Having an issue with many https sites not loading, but the easiest to replicate seems to be assets off https://yescrowd.optus.com.au/.
The yescrowd site itself works but when using the internet through an optus home wireless router assets from / don't load.
* multiple browsers - reset settings and clear all data
* multiple wireless router devices, ac800s & e5186
* both devices firmware are up too date and factory reset multiple times
* all forms of connection, being usb, ethernet and wifi
* multiple sims/accounts (a family members)
* multiple client devices, including windows 10, linux and android
* multiple internet connections, all work correctly to get assets from the site except when using the optus home wireless product, like iinet, telstra, aws, using a command line curl -vo/dev/null '/html/assets/icomoon.ttf' for standardized testing.
* tried multiple sites and as a result different cell tower id's (went driving) to validate it's not localized to a specific tower (we at least towers in my area hurstville).
* with wireshark I can see the issues due to a failure to negotiate during tls negotiations (tried all versions of tls), with the response packets (which are 1508 bytes) aren't being returned and the client keeps resending the same request packet over and over.
* clamping the clients mtu out the interface, including modifying the mss size on the tcp headers all the way down to 1400 from the typical 1460.
The majority of https sites work, but many don't.
I can't confirm if the problems always been happening as I didn't exactly notice 100% what was going on for awhile.
But I would say it's been happening for the past week at least.
Any thoughts on what could be causing this or what to do next to resolve it ?
Solved! Solved: Go to Solution.
the hostname that was filtered out of my previous message was assets from optus.i.lithium.com fail to load when using https.
Just to let everyone know, if your having this issue contact optus support.
They made a "change" and after a factory reset my service is now working 100% with all https sites.
What was the change they made, I've contacted Optus twice about this error on my new home wireless broadband connection today and they're trying to claim it's a new problem and they have no settings at their end that will help, and it's getting on to 12 months later.
Do you have a 5G Fixed Broadband service?
No, they didn't elaborate as to what was needed to fix the issue. However once the change was implemented it resolved the issue with multiple devices I was had tested with. I was able to reproduce the issue using a repeatable curl command (that worked when using dsl but not 4g) and had investigated extensively before raising the issue with support.
Thanks for confirming.
That's interesting as there is a known issue with 5G but not with 4G that I have heard.
Thanks JohnathanM for returning to let us know, it does sound like you do need to get in contact with Optus technical support. Refer them to this thread if needed.
I have been in contact, and they gave me a bit of a runaround telling me if other websites worked, then it wasn't a problem with the internet (which is obviously rubbish, as JonathanM has clearly documented - great job Johnathan and thanks - and I've confirmed as the same issue here), but then told me they'd escalate to the network team and someone would call me back within 2 hours, and they haven't as of yet (about 5 hours later now). Given JonathanM reported the issue February of last year, it's pretty worrying that the problem is recurring and that the cause and remedy hasn't been made available online, by optus, in forums such as here or whirlpool.
Do you have any suggestions for how I might get through to someone more appropriate than 1st level "turn it off and on" tech support? I'm suspicious but have no proof that the 'call back' offer was just an excuse to get me off the line and resolve his call for some internal QA process.
Happy to help ehybrid.
When I had the issue it took me hours of testing before I was convinced it was an issue upstream of my equipment.
My issue was due to larger 1508 byte packets when negotiation https connections being dropped for some hosts.
In my case, I used this command (it was mashed above) to test and it only failed when running over the optus 4g network:
curl -vo/dev/null '/html/assets/icomoon.ttf'
It's an asset that's included on the yescrowd site that wasn't working when I had my issue.
However can't be sure that's your issue as well however, could be a totally different problem your having. Best of luck.