[112553] in North American Network Operators' Group
Re: "web problems" "ssl issues"
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Thu Mar 5 14:33:07 2009
In-Reply-To: <Pine.LNX.4.64.0903051315280.30232@e232.namor.ca>
Date: Thu, 5 Mar 2009 14:32:56 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: nanog@namor.ca
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Thu, Mar 5, 2009 at 2:20 PM, <nanog@namor.ca> wrote:
> I hadn't thought about this until now, when I had to use our SPKI account
> with Thawte. =A0It's painfully slow processing anything.
>
> I doesn't seem that anything's amiss with latency or network otherwise, b=
ut
> we're noticing this impact.
>
> I'm also just West of you, so I'm curious if it's slightly geographic in
> nature, as nobody else has noted similar that I've seen here.
>
doubtful it's GEO related from both ATL and SAC and IAD I get the same
dns mappings:
;; ANSWER SECTION:
siteseal.thawte.com. 900 IN A 65.205.248.247
siteseal.thawte.com. 900 IN A 65.205.248.251
siteseal.thawte.com. 900 IN A 65.205.248.236
siteseal.thawte.com. 900 IN A 65.205.248.240
siteseal.thawte.com. 900 IN A 65.205.248.242
siteseal.thawte.com. 900 IN A 65.205.248.246
I don't, however, get any reasonable response on port 443 to these
ips... (they all seem to be in SJC-area fyi)
Perhaps Thawte/VS is experiencing some LB or load issues?
-Chris
> On Thu, 5 Mar 2009, Mike Tancsa wrote:
>
>>
>> Not sure if others are running into this or not, but we had a few vague
>> support calls come in at once about browser 'ssl problems' and some issu=
es
>> with some websites 'taking forever to come up'... =A0It looks like the c=
ommon
>> problem is bringing up pages that have
>>
>> src=3D"https://siteseal.thawte.com/cgi/server/thawte_seal_generator.exe"=
>
>>
>> embedded in the web page the end user goes to.
>>
>> Depending on how the page is written, it can seem (to the end user
>> anyways) as if the page is taking for ever to come up. The browser is
>> blocking on talking to the site seal server.
>
> <judicious snippage>
>>
>> Just a heads up in case your helpdesk runs into this issue as well as it
>> seems to be a rather obscure problem that sent us on a wild goose chase =
at
>> first. =A0Some browsers deal with it differently. on IE, most of the pag=
e does
>> not display until the seal comes up or times out.
>>
>> =A0 =A0 =A0 =A0 ---Mike
>>
>> --------------------------------------------------------------------
>> Mike Tancsa, =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
=A0 =A0 =A0 =A0tel +1 519 651 3400
>> Sentex Communications, =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0mike@sentex.net
>> Providing Internet since 1994 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0www=
.sentex.net
>> Cambridge, Ontario Canada =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 www.sentex.net/mike
>>
>>
>
>
