Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

bash netcat eof, 192.168.1.41:8000, Www.xxxcon., %s wwwxxxcon, %s wwwxxxcon, www.xxxcon, xxxxdup, bitlord outgoing port settings, ckowwwxxx, 192.168.1.41:8000/nor-482.html

Links

XODOX
Impressum

#1: MIME type needed for SSL to work?

Posted on 2008-04-24 01:41:29 by eselk

When I enable SSL/HTTPS on IIS 6.0, do I need to add any additional
MIME types? I know the server needs to transfer the certificate to
the client, but I'm not sure if that happens via a GET request or
not. If it is part of a seperate GET request, like when an image is
sent as part of a page, then it must need a MIME type, right?

Anyway, I have one cell phone that uses Obigo browser (although
sometimes it reports Opera in the HTTP headers), and it can't access
any of my HTTPS pages. It can access HTTP, and everyone else can
access HTTPS pages file. The web log shows error 406 for the GET
request from this one browser. All of the other browsers that I've
checked send Accept: */*, but this one Obigo browser sends a long list
of what it accepts. I imagine this is the difference. I don't see
any MIME types in the accepts header that look like a type of
certificate file though.

To make matters worse I think the cell phone is going through an HTTP
proxy, because sometimes it reports "Obigo" as the browser name, and
sometimes "Opera".

The above info about the "Accept" headers is from netmon with normal
HTTP traffic... so for all I know, the accept headers of the SSL
request are actually different (but I don't know how to see those).

The page that the phone is attempting to request is a redirect page
being handled by a filter DLL that I wrote. I'll try adding debug
info to the filter DLL... but I'm thinking the failure is during the
certificate transfer or SSL handshake, which I think is before my
filter DLL is even called. Plus, the filter DLL works for other
browsers, and always works for non-SSL.

Sorry for the long post... I really have no idea where to go with this
problem.

Report this message

#2: Re: MIME type needed for SSL to work?

Posted on 2008-04-24 10:11:31 by Daniel Crichton

eric wrote on Wed, 23 Apr 2008 16:41:29 -0700 (PDT):

> When I enable SSL/HTTPS on IIS 6.0, do I need to add any additional
> MIME types? I know the server needs to transfer the certificate to the
> client, but I'm not sure if that happens via a GET request or not. If
> it is part of a seperate GET request, like when an image is sent as
> part of a page, then it must need a MIME type, right?

SSL negotiation is done before GET. You shouldn't need to set anything to
get SSL to work other than install a certificate and open the appropriate
port on your firewall. It sounds more like the Obigio browser doesn't
support SSL.

--
Dan

Report this message

#3: Re: MIME type needed for SSL to work?

Posted on 2008-04-24 17:42:44 by eselk

On Apr 24, 1:11=A0am, "Daniel Crichton" <msn...@worldofspack.com> wrote:
> eric wrote =A0on Wed, 23 Apr 2008 16:41:29 -0700 (PDT):
>
> > When I enable SSL/HTTPS on IIS 6.0, do I need to add any additional
> > MIME types? =A0I know the server needs to transfer the certificate to th=
e
> > client, but I'm not sure if that happens via a GET request or not. =A0If=

> > it is part of a seperate GET request, like when an image is sent as
> > part of a page, then it must need a MIME type, right?
>
> SSL negotiation is done before GET. You shouldn't need to set anything to
> get SSL to work other than install a certificate and open the appropriate
> port on your firewall. It sounds more like the Obigio browser doesn't
> support SSL.

I'm thinking that also, except this person can go to other HTTPS
sites, like amazon.com and mobile.fandago.com, so it does have some
SSL support. My certificate is signed by an untrusted root (my own in-
house CA), so I imagine that could be the problem. If I knew for sure
it would fix the problem, I'd get a certificate from Verisign, but I
don't want to spend the money just to find out that it still doesn't
work. Also, the browser does support the "name on certificate doesn't
match" warning, because this person gets that warning if they go to
https://amazon.com, instead of https://www.amazon.com, so that does
seem weird that it would warn about that, but just reject (without
asking the user) for an unknown signer.

I'll probably have them call Sprint tech support to see if they can
help, but I'm guessing they'll just blame my site, but no real
answers, since my site doesn't get 5 billion hits per day =3D[

Report this message

#4: Re: MIME type needed for SSL to work?

Posted on 2008-04-24 17:47:33 by eselk

On Apr 24, 1:11=A0am, "Daniel Crichton" <msn...@worldofspack.com> wrote:
> eric wrote =A0on Wed, 23 Apr 2008 16:41:29 -0700 (PDT):
>
> > When I enable SSL/HTTPS on IIS 6.0, do I need to add any additional
> > MIME types? =A0I know the server needs to transfer the certificate to th=
e
> > client, but I'm not sure if that happens via a GET request or not. =A0If=

> > it is part of a seperate GET request, like when an image is sent as
> > part of a page, then it must need a MIME type, right?
>
> SSL negotiation is done before GET. You shouldn't need to set anything to
> get SSL to work other than install a certificate and open the appropriate
> port on your firewall. It sounds more like the Obigio browser doesn't
> support SSL.

Now that I think of it. If SSL happens before the GET request, the
fact that I see the GET request in the log, means that SSL handshake
completed? I see a line in the log with "GET /", on the SSL port,
with an error code of 406. That is what makes me think it is a MIME
type issue, just not sure why the same request "GET /" works for non-
SSL. I guess it could be because the browser sends a different
"Accept:" header for SSL mode... but I would think either way it
should include text/html, which is what the page is.

Report this message