From owner-freebsd-questions@FreeBSD.ORG Sat Feb 7 14:05:51 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 063DC428 for ; Sat, 7 Feb 2015 14:05:51 +0000 (UTC) Received: from mail-ie0-f179.google.com (mail-ie0-f179.google.com [209.85.223.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CCBB8C11 for ; Sat, 7 Feb 2015 14:05:50 +0000 (UTC) Received: by iecrp18 with SMTP id rp18so3154489iec.10 for ; Sat, 07 Feb 2015 06:05:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=EDYkHTmE4wL21qpxWxjnQP9KTZ2YszXMzVOHRZdN8uE=; b=uIG+pwxBfkZfAwVIY8ZVtaYKbkhDON4gM+rL6WWEhAnXUQyUOV9rU8dYfuqYE4tKed ypi3cJrpbhEawkvjrTEKVy7QQYFaJOtgg4pT7slJtJu4Q1hoGl7ZeoAkWNQxQGVqVVET Qp9CMdQoAFWy50tuKIE3leYEyEfKRFWaMqHqV33BMxYWB8G36KiFweW7ZQRlH8gg6vrP ijUFWeJyVzCH/wGhWQG8U8uJrAVAMftSUJObUy3a1aSudUUJnOEEuMsP1aGyOE/Ziy9E vhF2gz7+PG7pC4Zw4j9YB8c2i1Nkc69fwgN8N1AdGwuE9F5Q+y3Fad507Clwxm4E5qKN ZHxQ== MIME-Version: 1.0 X-Received: by 10.50.49.43 with SMTP id r11mr7685334ign.18.1423317943967; Sat, 07 Feb 2015 06:05:43 -0800 (PST) Received: by 10.64.240.36 with HTTP; Sat, 7 Feb 2015 06:05:43 -0800 (PST) Date: Sat, 7 Feb 2015 15:05:43 +0100 Message-ID: Subject: HTTPS/TLS issue on a NDIS wrapped NIC From: Simone Lombardo To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2015 14:05:51 -0000 Hi, I am currently facing an issue and I don't know how to investigate and address it. I am currently using the release FreeBSD 10.1 on a laptop having a RTL8188CE chipset as wireless chipset. Native driver is not avaiable so I am using the NDIS 5.1 driver via the NDIS wrapper. The wrapper is working fine for most application protocols, except when using HTTPS/TLS on browsers. In this case, the following situations arise: - Sistematically, HTTPS/TLS communication near immediately fails when trying to upload a binary file (e.g. an image on a image hosting site). Monitoring via tcpdump/wireshark shows encrypted alerts (21) and the connection is reset by the remote peer. Since the first point is recurring, I am going to setup a test web server in order to decrypt the payload and read the encrypted alert. - Randomly, HTTPS/TLS communication enter in a retrasmission loop, stalling all other HTTPS/TLS connections. Monitor via tcpdump/wireshark shows high density of duplicate ACKs and after a while the TCP stack initiate a retransmission keeping the connection stalled until the remote host does not reset the connection and the buffers are flushed. The issue is not present when using an usb wireless dongle or the bundled wired card where native driver is avaiable, so it seems specific to ndis wrapper, though I have no other wireless cards to try atm. Tried to tune tcp settings via sysctl, but I have not gain results yet. Any indications or hints on where I should look to discover the origin of the issue (especially for the second point), is greatly appreciated. Best regards, Simone