Ask Your Question
0

SSL connection issue

asked 2025-09-25 16:12:28 +0000

Ronnie gravatar image

We connect to our customers REST API service to send EDI. They are in the process of changing to a new server.

The customer said all client certificates would be accepted on the new server. But when I try to connect to the new server the process hangs for about 60 seconds and fails when trying to do the SSL verification (I think).

Can any knowledgeable person examine the two pcap files below to see if they can determine any cause?

File OldWork.pcap is the connection to the customer's old server that is working.

https://www.dropbox.com/scl/fi/td9riq...

File NewFail.pcap is the new server that fails.

https://www.dropbox.com/scl/fi/kr7g51...

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-09-26 11:33:01 +0000

SYN-bit gravatar image

The pcap of the failing connection to the new server is showing an MTU issue. The MSS being received is 1440. I assume it is clamped somewhere in the path between the server and you. When you look at the sequence number of the first received data, it is missing 2896 bytes. This is two MSS of 1460 when you take into account that the TCP timestamps option takes 12 bytes. So per packet 1460 - 12 = 1448 bytes of TCP data, times two is 2896.

This means the MSS in the SYN packet is somehow not clamped and the server just uses the standard MSS of 1460 instead of the 1440. Which means the part of the network with the lower MTU/MSS will not be able to forward the packes due to the IP Don't Fragment flag being set.

Funny thing is that I see the same MSS in the SYN/ACK when I make a connection myself to the same site (on the same IP), but the data segments are now reduced the the MSS of 1440. So somehow the MSS in my SYN is indeed clamped. This means that either the problem has been solved or that there is a problem specificly on the path between you and this server.

Hope this helps!

edit flag offensive delete link more

Comments

Thanks. This is almost the same answer you gave to another problem related to FTP we were having back in April. https://ask.wireshark.org/question/36...

We never figured out a solution then. We just moved the process for this particular FTP connection off the AS400 to a Windows server. And we didn't research any further as we had many other FTP processes that were working fine.

I was hoping this time it was a problem on the customer's side since they were changing servers. But seems like the same issue to me.

Ronnie gravatar imageRonnie ( 2025-09-26 15:32:54 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-09-25 16:12:28 +0000

Seen: 432 times

Last updated: 10 hours ago