IE Browser Hang

What type of VS is it please? Any way you could post the VS configuration in text form please? [tmsh list ltm virtual]

 

 

It could be that the client is redirected to a different port.

Hi Steve,

 

 

Thanks for your reply.

 

 

It's standard VS type. Following is the configuration:

 

 

virtual VS_8080 {

 

snat automap

 

pool POOL_8080

 

destination VIP:webcache

 

ip protocol tcp

 

persist SOURCE_PERSIST

 

vlans VLANX enable

 

 

I have checked if it's being redirected but it's not. The firewall rule is opened for only port 8080.

 

 

When i tried with Firefox, i cannot logon at all, the login page keeps return the error code (username and password not match). It's likely Firefox is not supported (i will check with apps team).

 

 

Using IE to physical IP address, i can logon without any problem.

 

 

Thanks.

 

Alex

OK, the VS configuration look good. Can you use IEHeaders or something similar to confirm what is happening at the client end and ideally use tcpdump on the F5 to also observe what is happening?

 

 

Also it might be worth changing the VS type to FastL4 to see if this helps.

Hi Steve,

 

 

I have tried to use tcpdump to capture the traffic to the VS, but cannot decode anything.

 

 

I'm using Fiddler to do http debugging. There's one thing i notice that the server return with "Unrecognized cipher" when using F5, while return correct cipher when using physical IP. There are two different ciphers, one for initial logon page and another is for after clicking the submit button.

 

 

I'll try with FastL4 as your suggestion.

 

 

Thanks.

 

Alex

windofchange,

 

 

Looks like you're being looked after but thought I'd post about ssldump - to help with the traces.

 

 

See: http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html

 

 

Steve - would OneConnect profile possibly help here? Would the cipher suite be already agreed upon before hitting submit? Just a thought.

 

 

HTH

 

N

Apologies, I didn't realise it was SSL/TLS, not that it matters. Let us know how you get on.

Thanks Nathan. Personally I suspect OneConnect won't help here considering the traffic and persistence types involved.

 

 

windofchange, how does the cipher change occur exactly?

 

When using physical IP address, at first it is TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA and then it changes to TLS_RSA_AES_128_SHA.

 

 

Using VS, the return sometimes does not have any information about SSL.

 

 

Below is my http capture:

 

-------------------------------------------------------------------------------------------------------------------------------------------

 

With VS (without SSL info):

 

Client:

 

 

CONNECT x.x.x:8080 HTTP/1.1

 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0

 

Connection: keep-alive

 

Host: x.x.x:8080

 

 

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

 

 

Major Version: 3

 

Minor Version: 1

 

Random: 50 9A 1D C7 79 51 BD 0B BD 42 9E 8B 51 89 02 80 23 35 C8 A0 72 62 AE 85 51 E8 E8 8D 19 A4 75 86

 

SessionID: E6 E6 37 F0 41 E0 D2 4F A1 9A 31 A7 32 75 C8 77 CC 55 37 CB FD F1 63 B6 3F 35 7F 05 7B 92 30 5D

 

Ciphers:

 

[Cipher suites]

 

Compression:

 

[00] NO_COMPRESSION

 

 

Server:

 

 

HTTP/1.1 200 Connection Established

 

FiddlerGateway: Direct

 

StartTime: 16:37:59.255

 

Connection: close

 

EndTime: 16:38:04.933

 

ClientToServerBytes: 1658

 

ServerToClientBytes: 7356

 

---------------------------------------------------------------------------------------------------------------------------------------------------

 

With VS (with SSL info):

 

Client:

 

CONNECT x.x.x.x:8080 HTTP/1.1

 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0

 

Connection: keep-alive

 

Host: x.x.x.x:8080

 

 

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

 

 

Major Version: 3

 

Minor Version: 1

 

Random: 50 9A 1E 28 C2 2E DC F3 3E D7 CD 3D 9F 9A AE D6 D6 09 6E 7D 3E C4 4D 5D 7A BF 06 37 01 43 B7 A6

 

SessionID: empty

 

Ciphers:

 

[Cipher suites]

 

Compression:

 

[00] NO_COMPRESSION

 

 

 

Server:

 

 

HTTP/1.1 200 Connection Established

 

FiddlerGateway: Direct

 

StartTime: 16:36:48.228

 

Connection: close

 

EndTime: 16:36:53.797

 

ClientToServerBytes: 1557

 

ServerToClientBytes: 12572

 

 

This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.

