[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: konqueror

robert caterina wrote:

> now i am wondering what exactly causes the switching of the 
> protocol from http to https though, from which part does it come?

There are too many possible ways for that to be implemented for us to be
sure - speculation would be useless.  Most likely the link you click on
to login is simply an "https://"; link ... but also webservers can be
configured to automatically redirect http:// connections requesting
certain URLs to https:// connections ... we do this regularly at my
work.  You really need a sniffer to see what is actually going on.

> What about the konqueror behaviour with all other SSL sites? I can't
> answer because i personaly never use SSL except for E-banking. So i
> don't know other sites requiring it.

Try connecting to Google Mail using SSL :

Does that work ?   Do you see the Gmail login page ?

> You suggested me the use of tcpdump to see how goes the SSL connection
> but what command should i type in? (sorry i am newbye:-))

Something like this should do :

tcpdump -i eth0 tcp port 80 or 443

[NB: José is right about Wireshark being nicer to use]

This should show you both normal and SSL-encrypted HTTP traffic.  You
won't be able to make any sense of the SSL traffic data content, but
you'd see the HTTP packet content, and the SSL packet headers (control
info), and I'd be looking to see which end drops the connection - your
PC, or the webserver - i.e. which end sends a packet with the RST flag
set.  Also, you should be able to see whether the webserver is sending a
"302" redirect (HTTP response header) to convert your HTTP connection
into SSL.

Further analysis of the traffic is really beyond the scope of a newbie's
normal inclination or abilities ... I'd concentrate on investigating
your PC's setup, and compare behaviour with other SSL sites.

It occurs to me to ask: you _are_ using a Debian stable ("Etch") system,
aren't you ?  Strange things can happen with unstable or testing.

Good luck.
Nick Boyce

Reply to: