0

I have two systems, running an application that does web service calls over HTTPS. I run a test by trying to log in to the HTTPS over webservice and one system works with HTTPS but the other does not. I have spent a while trying to find a difference in the systems but failed (configs look fine, package versions are pretty much the same, etc...). I am no Linux expert.

Whilst running the test I ran tcpdump to get packets and inspected with WireShark. The working system implements Client key exchange but the other system stops just after getting the certificate from the HTTPS server (see below).

Anyone know what could be causing this to happen? What other tests can I do?

The systems use OpenSSL 0.9.8 and web services use SOAP.

HTTPS working HTTPS working HTTPS not working HTTPS not working

dnelson
  • 101
  • 2
  • The client is clearly disconnecting. You need to look at it to find out why. – Michael Hampton Dec 14 '13 at 00:24
  • @MichaelHampton By look at it you mean `tcpdump` on that server? – dnelson Dec 14 '13 at 01:15
  • 1
    No, I mean look at the program which is initiating the connection. – Michael Hampton Dec 14 '13 at 01:49
  • Are you in control of both ends (and can check cipher suites etc on both clients and servers), or are you simply calling someone elses web service and it fails? I am missing a lot of useful data in the screenshots. I would like to see for instance the time taken before the client sends the RST. I am also interested in the SSL protocol negotiation as it would be seen inside the packet dump, is it possible to attach the two packet dumps as files on this site? – ErikE Dec 14 '13 at 21:34
  • @ErikE I don't have access to the server that the web service is calling. There time taken for the RST is thousandths of seconds in both instances. You can see the protocols in the screen shots? It is possible I am over complicating the search in why one machine works and the other does not. – dnelson Dec 16 '13 at 18:57

0 Answers0