Office where Mac computers couldn't browse HTTPS sites

About author

Articles

Blog

Feedback

Miscellaneous

Miscellaneous other things.

Seconfig XP Other software Miscellaneous

Stats

Page visited 1762865 times

Page translation

New projects

New projects (mostly for Android) by author of this site

Visitor locations

Other counters

Search Results

Dāvis's tech blog - Office where Mac computers couldn't browse HTTPS sites

Recently I was invited to troubleshoot network problems in an office where all Mac computers virtually couldn't browse any HTTPS web sites. They reported that opening online banking site tool about 4 minutes on Mac computer and only a couple of seconds on Windows PC. Meanwhile the same Mac computer was able to open the same online banking site in seconds when connected to internet at another office.
My first suspicion was lowered (less that 1500) path MTU and ICMPs blocked by ISP firewall, however this turned out to be false (by running mturoute from a Windows machine). Also running ping with 1472 bytes of ICMP data (and DF flag set) to some hosts on the Internet verified that MTU was 1500 and showed no packet loss.
Running Wireshark on one of affected Mac computer while opening a HTTPS website and analysis of gathered dump showed a few percent packet loss in TCP connection to HTTPS web site. In some cases (I assume, when TCP was in slow-start phase after retransmissions) these lost packets led to state when web server didn't send any more data for several seconds (after server continued sending data, a packet or two later TCP fast retransmissions were triggered and normal TCP operation resumed). After some more investigation it turned out that some ISPs configure traffic shaping with very small queues and burst limits that can be exceeded even in some moments of web page loading (by traffic created by web page download and other internet usage at those moments) causing packet loss in TCP connections. I wasn't provided with packed dump from Windows computer, so I couldn't investigate why that delay didn't happen on Windows computers.
The most notable difference between TCP connections initiated by Mac and Windows computers was TCP timestamps (MacOS by default sends them, while Windows doesn't). When TCP timestamps (as well as TCP window scaling) were temporary (until reboot) turned off in Mac computer by invoking:
sudo sysctl -w net.inet.tcp.rfc1323=0
HTTPS web pages opened in it as fast as in Windows computers. Afterwards the changes were made permanent by invoking:
sudo sh -c 'echo "net.inet.tcp.rfc1323=0" >> /etc/sysctl.conf'
Posted on 2011.11.15. 23:20