From: "Joe Abley"
No. The problem is that there is a sub-1500-byte MTU interface on a router somewhere between the bank's firewall and the client, and the bank's servers are not being informed of this fact because bank firewalls are dropping the "would fragment" messages.
This issue was discussed a year or two ago on the ADSL mailing list. Users of 3com Home and Alcatel Speed Touch Home ADSL modems require a tunnel (PPPoE and PPTP respectively) from user to modem thus dropping the MTU to below 1500. If the bank is going to block ICMP then they should drop the MTU on the Web Server's Internet interface to something like 1450, this should clamp the Server's TCP MSS to a lower value. Not a perfect solution but .... Having said that, the "I can't get a bank statement" issue currently being discussed on the ADSL list is not the above fault, it is affecting users with full MTU on Jetstart. It is well known that many implementations of HTTPS/SSL do not handle packet loss very well. Telecom use an overdraft in their shaping of Jetstart which causes TCP to start winding up to a full 8megs until the overdraft is hit, suddenly TCP is trying to drive 8Mb/s into a 128k pipe. There are truckloads of packets dropped on the floor before TCP sorts out this magnitude of "congestion", some SSL implementations never sort it out. So it works fine until the user tries a larger download (bank statement), all they get is the evil hourglass. Cheers BG. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog