HipChat times out on Linux (but not Windows)

0

On my office's network, using Linux on my laptop, I cannot log into or use HipChat. When I try to go to https://www.hipchat.com/sign_in in Chrome, I get an ERR_EMPTY_RESPONSE (no data received). The same happens when using their app.

The weird thing is that if I reboot my Laptop into Windows, then everything works, HipChat's website, their app, it loads fine. But in Linux, it does not and it just times out.

Me and the IT guy at the office tried to figure this out and we have no idea what the issue is. Tried connecting to a different access point, using ethernet instead of wifi, tried changing DNS, tried rebooting, clearing cookies, disabling extensions, using a VPN/proxy, nothing made HipChat load in Linux.

Oh, and if you want more weirdness, at home HipChat works perfectly in Linux. WTF is going on? Why does one website time out for me in Linux in my office when that same website works in Windows in my office and in Linux at home?!

Does anyone have any ideas about what could be wrong or what I can do to debug/troubleshoot this issue?

Part of me wants to say it's a TLS/SSL issue in Linux - but then why does it work at my house? My roommate suggested it was a DNS issue - but the office is using Google DNS and changing to other DNS providers didn't fix it.

Could it be that the TLS is timing out or something? Is there a way to diagnose this? If that is the issue, can it be changed?

P.S. HipChat works on my Android phone in the office. Oh, and also works if I tether my laptop to my phone's LTE.

P.P.S. My current workaround is to use HipChat (via XMPP) inside finch via SSH to my server at home...

P.P.P.S. Some other sites seem to be having issues at my office in Linux, too. Again, in Windows in the office and at home in Linux, everything works.

Rocket Hazmat

Posted 2017-05-15T15:48:58.027

Reputation: 230

So, one theory I have is that Linux doesn't like the slow upload speed. Speedtest is showing (at least) 60 Mbps down, but only like 0.5 Mbps up (this should be way higher, not sure why it's not). – Rocket Hazmat – 2017-06-06T17:29:28.067

ill get the stupid question out of the way but just in case, does your company host its own hipchat server? were sure we have the certificates on our linux machine? and the laptop is whitelisted for the internal net? just wanna get that out of the way. – Nalaurien – 2017-06-08T07:37:37.567

@Nalaurien We have a companyName.hipchat.com domain, so I assume that means it's not hosted by us. My laptop, in Windows, can access everything fine, so I should be ok there too. – Rocket Hazmat – 2017-06-08T18:37:23.607

Answers

1

I'd say this is a browser versions issue. As a first step I'd compare your browser's versions. Check what version do you have where it works, which one doesn't work (under the same OS) and check what have changed between the two in the CHANGELOG.

That said, I have 2 theories:

  • One theory is that TLS restrictions are being hardened from some time ago in terms of browsers, and newer versions could be rejecting weak encryption certificates. This seems unlikely though, as Hipchat uses SHA-256 which is a strong encryption.
  • Another theory (and which I personally would bet) is that the Hipchat web server is rejecting some cipher-suites that you're offering. I have already seen the behavior you describe and it was a cipher-suite problem. In short, when you negotiate a TLS session, you tell the server which cipher-suites you (your browser) can handle. Then the server replies you and tells you which one they chose. If you offer a number of cipher-suites, and server is told to not use any of them (in other words, (your offered cipher-suites) intersection (webserver's accepted cipher-suites) = empty set), the TLS session cannot be established and you get a ERR_EMPTY_RESPONSE error. That's why I told you to check your browser versions, because maybe you're offering some very old cipher-suites that the Hipchat webservers could be rejecting (an "extreme" example would be that you're offering just SSLv2 and SSLv3, which most webservers specifically reject after Drown and Poodle vulnerabilities).

nKn

Posted 2017-05-15T15:48:58.027

Reputation: 4 960

I'm using Chromium 59 in Linux and Chome 59 in Windows. The weirdness is that in Windows, things works but not in Linux. I also use their app, which I think is Electron, in both OSes and it works in Windows but not Linux. – Rocket Hazmat – 2017-06-08T18:39:12.893

Is there any difference between your linux browser versions at home and at work? – nKn – 2017-06-08T19:49:00.523

I'm using the same laptop, that's why this is so weird. – Rocket Hazmat – 2017-06-09T04:18:42.043

Asked: 2017-05-15T15:48:58.027

Viewed: 228 times

Active: 2017-06-08T11:36:31.070