Http Redriect Loop

Can i use this command: ssldump -k /config/ssl/ssl.key/our-domain.key -i 1.1 port 443 -A -d

yes but it may be better to capture both clientside (between client and f5) and serverside (between f5 and server). there is special interface 0.0 which will capture traffic from all vlan.

e.g.

anyway, it may be good to save packet to file (using tcpdump) and decode/decrypt it later (using ssldump or wireshark).

e.g.

Decrypting SSL traffic with Wireshark, and ways to prevent it

Please view log file using ssldump:dump3.log

Well, the good news is that you appear to have a good ssldump capture. The bad news is that the capture contains a lot of application layer traffic (HTML, JavaScript, CSS, etc.), which generally indicates that SSL is not the problem. So then the next question is, did ANYTHING else besides the certificate change? Your Firefox client is consuming the layer 7 data and interacting with the server, so there must be something else at play here. At this point I'd spin up a Fiddler capture and see where things are getting stuck.

Can you verify problem if i give tcpdump file?

This is from tcpdump:tcpdump. I'm not familiar with tcpdump.

I think problem with aging rate on persistence HTTP. Let user try first will update here soon.

A few things worth noting:

1. It's hard to tell in the capture who is who. I do some odd "port number reuse" errors towards the end, and a good mix of port 80 and 443 traffic.

    

2. It might be possible that there's a persistence issue, but I'd imagine that would affect all browsers, not just Firefox.

    

3. Towards the end of your ssldump, I see reference to a PDF mime type. Are you by chance attempting to view a PDF in the browser when it fails?