I am facing a weird behaviour while trying to connect to a HTTPS server. I have a PHP SOAP Client which runs throught Apache2 that can not connect to the server:
10:15:19.871149 IP 1.1.1.1.57038 > 2.2.2.2.https: Flags [S], seq 3019730905, win 29200, options [mss 1460,sackOK,TS val 2000430949 ecr 0,nop,wscale 7], length 0
10:15:19.878961 IP 2.2.2.2.https > 1.1.1.1.57038: Flags [S.], seq 1419811359, ack 3019730906, win 14480, options [mss 1460,sackOK,TS val 1379727760 ecr 2000430949,nop,wscale 7], length 0
10:15:19.879180 IP 1.1.1.1.57038 > 2.2.2.2.https: Flags [R], seq 3019730906, win 0, length 0
As you can see, the client is resetting the connection on receiving the SYN-ACK packet from the server.
However, I can connect to the server from that server using both telnet and wget. This is an example od traffic capture for a wget session:
10:14:49.320462 IP 1.1.1.1.56948 > 2.2.2.2.https: Flags [S], seq 2001951126, win 29200, options [mss 1460,sackOK,TS val 2000400398 ecr 0,nop,wscale 7], length 0
10:14:49.329152 IP 2.2.2.2.https > 1.1.1.1.56948: Flags [S.], seq 3563908913, ack 2001951127, win 14480, options [mss 1460,sackOK,TS val 1379697210 ecr 2000400398,nop,wscale 7], length 0
10:14:49.329377 IP 1.1.1.1.56948 > 2.2.2.2.https: Flags [.], ack 1, win 229, options [nop,nop,TS val 2000400407 ecr 1379697210], length 0
10:14:49.331041 IP 1.1.1.1.56948 > 2.2.2.2.https: Flags [P.], seq 1:518, ack 1, win 229, options [nop,nop,TS val 2000400409 ecr 1379697210], length 517
10:14:49.339616 IP 2.2.2.2.https > 1.1.1.1.56948: Flags [.], ack 518, win 122, options [nop,nop,TS val 1379697220 ecr 2000400409], length 0
10:14:49.342199 IP 2.2.2.2.https > 1.1.1.1.56948: Flags [.], seq 1:2897, ack 518, win 122, options [nop,nop,TS val 1379697223 ecr 2000400409], length 2896
../..
I run the destination server (2.2.2.2), not the client one, but I can ask its admin to do some tests. I think they might have a firewall which is blocking the connection. Do you have any hints to solve this issue?
Update
The server is running CENTOS 8.
It has an IPTables firewall but I don't think that would be the problem. I have asked whether there is an upstream firewall.
I can't try the soap client throught php-cli, but I ran this code throught the web server and with php-cli and the first failed but the last worked:
<?php
$wsdl = '';
if ( $fd = fopen('https://myservice.mydomain.com/soap/v2/?wsdl', 'r') ) {
while ( !feof( $fd ) ) {
$wsdl .= fread($fd, 1024);
}
fclose( $fd );
}
echo $wsdl;
I feel it could be a problem with some security module or with web server permissions.
Regards,
@Mircea Vutcovici, I appreciate you taking the time to help me. Eventually, according to what the client told me, it turned out to be a problem related to PHP taking too much time connecting to the server. Increasing the default_socket_timeout value did the trick.
Still, it's weird because the connection was closed just in the 3-way handshake, which lasted just for a few milliseconds. Anyway, there's much as I can do because I'm not the administrator of the machine that was having the problem.
Regards,