V
Vaughan Castine
Agreed.
The 3 factors appear to be:
1) SSL
2) Proxy (not all proxies, but definitely squid)
3) IE 6 SP1
Seems MS are aware of this (see Microsoft Knowledge Base
Article - 323308: Internet Explorer File Downloads Over
SSL Do Not Work with the "No-Cache" Header
http://support.microsoft.com/default.aspx?scid=kb;en-
us;323308).
A workaround that has succeeded here was to rollback the
wininet.dll to version 6.00.2715.400
The 3 factors appear to be:
1) SSL
2) Proxy (not all proxies, but definitely squid)
3) IE 6 SP1
Seems MS are aware of this (see Microsoft Knowledge Base
Article - 323308: Internet Explorer File Downloads Over
SSL Do Not Work with the "No-Cache" Header
http://support.microsoft.com/default.aspx?scid=kb;en-
us;323308).
A workaround that has succeeded here was to rollback the
wininet.dll to version 6.00.2715.400
-----Original Message-----
I believe people inside and outside of my company have
experienced this same problem. I apologize if these are
two different issues.
Immediately after upgrading from IE 6.0 to IE 6.0 sp1, we
have noticed that the browser freezes up on an HTTPS site
after mousing over several javascript rollover images
located in close proximity to each other quickly, or can
be reproduced by mousing over one rollover very very
quickly.
This is happening to users inside of my company's network
and for users outside. It appears to happen only when a
user is behind a firewall.
Because the site where this is occurring is my company's
site, I'm able to add *.*my_company_domain to the
exceptions in Internet Options to correct the problem.
Another workaround is to remove the proxy server and port
number for the Secure Type server. This has worked inside
my network and for one user at another location. There
are several other users in other locations that are forced
to use Netscape because of this problem.
I've posted a couple of times on this forum and have not
had a reply to date. It appears there are quite a few
issues with IE 6.0 sp1 and HTTPS.
Thanks,
Matt
.-----Original Message-----
Problem with IE6 and https.
We have observed an increased number of full handshakes
when using IE6 (+WinNT,Win2k & WinXP) and https (secure
sockets layer). It has a disturbing influence to browsing
performance. The IE5.5, Mozilla and Netscape browsers do
not show this behaviour.
When doing a network trace it shows that every ssl
connection imposing a full handshake is preceded by a
failed connection i e a connection, which is terminated by
a tcp reset when handshaking or before all the application
data has been transmitted. This condition seems to impose
a ssl full handshake.
The termination of the tcp session is due to frequent
clicking (in a web frame set), which impose loading,
interrupted loading and new loading of webpages.
In the example below the browser is IE6 (version
6.0.2800.1106.xpsp1.020828-1920) running on WinXP (version
5.1 Build 2600.xpsp1.020828-1920 Service pack 1).
The example below shows that the ssl handshake is
interrupted by a tcp FIN message. No ssl alert precedes
this message. The IE6/winXP is not waiting for the server
tcp FIN message. This seems to be the rule when using ssl.
When using http graceful closing with exchange of FIN
messages is used.
We have also observed that if concurrent http GET
connections is done in this context (the tcp RST condition
is in effect) all of them will do full handshakes.
Has anyone seen this problem? Solution?
Frame overview.
Frm Date Time Deltatime Sz
Destination Source
945 04/17 12:45:33.522280 0.000000 66
172.20.4.50 IE-WIN-XP TCP DP=443 SP=2057 SYN
SEQ=2965481895 ACK=0 LEN=0 WIN=16384 OPT
946 04/17 12:45:33.523475 0.001195 64 IE-WIN-
XP 172.20.4.50 TCP DP=2057 SP=443 SYN
SEQ=589561856 ACK=2965481896 LEN=0 WIN=0 OPT
947 04/17 12:45:33.523641 0.000166 64
172.20.4.50 IE-WIN-XP TCP DP=443 SP=2057
SEQ=2965481896 ACK=589561857 LEN=0 WIN=17520
954 04/17 12:45:33.538796 0.015155 64 IE-WIN-
XP 172.20.4.50 TCP DP=2057 SP=443
SEQ=589561857 ACK=2965481896 LEN=0 WIN=12288
955 04/17 12:45:33.538953 0.000157 136
172.20.4.50 IE-WIN-XP HTTPS (Handshake - Client
Hello with session-id)
958 04/17 12:45:33.565456 0.026503 113 IE-WIN-
XP 172.20.4.50 HTTPS (Handshake -Server hello )
963 04/17 12:45:33.588764 0.023308 64
172.20.4.50 IE-WIN-XP TCP DP=443 SP=2057 FIN
SEQ=2965481974 ACK=589561912 LEN=0 WIN=17465
964 04/17 12:45:33.590006 0.001242 125 IE-WIN-
XP 172.20.4.50 HTTPS (Server change cipher spec)
965 04/17 12:45:33.590189 0.000183 64
172.20.4.50 IE-WIN-XP TCP DP=443 SP=2057 RST
SEQ=2965481975 ACK=589561912 LEN=0 WIN=0
Frame details.
Frame 945:
---- Transmission Control Protocol ----
Source Port: 2057 (Unknown)
Destination Port: 443 (https - Secure Hyper Text
Transfer Protocol)
Sequence Number: 2965481895
Acknowledgement Number: 0
Header Length: 28 bytes
Reserved: 0x0
Flags: 0x2 0..... = No Urgent Pointer .0.... = No
Acknowledgement ..0... = No Push ...0.. = No
Reset ....1. = SYN .....0 = NO FIN
Window Size: 0x4000
Checksum: 0x7792 (Correct)
Urgent Pointer: 0x0
Options:
: Option 1 Type = 2 (Maximum Segment Size) MSS =
1460
: Option 2 Type = 1 (NOP)
: Option 3 Type = 1 (NOP)
: Option 4 Type = 4 (Selective Ack Permitted)
: 0 bytes of data
Frame 946:
---- Transmission Control Protocol ----
Source Port: 443 (https - Secure Hyper Text Transfer
Protocol)
Destination Port: 2057 (Unknown)
Sequence Number: 589561856
Acknowledgement Number: 2965481896
Header Length: 24 bytes
Reserved: 0x0
Flags: 0x12 0..... = No Urgent Pointer .1.... =
Acknowledgement ..0... = No Push ...0.. = No
Reset ....1. = SYN .....0 = NO FIN
Window Size: 0x0
Checksum: 0xA863 (Correct)
Urgent Pointer: 0x101
Options:
: Option 1 Type = 2 (Maximum Segment Size) MSS =
1460
: 0 bytes of data
Frame 955:
---- Transmission Control Protocol ----
Source Port: 2057 (Unknown)
Destination Port: 443 (https - Secure Hyper Text
Transfer Protocol)
Sequence Number: 2965481896
Acknowledgement Number: 589561857
Header Length: 20 bytes
Reserved: 0x0
Flags: 0x18 0..... = No Urgent Pointer .1.... =
Acknowledgement ..1... = Push ...0.. = No
Reset ....0. = NO SYN .....0 = NO FIN
Window Size: 0x4470
Checksum: 0x15E5 (Correct)
Urgent Pointer: 0x0
: No TCP Options
: 78 bytes of data
---- Secure Hyper Text Transfer Protocol ----
Data: [78 bytes]
0000: 00 50 06 00 00 32 00 08 02 2E 44 1A 08 00 45
00 .P...2....D...E.
0010: 00 76 3D E1 40 00 80 06 55 41 AC 14 0B 05 AC
14 .v=á@...UA....
0020: 04 32 08 09 01 BB B0 C1 A9 A8 23 24 00 01 50
18 .2...ȡ穬#$..P.
0030: 44 70 15 E5 00 00 16 03 00 00 49 01 00 00 45
03 Dp.å......I...E.
0040: 00 3E 9E 85 EE 9C AD BB 4D 94 9A 48 DB 9D AD
E6 .>..î.»M..HÛ.æ
0050: A8 D1 06 0C 16 27 A2 39 E6 DD 06 24 ED 2A 6D
8D ¨Ñ...'¢9æÝ.$í*m.
0060: D8 08 00 00 00 07 00 AD 8B B2 00 16 00 04 00
05 Ø.......²......
0070: 00 0A 00 09 00 64 00 62 00 03 00 06 00 13 00
12 .....d.b........
0080: 00 63 01 00 94 9B 7B C5
.c....{Å
Frame 958:
---- Transmission Control Protocol ----
Source Port: 443 (https - Secure Hyper Text Transfer
Protocol)
Destination Port: 2057 (Unknown)
Sequence Number: 589561857
Acknowledgement Number: 2965481974
Header Length: 20 bytes
Reserved: 0x0
Flags: 0x18 0..... = No Urgent Pointer .1.... =
Acknowledgement ..1... = Push ...0.. = No
Reset ....0. = NO SYN .....0 = NO FIN
Window Size: 0x3000
Checksum: 0xE96D (Correct)
Urgent Pointer: 0xF95D
: No TCP Options
: 55 bytes of data
---- Secure Hyper Text Transfer Protocol ----
Data: [55 bytes]
0000: 00 08 02 2E 44 1A 00 50 06 00 00 32 08 00 45
00 ....D..P...2..E.
