I'm having an issue where some sites fail to load, but a refresh fixes them.
These are two links I'm seeing the failure on https://code.jquery.com/jquery-2.1.0.min.js
https://code.jquery.com/jquery-3.1.0.min.js
It also happens on other sites link: https://www.ultimate-guitar.com/
This site can’t be reached code.jquery.com is currently unreachable. Try: Checking the connection Checking the proxy and the firewall ERR_SSL_VERSION_INTERFERENCE
This site can’t be reached code.jquery.com unexpectedly closed the connection. Try: Checking the connection Checking the proxy and the firewall ERR_CONNECTION_CLOSED
Now I've by-passed my network (MX, switches, access points - all Meraki)
Connected my laptop to our ISP using one of our spare static IPs.
Everything seems to work fine.
Those error messages come up pretty fast, almost as if the connection is instantly rejected.
Sometimes the browser will refresh straight away its self and the site works, other times I need to refresh. Then if I keep refreshing I will eventually get one of the messages above.
Has anyone else experienced anything like this? Seems to be something odd on the network, which is resolved when by-pass the Meraki kit. We also run a warm spare MX setup. Not sure if that has anything to do with it.
Not seen that issue as yet (installed a couple of MX100's in a warm spare config yesterday). They are running firmware 13.33 - not signs of firmware update showing or reporting on console either.
To test, try changing your content filter setting from 'Full List' to 'Top Sites'. You'll get less coverage but I'm curious to see if this solves your issue. We ran into a similar issue on a prior firmware.
I'm already set to top sites, even tried whitelisting jquery.com to see if it makes a difference.
Also tried whitelisting my client to see if it made a difference.
So far nothing yet.
It's such a strange issue.
I never knew it happened until a user brought it to my attention yesterday.
14.31 is still marked as Beta firmware - maybe a bug in that release - can you go back to 13.33 firmware and try the same thing?
I might give this a go. See if it resolves it.
I never rolled back the FW, have left it with support to dig in to.
To see if they can solve it.
If they recommend rolling back the firmware I'll give it ago.
It seems to fail on the SSL check, I'm wondering if Meraki's inspection is doing something to break it.
openssl s_client -connect code.jquery.com:443 -verify 1 verify depth is 1 CONNECTED(00000005) write:errno=54 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 318 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated ---
openssl s_client -connect code.jquery.com:443 -verify 1 verify depth is 1 ^[[A CONNECTED(00000005) depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify error:num=20:unable to get local issuer certificate verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify error:num=27:certificate not trusted verify return:1 depth=0 CN = code.jquery.com verify return:1 --- Certificate chain 0 s:/CN=code.jquery.com i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIGMDCCBRigAwIBAgISA5oYpQN6dgTwhVNCwRCVh3frMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA2MTgxNDE4MTlaFw0x