What does http://websocketstest.com report? (Just link the report id) On 25 Sep 2012 10:07, "Ben Hegarty" <heg...@gmail.com> wrote:
> hmm I don't ever get an open connection in firefox, this doesn't seem to be > a problem other pages, i.e. gmail with GTalk works fine, facebook and all > the messaging there works fine too. The only time I've ever seen the > authentication I got with wave is when I've had facebook open too long and > I think http requests get out of sync, generally this means I have to > restart firefox and everything starts working fine again. > > https://docs.google.com/open?id=0B5FF_Ld8SzsNN2JXSVIwdzM2Q3M > https://docs.google.com/open?id=0B5FF_Ld8SzsNOV95TF9IeXZ2VGc > > Basically I can't open wave from behind a proxy in any configuration, I'm > not sure this should be the standard behaviour, esp when most sites seem to > be fine, are there any sites I could provide the wireshark trace for that > we could use as a comparison? > > Regards > hegsie > > On Tue, Sep 25, 2012 at 9:43 AM, Ali Lown <a...@lown.me.uk> wrote: > > > The firefox logs do show the attempts to authenticate (which is more > > than Chrome tries) at (say) #193,#194,#203,#204,#205,#213 which is a > > succesful login (I assume to open the connection for the page, since > > it is followed by #214 (TLSv1 Client Hello). > > > > The Websocket attempts (I think) look like #1841,#1842,#1850,#1851 > > which are failing for some reason. > > > > However, it isn't a problem with Wave, rather a potential bug in > > Chrome (since it doesn't even attempt to authenticate) and an > > overly-restrictive (for no good reason) corporate firewall (Might I > > suggest a VPN, or SSH tunnel to somewhere less restrictive). > > > > Ali > > > > (Interestingly, does GTalk work since it gets a 502 for attempting to > > use a non-standard SSL'd port. You also seem to have some problematic > > bit of software attempting to connect to https://uk.bp.com which fails > > since the DNS records are invalid). > > > > On 25 September 2012 09:27, Ben Hegarty <heg...@gmail.com> wrote: > > > ok hopefuly this one is cleaner for firefox, though I have to add that > > > firefox keeps asking for my credentials and no matter how many times I > > > enter them it just keeps returning asking for them again... then after > a > > > while I just get a turbulence detected... > > > > > > https://docs.google.com/open?id=0B5FF_Ld8SzsNUDVlN0RyQjU2Vkk > > > > > > hegsie > > > > > > On Tue, Sep 25, 2012 at 9:19 AM, Ali Lown <a...@lown.me.uk> wrote: > > > > > >> In the chrome logs (original: #144, new: #344), in the firefox logs > > >> #274 show a 407 response to the attempt to CONNECT to > > >> wave.eezysys.co.uk:443. > > >> > > >> I would expect to possibly see a 407 once, at which stage the browser > > >> should then re-attempt the connection with the proxy credentials (as > > >> described here[1], but I see no attempts to authenticate. > > >> > > >> Does the actual page load in this situation? Do other secure sites > load? > > >> > > >> Ali > > >> > > >> [1]: > > >> > > > http://tmgblog.richardhicks.com/2011/08/29/access-to-the-web-proxy-filter-on-forefront-tmg-2010-is-denied/ > > >> > > >> On 25 September 2012 09:05, Ben Hegarty <heg...@gmail.com> wrote: > > >> > Hey Ali, > > >> > Was looking over the chrome capture and I'm not sure that the one > > below > > >> is > > >> > very clean so I performed it again... > > >> > > > >> > https://docs.google.com/open?id=0B5FF_Ld8SzsNWG5rd0d0UnZVQU0 > > >> > > > >> > Regards > > >> > hegsie > > >> > > > >> > On Tue, Sep 25, 2012 at 8:53 AM, Ben Hegarty <heg...@gmail.com> > > wrote: > > >> > > > >> >> Hey Ali, > > >> >> I've tested this again with firefox to no avail... > > >> >> > > >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNaGFVV2NabEd0RFU > > >> >> > > >> >> and with chrome... > > >> >> > > >> >> https://docs.google.com/open?id=0B5FF_Ld8SzsNdmw5aThEZXF1U0k > > >> >> > > >> >> Regards > > >> >> hegsie > > >> >> > > >> >> > > >> >> On Mon, Sep 24, 2012 at 9:19 PM, Ben Hegarty <heg...@gmail.com> > > wrote: > > >> >> > > >> >>> Ok, will do when I'm back behind the firewall tomorrow, I'll let > you > > >> know > > >> >>> how it goes. > > >> >>> Cheers > > >> >>> > > >> >>> > > >> >>> On Monday, September 24, 2012, Ali Lown wrote: > > >> >>> > > >> >>>> If you would like to test it again now/tomorrow? > > >> >>>> > > >> >>>> It took a few hours longer than I expected because I had to stop > > and > > >> >>>> write a patch for Wave (and have dinner, and everything else) to > > make > > >> >>>> it work. > > >> >>>> > > >> >>>> This should have all traffic going over port 443, so if you check > > in > > >> >>>> Wireshark all you should see is some TLS traffic to > 71.19.144.245. > > >> >>>> > > >> >>>> Ali > > >> >>>> > > >> >>>> On 24 September 2012 17:18, Ben Hegarty <heg...