 

To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option.

 

 

A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.

 

 

Major Version: 0

 

Minor Version: 0

 

SessionID: 5A 02 16 3B F8 46 AD 22 B2 4F B2 D7 89 85 AC BC 90 37 F8 43 1C BE 0F B6 E8 15 90 99 BF F7 93 C2 9A E8 B9 FC B6 D9 0E 23 74 81 AF 0F FE 33 21 50 35 49 DC BA 4F A7 76 BF 2F 6B 55 E5 81 CD 25 AF 44 9B F9 A9 10 A1 B4 AE 90 BD 9F 18 70 3B F3 89 89 29 C8 AD 91 03 7F 03 11 78 DD B4 99 C5 3F 84 A9 AA DB 72 C3 DA C7 42 91 65 FC 6E 6D CA D7 B6 F9 F0 F2 80 8C 75 B9 F0 D9 CE 05 93 CA C1 69 85 22 A4 A4 F3 86 4B E4 81 B5 96 42 0F B8 8A 2F D2 2C 16 24 90 C4 8C A0 62 BF 94 79 42 0A 4D 4A E2 AF 1C 29 A3 11 FD 09 2A 9F A2 AD 6F 64 7E D9 C7 05 67 DA 14 03 01 00 01 01 16 03 01 00 30 44 8A BC 0D 7A 1C C4 DC 49 FB C5 04 6E 01 60 E7 E6 50 13 2F 1B 9E 5A FD A5 DC D4 A7 4C 0E

 

Random: 01 2C 00 D0 4F 6F 1B 2A 24 13 C7 C0 BF F3 F2 0A DF F7 1C 5E 28 13 DE DF 65 D8 02 71 D6 44 66 EC

 

Cipher: Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/ [0xCE1B]

 

CompressionSuite: Unrecognized compression format [0x2D]

 

Extensions:

 

none

 

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------

 

With Physical:

 

Client:

 

 

CONNECT x.x.x.x:8080 HTTP/1.1

 

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0

 

Connection: keep-alive

 

Host: x.x.x.x:8080

 

 

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

 

 

Major Version: 3

 

Minor Version: 1

 

Random: 50 9A 1E 69 60 03 25 A4 E2 65 BC 96 BC E0 A1 3C C5 5F E0 97 B9 3F 81 C9 30 B8 DE EC 72 7F 50 1C

 

SessionID: empty

 

Ciphers:

 

[Cipher suites]

 

Compression:

 

[00] NO_COMPRESSION

 

 

Server:

 

 

HTTP/1.1 200 Connection Established

 

FiddlerGateway: Direct

 

StartTime: 16:40:09.258

 

Connection: close

 

EndTime: 16:40:09.305

 

ClientToServerBytes: 383

 

ServerToClientBytes: 5075

 

 

This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.

 

To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option.

 

 

A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.

 

 

Major Version: 3

 

Minor Version: 1

 

SessionID: empty

 

Random: 50 9A 1E B7 5F EE 0E 1D A4 B6 06 6C 9A 4A 4E AE A6 5D CC 8B 3B 70 9D 66 23 A9 EE 37 6E 02 79 4E

 

Cipher: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA [0x0088]

 

CompressionSuite: NO_COMPRESSION [0x00]

 

Extensions:

 

renegotiation_info 00

 

SessionTicket TLS empty

 

I'm not too familiar with Fiddler so your output isn't too clear to me I'm afraid. Did you try the switch to a FastL4/Performance VS?

Hi Steve,

 

 

Thank you for your support.

 

 

It turns out it's the server script that causes user's IE to hang. Application team is looking into it.

 

 

Regards,

 

Alex