Forum Discussion
ieflores_38076
Mar 23, 2011Nimbostratus
Thanks for the interest Matt.
First of all I have to say that unfortunately I don´t have the server private key, so I just can see at tcp level in the packet capture, I can´t go deeper into HTML because it´s encrypted. Once cleared this point, I continue:
Your diagram isn´t ok. The communication is going on some weird, I show you how is the flow:
(C) (S)
<------ FIN
Encrypted Alert------>
<------ ACK to Encrypted alert
After 16 seconds
------> FIN
Closed<------ ACK
As you can see, the first FIN comes from the server side, and I´d expect it because I send a close session instruction into the head request to the server. About the CRLF, I don´t think those are necessary because my BIG IP is on the 10.1.0 version, however I did do some tests adding those character at the end of the request and the issue persists.
Regarding to the HTTP typical monitor the answer is yes. I´ve tried doing the same request on other different servers and it works perfectly, the F5 closes the session once it receives the FIN request (it doesn´t wait). I can´t do this type of monitor (typical http) in the server that is presenting the issue because it only listens on the port 443.
Please let me know what kind of information would help you to try to understand/clarify what´s happening.
Also I´ve tried to do the request manually helped by the command: "openssl s_client -host X.X.X.X -port 443"; when I do this test the communication seems to flow ok. The server closes the connection and the same happens with the F5 without waiting 16 seconds.