ODA5MTYxNDE4MTlaMBoxGDAWBgNVBAMTD2NvZGUuanF1ZXJ5LmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALRxhkfhH/JpjGvo164zJF3JI8fiRJOp Uhc45mst/oDy9/OVm98s2van2H5MGW1erCULSQ/HmqStdhwMOtmL1zhuwG6iYoZn bp/QSAljhiV0LO6cuBBtJME+3kkHrUFwLMh6iSqFkIRbHIquSp4ii242qZ0hhcol o7zYATDMHSUMqiCkq04XmgUugiFRfzljnS87VmcQ5hD30DTIj9efQug22NzrM+Rt oqt4B8/tESb7GcFnHBtkKaGeFj3Cx6CaOqVb12XOJPp4+FaYmhV5i5bZ87sLoMaM xC1gczbgkR6C4db/1njI5PVYHxUi8oyUyMndR3Hr8nJUBtCmBK7TXdsCAwEAAaOC Az4wggM6MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUNAPHfJ95zS5MSdW2cmd/FiNu JW8wHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEE YzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQu b3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQu b3JnLzBBBgNVHREEOjA4gg9jb2RlLmpxdWVyeS5jb22CEmNvbnRlbnQuanF1ZXJ5 LmNvbYIRc3RhdGljLmpxdWVyeS5jb20wgf4GA1UdIASB9jCB8zAIBgZngQwBAgEw geYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNl bmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1h eSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25s eSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3Vu ZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzCCAQQGCisG AQQB1nkCBAIEgfUEgfIA8AB2ANt0r+7LKeyx/so+cW0s5bmquzb3hHGDx12dTze2 H79kAAABZBN5snIAAAQDAEcwRQIhAOS/SdofV9VT6ZTVCLsaEb5Ma6h6jsRv8WaR ESoRM4AsAiBJYoTZdS/z1JLdEU4rYM2mniNC6/fjF2/MPcovLRbBRAB2ACk8UZZU yDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABZBN5soIAAAQDAEcwRQIgUMUF wUYHpiCqOSsioy9blUSKr2ibizs7wzesYQ11rnkCIQDKkEyoua4bjEvOGrmSYatn 84bYu35e7etJZXxN6vpFwTANBgkqhkiG9w0BAQsFAAOCAQEAm2qJ+kRQm6FXZSyZ ugGhilFKRkhgtJJAo6gnOG4zyn2xCIZQPOtMS2gfX8BbSA0fBxi4HDsw9wfoiVh7 iMZ1QLlNq+d/8WtEvh47hJh5pkXqYNJKzAdf4ngL8uJ3nmDuhcKStzkeP3sejYsq np2wIt1MsnAgReyegYSH9/9Yieea1yz3tQd8Oxjp+JLRZtFOtDwpvwxeLb0t1mDl 2oVmDZCNvn3iTnTref1ewyRbRh/7/F3OHvrZbFhO3g13wC+t5v+m19MWUIaBCCBw WVLrrDqYo3IWW4EwG5GzccQ3peW/IcmFmVOZFmy64ai2sPpLkRuGw9qfEuhTDU9C nRmsAA== -----END CERTIFICATE----- subject=/CN=code.jquery.com issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 --- No client certificate CA names sent --- SSL handshake has read 3419 bytes and written 444 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: B44AF44115BB70789F67A5D88EA5CD9D1676D27A14FEB9F37433E716CFD4AEC0 Session-ID-ctx: Master-Key: 0BB2EFEBF7FE5F1127BDC3FC6563A0259352760BE40BE127A2DB7C0F62AD697E49A29F9D641949870953E66D449C82EB TLS session ticket lifetime hint: 43200 (seconds) TLS session ticket: 0000 - 96 11 28 ab 72 c3 f6 0b-b9 3c f6 54 02 cc 7f 86 ..(.r....<.T.... 0010 - 48 30 06 8a ac 1f 9e 7b-6c ae e6 96 be f6 fe f2 H0.....{l....... 0020 - da d8 6a ce 4d c8 0b 2d-ce c6 2e 1a c3 71 fc 7b ..j.M..-.....q.{ 0030 - b0 99 d3 0f fc 07 85 9b-6f 40 0b c2 7c 7a d5 09 ........o@..|z.. 0040 - 84 63 85 c0 92 2f e0 ae-46 7e df 7f d5 e3 84 a3 .c.../..F~...... 0050 - 62 0a 33 ce 9e b8 72 0f-4a 49 11 64 90 73 95 ac b.3...r.JI.d.s.. 0060 - 65 c4 3f 9d 83 10 7f 3b-ec 65 05 ab 8d a6 2d da e.?....;.e....-. 0070 - 06 68 f7 9d 8a bf a7 e6-b5 00 75 8f f3 67 1f 2b .h........u..g.+ 0080 - 6d 7f 12 c1 8c 72 9e 4c-5c e3 9d c0 48 39 f8 3b m....r.L\...H9.; 0090 - 42 8d f7 04 4f f6 70 cd-77 c5 5c 9b f9 f2 e9 48 B...O.p.w.\....H Start Time: 1534863710 Timeout : 300 (sec) Verify return code: 27 (certificate not trusted) --- closed