if Virgin Media was blanket blocking port 443 then web browsing would be broken for many sites, and no-one would be doing online banking so clearly this is incorrect info or only affecting Netflix e.g. a problem with the CDN

In reply to a post by MrSaffron:

if Virgin Media was blanket blocking port 443 then web browsing would be broken for many sites, and no-one would be doing online banking so clearly this is incorrect info or only affecting Netflix e.g. a problem with the CDN

Reminds me of the 1999 to 2002 era with NTL cable where they "played" with proxy caches. Often if the proxy went down all web (80 and 443) would fail, even though 443 couldn't be cached.

For capacity reasons the VM domestic network will be regional, and it could be a fault in a regional centre.

In reply to a post by MrSaffron:

if Virgin Media was blanket blocking port 443 then web browsing would be broken for many sites, and no-one would be doing online banking so clearly this is incorrect info or only affecting Netflix e.g. a problem with the CDN

Exactly what I was thinking - 443 is SSL full stop.

In reply to a post by 23Prince:

Exactly what I was thinking - 443 is SSL full stop.

Er, to be accurate, 443 is secure HTTP (https). SSL is obsolete and insecure, replaced by TLS, and hopefully 1.1 or better version 1.2. You can easily use TLS on any other protocol, such as POP or IMAP as well.

In reply to a post by jchamier:

In reply to a post by 23Prince:

Exactly what I was thinking - 443 is SSL full stop.

Er, to be accurate, 443 is secure HTTP (https). SSL is obsolete and insecure, replaced by TLS, and hopefully 1.1 or better version 1.2. You can easily use TLS on any other protocol, such as POP or IMAP as well.

right okay well - same thing to me.

In reply to a post by 23Prince:

In reply to a post by jchamier:

In reply to a post by 23Prince:

Exactly what I was thinking - 443 is SSL full stop.

Er, to be accurate, 443 is secure HTTP (https). SSL is obsolete and insecure, replaced by TLS, and hopefully 1.1 or better version 1.2. You can easily use TLS on any other protocol, such as POP or IMAP as well.

right okay well - same thing to me.

SSL is deprecated. There's a large difference between SSLv2 and TLSv1.2. From a security perspective SSL versions should not be used. We regard the use of SSLv2/v3 a High Risk finding for client work, which is the same risk ranking we give transmission of usernames and passwords over HTTP (ie no encryption) or management of a network device over TELNET (again no encryption). In effect we are saying use of these legacy protocols is akin to not encrypting what-so-ever and often times worse since it can give a false sense of security and lure a user into entering a password / username they would not enter on an unencrypted form.

Edited by ukhardy07 (Sat 17-Mar-18 17:05:49)

yup.. ok

It didn't seem like all packets over 443 were being blocked, just the encrypted ones, and the ones which I thought were directly trying to display content from Netflix' local servers at Virgin Media's locations all over London. For example ipv4-c016-rom001-ix....... and occ-0-784-778.1.nflxs....... Here's a screenshot

Netflix said they have had issues with the SuperHub 3.0 in particular but I think it's up to me now to chase Virgin Media for a resolution as they don't know what to do it seems.

"It didn't seem like all packets over 443 were being blocked, just the encrypted ones"

If that was the case then online banking would not work, since it relies on HTTPS transport over 443 as well as many other things.

If somehow they are blocking encrypted 443 packets for just one service, that might suggest some interception and certificate checking. Or a certificate is invalid, i.e. out of date

The certificates (or at least one of them!) seems to check out

And if it was a problem then wouldn't all users be having the same issue? :/

Still haven't had time to call VM and find out what's going on, a week ago they promised it will work today. Alas it hasn't been resolved, obviously.