![]() ![]() But with only one client (Internet Explorer) and one server (Apache/openssl) demonstrating the problem, we couldn’t know which one had the bug. If so, rather than just ignoring the problem and disabling TLS 1.2 in Internet Explorer settings on our selenium test hosts, it would be better to fix or reconfigure openssl in our servers. If so, this problem might have affected clients other than just Internet Explorer. It was possible that what we were witnessing was a bug in openssl. The mod_ssl Apache module is implemented in terms of openssl, for which we use version 1.0.1. Our server is Apache 2.2.25 with mod_ssl. It was equally possible that Internet Explorer was calculating the MAC correctly but that the server’s implementation of TLS 1.2 was incorrectly rejecting it. However, this isn’t enough to conclude that the MAC calculated by Internet Explorer was incorrect. ![]() The results of this experiment showed no failure in the script when the selenium failure occurred so the problem had to be in Internet Explorer or something it relies upon above the low level Windows networking layer.īut was Internet Explorer really to blame? What we knew from the network trace was that the server’s implementation of TLS 1.2 was rejecting the handshake MAC that it was being given by Internet Explorer. If it didn’t then the problem had to be at a higher level. The idea was that if this test showed a problem that coincided with the selenium failure then it would indicate that the problem was between the Windows TCP/IP stack and the remote web server. This script was run in parallel to the selenium test in the hopes that it would reveal some kind of temporary network lag between the selenium test host and the web server host. The script would report when any of these operations took more than a small threshold to complete. The python script would, 4 times per second, do a DNS lookup of the domain name that the HTTPS URL was using when the problem occurred, and then make an HTTP followed by an HTTPS request to that domain. In order to narrow down the source of the problem, we wrote a python script to try and duplicate it. ![]()
0 Comments
Leave a Reply. |