I’m having problems getting to the signin page of aws in Ubuntu 20.04 with latest updates. As I suspect this to be a network problem, I’ve tried accessing with
openssl. Sometimes (randomly) following commands doesn’t fail and I get successful responses, but most of the time I’m getting following responses:
~ curl -vvv https://signin.aws.amazon.com * Trying 184.108.40.206:443... * TCP_NODELAY set * Connected to signin.aws.amazon.com (220.127.116.11) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to signin.aws.amazon.com:443 * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to signin.aws.amazon.com:443
openssl s_client -connect signin.aws.amazon.com:443 CONNECTED(00000003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 313 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
signing.aws.amazon.comresolves to different ip addresses and I’ve checked I’m getting both successful and error responses from same ip addresses.
- When I get a successful response, usually next few calls are also successful if I keep trying.
- If I connect to a VPN, these calls never fail
- I have two ubuntu machines at home both of the have the same problem. I’ve installed
curlto a windows machine and it never had the problem.
- Successful sessions are using TLSv1.2 as expected
- I have a very stable 100 Mbit connection with very low ping times and this problem doesn’t happen with any other domain
- Both commands fail after 23 seconds. However when they’re successful, it takes ~400ms.
- I tried to replace my router, but got the same results.
- My ISP changed my IP address, but that didn’t help. As the calls are sometimes working I don’t think it’s a black-listing problem.
- I cannot connect to site with browsers or other cli tools neither.
What else can I try to find the cause of this issue?