Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Differnce between non-microsoft and microsoft browsers!

May 8, 2018 2:13AM PDT

I am unable to connect to a particular website through the non-Microsoft browsers Chrome (Windows, Mac & Linux), Mozilla (Windows, Mac & Linux) and Safari (Mac) intermittently during office hours. The connection works only sometimes and gets stuck at "Establishing TLS connection..".
But accessing the same website through Edge or/and IE 11 works without any interruption 24/7. I thought there was some difference in the way the TCP and SSL were handled by the browsers and so took many sanitised dumps on both webserver side and client, to compare the non-Microsoft browsers vs Microsoft browsers. But to my amusement the only real difference between both were that the non-microsoft browsers used 'Session IDs' and the other didn't. I do not think this can cause connection issues.
The captures show that the non-microsoft browser connections time out after not recieving packets that follow and/or include "Server Hello".However, Microsoft-browsers don't have these issues
This issue has been plauging me for 6 months now. I have reached a dead end after trying out options and swapping network devices on client end and server end.

My webserver is Apache2 on Ubuntu 14 and the site is developed in php5.
Find capture dumps here : https://www.dropbox.com/sh/jiuh4k1b22... 4 capture files included : server end and client end for each Chrome and Edge.

(Edit : The below link has latest captures where Chrome and Edge uses same Cipher Suites and plus this will show that the above behavior is consistent and not a glitch.

Below is the packet timeline for "Client Side Capture.pcap" at https://www.dropbox.com/sh/ktz2b6nuvam4isk/AAB7n8SGcBmPyJNVbZfdKZqna?dl=0 :

First Connection using Chrome :

Url for website entered - Packet no. 1 to Packet no. 28

Kept Idle at Login Page - Packet no. 29 to Packet no. 30

Logged in to the website : Packet no. 31 to Packet no. 46

Closed browser : Packet no. 47 to Packet no. 48

CONNECTION TIME OUT

Second Connection using Edge :

Url for website entered : Packet 49 to Packet 102

Kept Idle at Login Page : No Keep Alives even after being IDLE for more than 45 seconds

Logged in to the website : Packet no. 103 to Packet no. 186

Idle: Packet no. 187 to Packet no. 203 instead of KeepAlives

Logged Out: Packet no. 204 to Packet no. 245

Closed browser : Packet no. 246 to Packet no. 247

SUCCESSFULLY CONNECTED

Third Connection using Edge :

Url for website entered : Packet 248 to Packet 299

Kept Idle at Login Page : No Keep Alives even after being IDLE for more than 45 seconds

Logged in to the website : Packet no. 300 to Packet no. 348

Logged Out: Packet no. 349 to Packet no. 390

Closed browser : Packet no. 391 to Packet no. 394

SUCCESSFULLY CONNECTED

Fourth Connection using Incognitto Chrome :

Url for website entered : Packet no. 395 to Packet no. 534

Kept Idle at Login Page : Packet no. 535 to Packet no. 563

Logged in to the website : Packet no. 564 to Packet no. 582

CONNECTION TIME OUT

The only things that stand out are Session IDs and a few additional Extensions used by Chrome.)

Maybe, there is a filtering device, but then how does Edge and IE 11 work!!!
If it is an application or coding error, how does the non-Microsoft browsers spring to life at around end of work hours and weekends!!!

Post was last edited on May 9, 2018 2:34 AM PDT

Discussion is locked

- Collapse -
Answer
My short answer is
May 8, 2018 8:19AM PDT

The other browsers tend to be trying out more privacy ideas. So the session ID would be an area where the other browsers can differ.

Then we have https://caniuse.com/ where I look over the website codes to see if there is anything that is unsupported in the target browsers.

And I always let the W3C checker take a look. It's over at https://validator.w3.org/
We want to pass with no errors or warnings.

- Collapse -
Network related or Code related
May 9, 2018 2:20AM PDT

@R.Proffitt Thanks for your response. The website works with no problems after office hours on non-Microsoft browsers, whereas Edge or IE 11 works any time with no issues. If you are testing the connectivity to the website at around the end of work hours, the website just springs to life on non-Microsoft browsers. That is why I ruled out any possibility of coding error or application error. The error wouldn't know peak hours or non peak hours.

Can you explain what are the privacy ideas?

Post was last edited on May 9, 2018 2:39 AM PDT

- Collapse -
I will be short here.
May 9, 2018 8:16AM PDT

Privacy as is keeping the identity cloaked or only allowing session cookies. But as you noted it works fine outside of office hours. Definitely something is going on at that server location. My bet might be they are hosting the site at their office and during the office hours they are using the site and may be running out of resources that some browsers just give up sooner.

Quite the stumper but could point out they need to have a production server that is not at the office.

Post was last edited on May 10, 2018 10:29 AM PDT

- Collapse -
Moved server locations and types
May 9, 2018 10:23PM PDT

The server is hosted with a reputed cloud hosting company in Europe. We suspected something similar and even tried moving it to AWS in Asia ( a different location). First day was fine, but second day onwards the issue was still the same.

- Collapse -
Very odd issue.
May 10, 2018 10:30AM PDT

I'm tracking this thread and hopefully someone finds out what is going on.

- Collapse -
Is the server running Microsoft Enterprise software instead
May 10, 2018 11:44AM PDT

....of Linux or Unix? That might be part of the problem. The current most popular server software is Linux, because it just works.

- Collapse -
Not a bad question.
May 10, 2018 11:48AM PDT

Long ago I used Windows NT 4.0 Workstation as a web server and Microsoft had artificially limited the number of connections from NT 3.5 Workstation. This was early Internet days so it took a while to find others that had figured that out.

