gmail.com> wrote: >> >> >> >>> Ok, will do when I'm back behind the firewall tomorrow, I'll let you >> know >> >>> how it goes. >> >>> Cheers >> >>> >> >>> >> >>> On Monday, September 24, 2012, Ali Lown wrote: >> >>> >> >>>> If you would like to test it again now/tomorrow? >> >>>> >> >>>> It took a few hours longer than I expected because I had to stop and >> >>>> write a patch for Wave (and have dinner, and everything else) to make >> >>>> it work. >> >>>> >> >>>> This should have all traffic going over port 443, so if you check in >> >>>> Wireshark all you should see is some TLS traffic to 71.19.144.245. >> >>>> >> >>>> Ali >> >>>> >> >>>> On 24 September 2012 17:18, Ben Hegarty <heg...@gmail.com> wrote: >> >>>> > Whenever you get a chance to do that I'll be happy to retest :) >> >>>> > Thanks again >> >>>> > >> >>>> > On Mon, Sep 24, 2012 at 5:14 PM, Ali Lown <a...@lown.me.uk> wrote: >> >>>> > >> >>>> >> Yes, packet #46 because I try to make you connect over 9898. >> >>>> >> (This is because I have the configuration mis-setup, but didn't >> want >> >>>> >> to reboot the wave server to fix it). >> >>>> >> >> >>>> >> I can move it so that websockets goes over 443, then I will let you >> >>>> >> try again. (At which time it should work fine). >> >>>> >> >> >>>> >> On 24 September 2012 17:09, Ben Hegarty <heg...@gmail.com> wrote: >> >>>> >> > https://docs.google.com/open?id=0B5FF_Ld8SzsNMnlmZkZWZWtEQ28 >> >>>> >> > >> >>>> >> > Looks like you're right there Ali I'm seeing port not allowed in >> >>>> the http >> >>>> >> > packets >> >>>> >> > Cheers >> >>>> >> > >> >>>> >> > On Mon, Sep 24, 2012 at 5:03 PM, Ali Lown <a...@lown.me.uk> >> wrote: >> >>>> >> > >> >>>> >> >> Yes. >> >>>> >> >> >> >>>> >> >> On 24 September 2012 17:01, Ben Hegarty <heg...@gmail.com> >> wrote: >> >>>> >> >> > Sure I can try there too, is it still set with the same dets? >> >>>> >> >> > Regards >> >>>> >> >> > >> >>>> >> >> > >> >>>> >> >> > On Mon, Sep 24, 2012 at 4:59 PM, Ali Lown <a...@lown.me.uk> >> >>>> wrote: >> >>>> >> >> > >> >>>> >> >> >> Extracting the data as raw bytes from the first Websocket >> >>>> response >> >>>> >> >> >> packet (#95) gives us the following HTML page (attached). >> >>>> >> >> >> >> >>>> >> >> >> So, it is _definitely_ an issue with your proxy server not >> >>>> >> >> >> understanding the Websockets. >> >>>> >> >> >> >> >>>> >> >> >> For more information on exactly how they work, a good article >> >>>> would >> >>>> >> >> >> be: http://lucumr.pocoo.org/2012/9/24/websockets-101/ >> >>>> >> >> >> "The protocol went through many iterations and basically had >> to >> >>>> be >> >>>> >> >> >> changed multiple times because of unforeseen security >> problems >> >>>> that >> >>>> >> >> >> came up with misbehaving proxies." seems to sum-up the >> problem. >> >>>> >> >> >> >> >>>> >> >> >> Ali >> >>>> >> >> >> >> >>>> >> >> >> NB: When you tried on my server (https://wave.eezysys.co.uk >> ), >> >>>> I am >> >>>> >> >> >> less certain as to why it failed there given all the traffic >> is >> >>>> >> >> >> encrypted. (Unless your company proxy is terminating my SSL >> >>>> >> >> >> connection, performing DPI on the now-decrypted data, and >> then >> >>>> >> >> >> re-encrypting it before presenting it to you) >> >>>> >> >> >> Could you do a wireshark capture for that server as well? >> >>>> >> >> >> Actually, it might be because my server still tries to use a >> >>>> >> >> >> non-standard port for the websockets, and it is quite likely >> >>>> you have >> >>>> >> >> >> most outgoing ports blocked. >> >>>> >> >> >> >> >>>> >> >> >> On 24 September 2012 16:42, Ben Hegarty <heg...@gmail.com> >> >>>> wrote: >> >>>> >> >> >> > Hey Ali, >> >>>> >> >> >> > Basically I get 'A turbulance' after logging in and never >> go >> >>>> online >> >>>> >> >> and >> >>>> >> >> >> no >> >>>> >> >> >> > wave data is saved down, you just see 'Unsaved all the >> time'.. >> >>>> >> >> >> > I've uploaded the wireshark trace to the following >> location :) >> >>>> >> >> >> > >> >>>> >> >> >> > >> https://docs.google.com/open?id=0B5FF_Ld8SzsNMm5oOGJXajlOV00 >> >>>> >> >> >> > >> >>>> >> >> >> > HTH >> >>>> >> >> >> > >> >>>> >> >>> >> >>> >> >>> -- >> >>> Mobile Phone: +447767-322-122 >> >>> Work Phone: +4420 79485612 >> >>> >> >>> >> >> >> >> >> >> -- >> >> Mobile Phone: +447767-322-122 >> >> Work Phone: +4420 79485612 >> >> >> >> >> > >> > >> > -- >> > Mobile Phone: +447767-322-122 >> > Work Phone: +4420 79485612 >> > > > > -- > Mobile Phone: +447767-322-122 > Work Phone: +4420 79485612
