XKCD tried to explain a bit about standards...
But there are some other aspects, even when you have good, single, consistent standards the challenge can be implementations.
My fun today revolved around TLS and https.
So, the way it is meant to work, is when we close a connection, we send a TLS level close alert, and the other end sends us one, and then we close the TCP connection underneath. This is pretty simple and works for almost all connections...
Testing Edge on MS Windows 10. Some of the pages on the FireBrick are dynamic and so work on a Connection: close basis. This means, instead of a Content-Length at the start, the data in the page is sent until the connection is closed.
For http this is simple, we close the TCP at the end, job done.
The fix is not too hard, a half close on tx side to send a FIN after the TLS level close, allowing far end to send a TLS close back or just close at TCP level (which is what Edge does).
But it has taken three engineers several hours of work today to diagnose and work around this. Arrrg!
What is also fun is we find Edge appears to do a sort of speculative connection. If it does not have a clean keep-alive session it makes a new connection when it has nothing to say, just in case. This was causing exception handling our side (as we expect a prompt request when we get a connection) which also closed TLS uncleanly and impacted session resumption. We have had to make changes for that too.
The good news, after all that, is we now work with Edge (we already worked with pretty much everything else), so should finally have the new https code release this evening at some point. Watch this space.
I have to say, and this is all down to Cliff, that the https is really surprisingly snappy and responsive. One customer said he could swear it was faster than http, which makes no sense. I am quite impressed.
Subscribe to: Post Comments (Atom)
Talking to an AI would be easier than Amazon
I have rarely had to deal with Amazon seller support, and every time has been a challenge. And don't have a go at me for even using Amaz...
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo...
There is someone who uses Edge? Never realised that.ReplyDelete
Microsoft says that Edge is the fastest browser ever. Apparently it is 10% faster than Chrome.Delete
Huh! I use it all the time, no probleReplyDelete
What - Microsoft not bothering to implement things properly to a standard? That must be a first.ReplyDelete
Hold on a minute. What about Silverlight? That Silverlight thing was worse than Flash but Microsoft still rolled it out then discontinued it.Delete
I had a funny bug with Safari and haproxy TLS termination recently.ReplyDelete
Speaking of unusual standards...ReplyDelete
How is the SCTP support on Firebricks? We need this for certain 4G cells etc.
Not really started on that...Delete
If you use chunked encoding (which is standard in HTTP/1.1) you don't need Connection: Close for things that you can't add a Content-Length header to.ReplyDelete
And speculative connections is standard - pretty much all browsers do it (they are a bit of a pain for us because our audit logs can't differentiate between unused speculative connections and failed TLS handshakes...)
Indeed. The current design does not allow for chunked, but that is something we are looking at anyway.Delete
The extra fun bit is HTTP/2.0 which allows connection reuse even when you're requesting something from a different domain (the UA checks that both domains resolve to the same IP addresses and that the certificate for the established connection covers the new domain).Delete
There used to be a site called or stole my life, recording the amount of time wasted changing perfectly good code just so it would work on ie. Sadly this appears to have gone but perhaps there are grounds for an edge stole my life site?ReplyDelete