Ssl – RST ACK over SSL in FireFox POST request

ssltlswireshark

The original question is here. In short, for few users several POST requests hangs and are aborted after couple of minutes, when working over SSL (http is OK).

What I'm asking here is an explanation of the WireShark log:

No.     Time        Source                Destination           Protocol Info
  > "submit" clicked
  1 0.000000    11.22.33.44         192.168.1.9           TCP      [TCP segment of a reassembled PDU]
  2 0.000114    11.22.33.44         192.168.1.9           TLSv1    Application Data
  3 0.000394    192.168.1.9           11.22.33.44         TCP      https > 50950 [ACK] Seq=1 Ack=2305 Win=64690 Len=0
  > what happened???
  4 97.611245   192.168.1.9           11.22.33.44         TCP      https > 50950 [RST, ACK] Seq=1 Ack=2305 Win=0 Len=0
  5 97.752530   11.22.33.44         192.168.1.9           TCP      50958 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1459 WS=2 SACK_PERM=1
  6 97.752612   192.168.1.9           11.22.33.44         TCP      https > 50958 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0 SACK_PERM=1
  7 97.778024   11.22.33.44         192.168.1.9           TCP      50958 > https [ACK] Seq=1 Ack=1 Win=17508 Len=0
  8 97.784462   11.22.33.44         192.168.1.9           TLSv1    Client Hello
  9 97.785107   192.168.1.9           11.22.33.44         TLSv1    Server Hello, Change Cipher Spec, Encrypted Handshake Message
 10 97.813970   11.22.33.44         192.168.1.9           TLSv1    Change Cipher Spec, Encrypted Handshake Message
 11 97.814082   11.22.33.44         192.168.1.9           TLSv1    Application Data
 12 97.814208   192.168.1.9           11.22.33.44         TCP      https > 50958 [ACK] Seq=123 Ack=2555 Win=64647 Len=0
 > and here user sees the request being aborted
 13 227.535270  192.168.1.9           11.22.33.44         TCP      https > 50958 [RST, ACK] Seq=123 Ack=2555 Win=0 Len=0

Sometimes, the request finally works, instead of being aborted. Also, this happens only for particular POST data, see original question.

Best Answer

It looks like the server is still waiting for data. Maybe there's a buffer in the SSL path which isn't being flushed? Maybe Firefox is screwing up and only sending a partial record (I can't tell without seeing the TLS frames).

Giving details of the server would help.

Related Solutions

Ssl – Firefox is very slow when establish SSL sessions

Is IE configured to check for revoked certs? In the same place as Firefox? Can you try disabling both and see if that fixes it?

If so, either the "certificate revoke" location is down or DNS is having problems.

Ssl – How to configure IIS 7.5 SSL \ TLS to work with iOS 9 ATS

The question is old, but it will be found during searching. I spent some time to find solution to the same problem. Thus I decide to write the answer to share my results with others.

Short answer: you should not use IIS Crypto to specify the order of Cipher Suites. I recommend you to click on "Defaults" buttons to remove previously set order and then use Group Policy ("Computer Configuration" \ "Administrative Templates" \ "Network" \ "SSL Configuration Settings") to configure Cipher Suites via local policy.

The reason of the error "protocol or cipher suite mismatch" can be one from below:

your server support some "bad cipher suite"
your server don't support some cipher suite, which MUST be supported corresponds to TLS specification.
your server supports HTTP/2 and it has some protocols from the the black list above the other protocols, which are not in the list. It's typically enough the change the order of the cipher suites to fix the problem.

The exact black list could be different on different systems. You can find in Internet some blacklist. For example, Appendix A of RFC 7540 (Hypertext Transfer Protocol Version 2 (HTTP/2)) contains one list. The cipher suites are TLS_RSA_WITH_AES_128_CBC_SHA for TLS 1.2 (see here) and TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS 1.3 (see here). The TLS_ECDHE_ECDSA_* are important only is you use certificate with elliptic curves. Other very good cipher suite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is not yet implemented by Microsoft. Additionally you can consider to add at least TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA to support connection from old systems and TLS_RSA_WITH_AES_128_CBC_SHA to support very old systems (Android 2.3.7, , Java 6u45, OpenSSL 0.9.8y) and TLS_RSA_WITH_3DES_EDE_CBC_SHA only if you need support IE 8 / XP. Thus you can use today, for example

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

with disabled TLS 1.0, TLS 1.1 to have better security or just

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

if you need to have good security and the best performance.

You can set the following short set of cipher suite for example to solve your problem:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Below I includes an example of configuration on Windows 10. I configured IIS 10 to have A+ rating from Qualys SSL Labs with RSA 2048 key and free SSL certificate from Let's Encrypt.

I disabled DES 56/56, RC2 128/128, RC2 40/128, RC2 56/128, RC4 128/128, RC4 40/128, RC4 56/128, RC4 64/128, Triple DES 168/168, NULL, MD5, Multi-Protocol Unified Hello, PCT 1.0, SSL 2.0, SSL 3.0 and TLS 1.0/1.1 manually in the registry (see KB245030). I disabled TLS 1.0 and TLS 1.1 protocols only because TLS_FALLBACK_SCSV (Downgrade attack) can't be prevented in IIS till now, which makes impossible to get A+ rating of www.ssllabs.com. I see it as an disadvantage, but TLS 1.2 is supported currently very wide. By the way you can use DisabledByDefault: 1, but Enabled: 1 for TLS 1.0 and TLS 1.1. It could be helpful if you would run SQL Server 2008/2012 on the computer. The web server will not use TLS 1.0 and TLS 1.1, but SQL Server do use.

The most important step, which get many my time and which is your main problem was configuration of the the Cipher Suites. I made it using gpedit.msc. I chosen "Computer Configuration" \ "Administrative Templates" \ "Network" \ "SSL Configuration Settings" and configured "SSL Cipher Suite Order" value to the following

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

The above order could be not optimal and I'm not sure, that all above protocols are supported on IIS 7.5 (I used IIS 10.0 from Windows 10). Nevertheless I'm sure that your problem is related with the list of the Cipher Suite, because I had exactly the same problem like you described during my experiments with the list of Cipher Suite.

In any way, after configure the above settings in Group Polity and rebooting the computer (gpupdate /force /target:computer was not enough in my tests) I get A+ ratings and the following list of testing results of the "Handshake Simulation" part:

One can see that iOS is successfuly supported for the following clients:

Safari 6 / iOS 6.0.1
Safari 7 / iOS 7.1
Safari 8 / iOS 8.4
Safari 9 / iOS 9

The clients which don't supports TLS 1.2 seems for me now not so important and I think that the above configuration is a good compromise between the support of legacy clients and the usage of safe protocols.

Best Answer

Related Solutions

Ssl – Firefox is very slow when establish SSL sessions

Ssl – How to configure IIS 7.5 SSL \ TLS to work with iOS 9 ATS

Related Topic