Opening an SSL connection to my server from Sailfish (Nexus 4) takes >1m
asked 2014-07-13 19:35:01 +0200
So I've been unable to connect to my XMPP server for some reason, and I've been trying various things to determine the cause. The XMPP server logs seemed to indicate that the client simply wasn't sending any data, so I thought it might have something to do with SSL... so I tried connecting with "openssl s_client" to that machine, and lo and behold, it takes over a minute to even appear to do anything:
[nemo@Jolla ~]$ date && openssl s_client -connect terracrypt.net:5281 | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }'
Sun Jul 13 12:04:31 EDT 2014
depth=1 C = US, ST = New Jersey, L = Glassboro, O = Terracrypt, CN = terracrypt.net, emailAddress = jonathan@terracrypt.net
verify return:1
depth=0 C = US, ST = New Jersey, O = Terracrypt, OU = XMPP Server, CN = terracrypt.net, emailAddress = jonathan@terracrypt.net
verify return:1
2014-07-13 12:05:34 CONNECTED(00000003)
2014-07-13 12:05:34 ---
2014-07-13 12:05:34 Certificate chain
2014-07-13 12:05:34 0 s:/C=US/ST=New Jersey/O=Terracrypt/OU=XMPP Server/CN=terracrypt.net/emailAddress=jonathan@terracrypt.net
2014-07-13 12:05:34 i:/C=US/ST=New Jersey/L=Glassboro/O=Terracrypt/CN=terracrypt.net/emailAddress=jonathan@terracrypt.net
2014-07-13 12:05:34 ---
2014-07-13 12:05:34 Server certificate
...
This process is near-instant on my laptop (Arch Linux) and from Sailfish to TJC on port 443. I'm honestly not really sure where to begin with debugging this - the debug logs for my XMPP server don't seem to say anything until a minute later when the SSL handshake completes.
For completeness, the certificate being used is a cert signed by my internal CA, whose certificate I've added to the Sailfish certs folder (and subsequently ran multi_c_rehash).