It doesn't really explain why the time of day plus browser matters.

---> But I wonder if the use of a non-Microsoft browser via a VPN and geolocation could reveal something.

- Collapse -
that might be it!
May 10, 2018 11:59AM PDT

A VPN locally which then connects to the server, and the VPN is set to be on/off during office hours. It also could be part of Active Directory Group Policy local that does the same.

- Collapse -
Works with VPN
May 10, 2018 11:25PM PDT

When the issue starts, we switch on VPN for non-Microsoft browsers and then it works. The client machines are all a mix of Linux, Windows and Mac. The server is Apache on Ubuntu 14. I have mentioned earlier that I have swapped all components of our network on both client and server side, but the only thing that I haven’t is the ISP; this is a difficult thing to switch. So, if someone could explain how Edge or IE 11 do things differently to avoid the issue that I am facing. Because, in my geographical location it is illegal to use VPN plus we are stuck with this ISP.

- Collapse -
This disproves it's the browser.
May 11, 2018 8:51AM PDT

But moves the suspect part to a governmental firewall. I don't know of any country that outlaws VPNs except China and another but to me I say we've solved it.

If governments interfere with the Internet, well, not much we can do about that. How weird is this one?

- Collapse -
Doesn’t prove anything
May 11, 2018 11:21AM PDT

It doesn’t disprove or prove anything. The connections work on the same ISP intermittently, so what kind of filtering would that be. I didn’t say that the ISP was blocking the traffic, my guess is that the ISP has some badly configured router somewhere and this is only a strong guess.
My question is to understand how the tls handshake is treated differently on non-Microsoft browsers, and how this is picked/filtered?

- Collapse -
This proved where the issue is to me.
May 11, 2018 11:33AM PDT

Sorry but now this is tested. It shows that something in your country's Internet is in play. You'll have to find folk (web masters) in your country to figure out how to work around it.

Maybe Microsoft knows about it.

- Collapse -
Is this the right forum to ask these kind of questions?
May 11, 2018 11:51PM PDT

Sorry I am not asking about what is is going on in my ISPs configuration. I am only asking for some experts (if there is any) to isolate the difference between the Edge and Chrome way of doing things. May be this is not the right forum i guess?

- Collapse -
try this
May 11, 2018 5:01PM PDT

I don't know what version of firefox you are using, but SSL was deprecated in newest firefox versions, like 57 and later. However the older versions did have a TLS setting you could set in about:config area to ONLY use TLS connections, which effectively disabled SSL connection attempts. There's also "timeout" settings you can extend, like network.http.tls-handshake-timeout and I remember having to double that in earlier Firefox versions.

- Collapse -
Tried it
May 11, 2018 11:54PM PDT

I am using Chrome vs Edge in sample dumps; i have tried all the timeout settings, it didn't work..

- Collapse -
well, then I don't know
May 12, 2018 8:18AM PDT
- Collapse -
Country
May 13, 2018 7:43AM PDT

I am based in UAE, which has no official restrictions. But again i get these issues on Windows 10 US, Linux and Mac OS.

- Collapse -
Then why did you write it was illegal?
May 13, 2018 7:52AM PDT

"Because, in my geographical location it is illegal to use VPN"

Anyhow, I think you have to try getting this some attention in the Mozilla bug database or their developer forum.

- Collapse -
Hmm
May 13, 2018 2:08PM PDT

Maybe an Arabic version of Windows which you can add English too would resolve the problem? Ask some of those who may use such a setup, see if they have similar problem. It could be some oddity in coding in the Arabic versions which allow the connects, versus the US version which fails.

- Collapse -
Answer
Sure you can ask.
May 12, 2018 8:57AM PDT

But when VPN worked it did prove to me it's country or ISP issues. You should try other forums but if you keep information to yourself they might be less forgiving. That is, you now have more info here but no country noted. We do know that China, Egypt and a few other countries have issues and their great firewall could treat browsers differently and depending on who's at the controls at the time you will see different results.

To deny it could be other than the browser is you limiting yourself to finding out what's going on.

But hey, that's your choice.

See if there's a Reddit on this issue. Unless that sort of discussion is also illegal.

- Collapse -
Country?
May 13, 2018 7:40AM PDT

I have not been withholding any information. It is just that all the responses above where merely just re-queries, because my original question was never read properly.
For instance :
I did say in my question that my server is "My webserver is Apache2 on Ubuntu 14 and the site is developed in php5."
The capture dumps that I shared will tell you what country the Public Ip belongs to..
And, then again my issue is not Windows US or China specific because i did also mention "I am unable to connect to a particular website through the non-Microsoft browsers Chrome (Windows, Mac & Linux), Mozilla (Windows, Mac & Linux) and Safari (Mac) intermittently during office hours. "


So now you know why I asked "If this was the right forum..."

- Collapse -
VPN or not
May 13, 2018 7:47AM PDT

I am not contesting if it is the ISP or not. There are chances that it could be the ISP. We did contact them and they ruled out any such possibility. Moreover, as I mentioned earlier it does work with the same ISP at other locations. The issue is primarily at the office location.

As I said, I am not contesting the ISP or not.

I would just love to know and understand how Edge or IE 1 does things differently, and possibly incorporate that behavior for other browsers - by redesigning my app in such a way.

- Collapse -
I hear you.
May 13, 2018 7:51AM PDT

Let's hope someone can dive deeper for you.

I bet you'll have to get on Reddit or a Mozilla developer forum where you present it as a bug.