[Outages-discussion] [outages] COX TLS/SSL Connections

Jeremy Chadwick jdc at koitsu.org
Thu Nov 8 18:38:00 EST 2018


How did you determine "it" is "mangling the dst/src ports"?

This honestly sounds like a case of a layer 7 DPI device (ex. Sandvine)
being misconfigured or doing something Incredibly Stupid(tm).  The term
"mangle" implies some form of rewriting, which those devices usually do
not do (they aren't NAT-like); they can certainly block/drop/blackhole
packets, however.

This is all speculative, BTW (re: assuming there is such a device in the
network path).

-- 
| Jeremy Chadwick                                 jdc at koitsu.org |
| UNIX Systems Administrator                      PGP 0x2A389531 |
| Making life hard for others since 1977.                        |

On Thu, Nov 08, 2018 at 08:49:48PM +0000, Brandon Gould via Outages wrote:
> Oh, interesting. So it's mangling the Dst/Src ports. Does it impact all TLS or just a particular protocol ie. HTTP, MSSQL, etc.
> 
> From: Outages <outages-bounces at outages.org> On Behalf Of Jordan Morris via Outages
> Sent: Thursday, November 8, 2018 2:38 PM
> To: outages at outages.org
> Subject: [outages] COX TLS/SSL Connections
> 
> Anyone else seeing issues connecting to sites/services over TLS/SSL we a have a few remote databases that we cannot connect to when TLS is enabled and we are connecting from COX. We turn TLS off on the client it connects no prob. Same PC connecting via Verizon hot spot with TLS on no problem. We are seeing seminar issues at multiple COX sites in AZ. Very odd the IP/Dst Port are not being filtered/dropped just when TLS is turned on. We have dropped a few of our locations to the secondary ISP to get around the problem for now.
> 
> 

> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages



More information about the Outages-discussion mailing list