[afnog] https through NAT
abel ELITCHA
kmw.elitcha at gmail.com
Wed Oct 10 16:18:27 UTC 2012
2012/10/8 Stephane Bortzmeyer <bortzmeyer at nic.fr>
> On Mon, Oct 08, 2012 at 10:13:32AM +0000,
> abel ELITCHA <kmw.elitcha at gmail.com> wrote
> a message of 132 lines which said:
>
> > i get this output with the openssl s_client
> >
> > CONNECTED(00000003)
>
> It means the TCP handshake was done. So, it is not a layer-3 issue,
> you can go to the site.
>
> > write:errno=104
>
> Bad ("Connection reset by peer")
>
> > SSL handshake has read 364 bytes and written 0 bytes
> > ---
> > New, (NONE), Cipher is (NONE)
>
> Bad, bad. When it works, it should be something like (try with another
> site, to see):
>
> SSL handshake has read 3092 bytes and written 518 bytes
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
>
> I strongly suspect that there is a broken middlebox (firewall, etc)
> somewhere between your client and this server. It broke the TCP
> session as soon as TLD negociation started. DPI device, may be.
>
Thanks Stephane, this is solved;
really it was an issue on the firewall - not enough permissions defined on
it! - I've configured a default rule with all ports and protocols accepted
from anywhere (i've only authorized tcp port 443 by the past) and
everything seems okay!
this bother me a little but for the moment it's ok the service is online!
Thanks a lot.
--
*Abel Woatéba ELITCHA
*système d'informations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20121010/188d811e/attachment.html>
More information about the afnog
mailing list