Troubleshooting HTTPS timeouts in OS X Mountain Lion

After upgrading to Mountain Lion, some OS X users have run into what appears at first glance to be a DNS-related problem in which they can't access certain Web pages. While most Web connectivity seems to work just fine, when accessing special pages like HTTPS (Hypertext Transfer Protocol Secure) connections the connection times out, resulting in programs like Safari claiming the server could not be contacted.

If you are having this problem, then try copying the server URL from your browser or other application and pinging it directly in the OS X Terminal using the following command:

ping www.cnet.com

If successful, the system will start listing the ping attempts to the hosts's IP address, along with the response times from the remote server. Such behavior would suggest the DNS configuration is not to blame, as the host name is resolvable and the host is online and responding. Therefore, the problem at hand may be related to a problem with how Mountain Lion is handling the network packet size for the connection to the remote system.

As with many forms of digital communication, network data is sent in packets to ensure integrity, so if one is corrupted it can be dropped and re-sent without having to send the entire communication string again. The packet contains header data and other "wrapper" information that determines how it is to be handled through routers along the way between systems, and then a data section that contains a small chunk of the usable data that is to be reassembled by the recipient computer.

It is optimal for a connection to use a packet size that is at the maximum transmission unit size of the network; however, small mismatches in the MTU settings for different devices may result in continually dropped packets for some connection attempts.

In an ideal situation, the network setup between both the recipient and sender will be tuned to the same MTU size, but in some instances even if they are tuned the use of a special protocol such as a security layer may add a few more bytes to each packet, resulting in it being larger than the set MTU size. This will result in the network splitting the packets, which in some instances may result in dropped packets if the split segments cannot be reassembled correctly.

When this happens, an adjustment will need to be made to the network's MTU size so that the packets will be split differently and can be reassembled. Therefore, if you are finding that only some Web pages and other network communications within applications will not load the requested data, especially if the connection is secured, try adjusting your Mac's MTU settings.

These settings are done individually for each network port you have set up in your Network system preferences. Select your active connection and click the Advanced button, followed by selecting the Hardware tab, and you should see an option to Configure your hardware. In this menu choose "Manually" and you will then be able to edit the MTU size. The standard for this size is 1,500, which is the maximum for many Wi-Fi and Ethernet protocols, but you can customize this to be between 1,280 and 1,500 if needed.

There are many recommendations for the MTU settings to use for various connection types (PPPoE, PPP, or direct Ethernet), and for the most part keeping this number as high as possible is recommended. Therefore, to troubleshoot a situation in which you appear to be dropping packets for a particular network connection, try dropping the MTU value by 2 bytes followed by testing your connection. If the connection still does not work, then repeat this and drop the MTU size by another 2 bytes, until hopefully you are able to load the requested data.

In addition to adjusting MTU size, you can try a different hardware connection to your router. While a direct Ethernet connection is an easy option, it is less convenient than Wi-Fi, and often people do not have available hard-line connections. Another approach is instead to use another Wi-Fi protocol if your router supports it. While many routers these days use the higher-speed 802.11n as their preferred protocol, for compatibility they do also include 802.11g and 802.11b support, which often offers more than enough speed for a standard broadband connection.

In routers that support these different protocols you will often have two radios (one at 2.4GHz and another at 5GHz), so consult your router's manual and enable both radios, and then try connecting your Mac to one and the other to see if you can see a difference in loading behavior.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.