0010: 00 5F 1E 23 00 00 40 06 F5 16 AC 14 04 32 AC
14 ._.#..@.õ...2.
0020: 0B 05 01 BB 08 09 23 24 00 01 B0 C1 A9 F6 50
18 ...»..#$..°Á©öP.
0030: 30 00 E9 6D F9 5D 16 03 00 00 32 02 00 00 2E
03 0.émù]....2.....
0040: 00 85 8F 5E 75 12 58 F3 7E 43 27 95 83 E2 DE
09 ...^u.Xó~C'..âÞ.
0050: 70 09 C6 8F F2 7D A2 C5 A2 B4 38 CF F9 0A 48
33 p.Æ.ò}¢Å¢´8Ïù.H3
0060: 5D 08 00 00 00 07 00 AD 8B B2 00 04 00 E0 CE
99 ].......²...àÎ.
0070: 28
(
Frame 963:
---- Transmission Control Protocol ----
Source Port: 2057 (Unknown)
Destination Port: 443 (https - Secure Hyper Text
Transfer Protocol)
Sequence Number: 2965481974
Acknowledgement Number: 589561912
Header Length: 20 bytes
Reserved: 0x0
Flags: 0x11 0..... = No Urgent Pointer .1.... =
Acknowledgement ..0... = No Push ...0.. = No
Reset ....0. = NO SYN .....1 = FIN
Window Size: 0x4439
Checksum: 0x7C62 (Correct)
Urgent Pointer: 0x0
: No TCP Options
: 0 bytes of data
Frame 964:
---- Transmission Control Protocol ----
Source Port: 443 (https - Secure Hyper Text Transfer
Protocol)
Destination Port: 2057 (Unknown)
Sequence Number: 589561912
Acknowledgement Number: 2965481975
Header Length: 20 bytes
Reserved: 0x0
Flags: 0x18 0..... = No Urgent Pointer .1.... =
Acknowledgement ..1... = Push ...0.. = No
Reset ....0. = NO SYN .....0 = NO FIN
Window Size: 0x3000
Checksum: 0xD619 (Correct)
Urgent Pointer: 0x2020
: No TCP Options
: 67 bytes of data
---- Secure Hyper Text Transfer Protocol ----
Data: [67 bytes]
0000: 00 08 02 2E 44 1A 00 50 06 00 00 32 08 00 45
00 ....D..P...2..E.
0010: 00 6B 1E 26 00 00 40 06 F5 07 AC 14 04 32 AC
14 .k.&..@.õ...2.
0020: 0B 05 01 BB 08 09 23 24 00 38 B0 C1 A9 F7 50
18 ...»..#$.8°Á©÷P.
0030: 30 00 D6 19 20 20 14 03 00 00 01 01 16 03 00
00 0.Ö. ..........
0040: 38 8A 2D 0F CF 9B 6F CD 21 66 5A 03 D5 F1 B3
A4 8.-.Ï.oÍ!fZ.Õñ³¤
0050: 96 A2 C9 C3 B3 CF 6C 67 2D 47 DC B2 58 39 F4
E7 .¢ÉóÏlg-GܲX9ôç
0060: AF 73 25 38 72 DE F2 8B A3 C7 3E 2D DE BC FD
1A ¯s%8rÞò.£Ç>-Þ¼ý.
0070: 68 7C E9 D6 F1 9C 0A 80 A7 A4 FC 3A 0F
h|éÖñ...§¤ü:.
Frame 965:
---- Transmission Control Protocol ----
Source Port: 2057 (Unknown)
Destination Port: 443 (https - Secure Hyper Text
Transfer Protocol)
Sequence Number: 2965481975
Acknowledgement Number: 589561912
Header Length: 20 bytes
Reserved: 0x0
Flags: 0x4 0..... = No Urgent Pointer .0.... = No
Acknowledgement ..0... = No Push ...1.. =
Reset ....0. = NO SYN .....0 = NO FIN
Window Size: 0x0
Checksum: 0xC0A7 (Correct)
Urgent Pointer: 0x0
: No TCP Options
: 0 bytes of data
.