- Регистрация
- 04.11.2019
- Сообщения
- 18
- Благодарностей
- 1
- Баллы
- 3
Доброго дня всем.
Только начинаю разбираться с запросами.
Столкнулся с проблемой, что фидлер не видит никакие запросы.
В логе: HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes
По ссылке в логе следующее сообщение:
Long Handshake Intolerance
bravoromeocharlie edited this page on 15 Oct 2014 · 9 revisions
Some web servers are unable to process Client Hello messages longer than 255 bytes, even though such messages are allowed by the protocol. Although most Client Hello messages are shorter than this limit, with the use of Server Name Indications (SNI), Elliptic Curve extensions, and the increase in the number of supported suites, the size can easily go over.
Browsers are thought not to be affected, but some other tools may be. In particular, OpenSSL 1.0.1+ is known to be affected. If you are using the s_client tool, try to reduce the size of the handshake by disabling some of the suites offered by OpenSSL (this can be done by specifying the desired suites using the -cipher switch).
Только начинаю разбираться с запросами.
Столкнулся с проблемой, что фидлер не видит никакие запросы.
В логе: HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes
По ссылке в логе следующее сообщение:
Long Handshake Intolerance
bravoromeocharlie edited this page on 15 Oct 2014 · 9 revisions
Some web servers are unable to process Client Hello messages longer than 255 bytes, even though such messages are allowed by the protocol. Although most Client Hello messages are shorter than this limit, with the use of Server Name Indications (SNI), Elliptic Curve extensions, and the increase in the number of supported suites, the size can easily go over.
Browsers are thought not to be affected, but some other tools may be. In particular, OpenSSL 1.0.1+ is known to be affected. If you are using the s_client tool, try to reduce the size of the handshake by disabling some of the suites offered by OpenSSL (this can be done by specifying the desired suites using the -cipher switch).
- OpenSSL Bug #2771: Openssl 1.0.1 times out when connecting to Outlook Exchange 2007; sign in with guest/guest.
- F5 tracks this problem under bug #376483 and it is fixed in BIG-IP LTM 10.2.4 (see [SOL14758: SSL client connections may fail if the ClientHello message is greater than 255 bytes and uses TLS 1.1 or 1.2] (https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14758.html) for more details).
Что я делаю не так?
- The issue is fixed according to F5 in 10.2.4, they are however not mentioned in any release notes (I have >just checked until 11.x)
- To debug the issue on an F5, the log level of "SSH" needs to be at least "Informational".