@gmail.com> > wrote: > > >> >>>> > Whenever you get a chance to do that I'll be happy to retest :) > > >> >>>> > Thanks again > > >> >>>> > > > >> >>>> > On Mon, Sep 24, 2012 at 5:14 PM, Ali Lown <a...@lown.me.uk> > > wrote: > > >> >>>> > > > >> >>>> >> Yes, packet #46 because I try to make you connect over 9898. > > >> >>>> >> (This is because I have the configuration mis-setup, but > didn't > > >> want > > >> >>>> >> to reboot the wave server to fix it). > > >> >>>> >> > > >> >>>> >> I can move it so that websockets goes over 443, then I will > let > > you > > >> >>>> >> try again. (At which time it should work fine). > > >> >>>> >> > > >> >>>> >> On 24 September 2012 17:09, Ben Hegarty <heg...@gmail.com> > > wrote: > > >> >>>> >> > > https://docs.google.com/open?id=0B5FF_Ld8SzsNMnlmZkZWZWtEQ28 > > >> >>>> >> > > > >> >>>> >> > Looks like you're right there Ali I'm seeing port not > allowed > > in > > >> >>>> the http > > >> >>>> >> > packets > > >> >>>> >> > Cheers > > >> >>>> >> > > > >> >>>> >> > On Mon, Sep 24, 2012 at 5:03 PM, Ali Lown <a...@lown.me.uk> > > >> wrote: > > >> >>>> >> > > > >> >>>> >> >> Yes. > > >> >>>> >> >> > > >> >>>> >> >> On 24 September 2012 17:01, Ben Hegarty <heg...@gmail.com> > > >> wrote: > > >> >>>> >> >> > Sure I can try there too, is it still set with the same > > dets? > > >> >>>> >> >> > Regards > > >> >>>> >> >> > > > >> >>>> >> >> > > > >> >>>> >> >> > On Mon, Sep 24, 2012 at 4:59 PM, Ali Lown < > a...@lown.me.uk> > > >> >>>> wrote: > > >> >>>> >> >> > > > >> >>>> >> >> >> Extracting the data as raw bytes from the first > Websocket > > >> >>>> response > > >> >>>> >> >> >> packet (#95) gives us the following HTML page > (attached). > > >> >>>> >> >> >> > > >> >>>> >> >> >> So, it is _definitely_ an issue with your proxy server > not > > >> >>>> >> >> >> understanding the Websockets. > > >> >>>> >> >> >> > > >> >>>> >> >> >> For more information on exactly how they work, a good > > article > > >> >>>> would > > >> >>>> >> >> >> be: http://lucumr.pocoo.org/2012/9/24/websockets-101/ > > >> >>>> >> >> >> "The protocol went through many iterations and basically > > had > > >> to > > >> >>>> be > > >> >>>> >> >> >> changed multiple times because of unforeseen security > > >> problems > > >> >>>> that > > >> >>>> >> >> >> came up with misbehaving proxies." seems to sum-up the > > >> problem. > > >> >>>> >> >> >> > > >> >>>> >> >> >> Ali > > >> >>>> >> >> >> > > >> >>>> >> >> >> NB: When you tried on my server ( > > https://wave.eezysys.co.uk > > >> ), > > >> >>>> I am > > >> >>>> >> >> >> less certain as to why it failed there given all the > > traffic > > >> is > > >> >>>> >> >> >> encrypted. (Unless your company proxy is terminating my > > SSL > > >> >>>> >> >> >> connection, performing DPI on the now-decrypted data, > and > > >> then > > >> >>>> >> >> >> re-encrypting it before presenting it to you) > > >> >>>> >> >> >> Could you do a wireshark capture for that server as > well? > > >> >>>> >> >> >> Actually, it might be because my server still tries to > > use a > > >> >>>> >> >> >> non-standard port for the websockets, and it is quite > > likely > > >> >>>> you have > > >> >>>> >> >> >> most outgoing ports blocked. > > >> >>>> >> >> >> > > >> >>>> >> >> >> On 24 September 2012 16:42, Ben Hegarty < > heg...@gmail.com > > > > > >> >>>> wrote: > > >> >>>> >> >> >> > Hey Ali, > > >> >>>> >> >> >> > Basically I get 'A turbulance' after logging in and > > never > > >> go > > >> >>>> online > > >> >>>> >> >> and > > >> >>>> >> >> >> no > > >> >>>> >> >> >> > wave data is saved down, you just see 'Unsaved all the > > >> time'.. > > >> >>>> >> >> >> > I've uploaded the wireshark trace to the following > > >> location :) > > >> >>>> >> >> >> > > > >> >>>> >> >> >> > > > >> https://docs.google.com/open?id=0B5FF_Ld8SzsNMm5oOGJXajlOV00 > > >> >>>> >> >> >> > > > >> >>>> >> >> >> > HTH > > >> >>>> >> >> >> > > > >> >>>> > > >> >>> > > >> >>> > > >> >>> -- > > >> >>> Mobile Phone: +447767-322-122 > > >> >>> Work Phone: +4420 79485612 > > >> >>> > > >> >>> > > >> >> > > >> >> > > >> >> -- > > >> >> Mobile Phone: +447767-322-122 > > >> >> Work Phone: +4420 79485612 > > >> >> > > >> >> > > >> > > > >> > > > >> > -- > > >> > Mobile Phone: +447767-322-122 > > >> > Work Phone: +4420 79485612 > > >> > > > > > > > > > > > > -- > > > Mobile Phone: +447767-322-122 > > > Work Phone: +4420 79485612 > > > > > > -- > Mobile Phone: +447767-322-122 > Work Phone: +4420 79485612 >
