We see errors ending with “CD–” flags, with some requests ending with HTTP 200. According the the documentation, CD means that client ended the connection unexpectedly at the data phase layer. We collected packet dump from failed requests and we see that the client sends RST on the TCP session. This is usually the flow in the session stream:
TLS Client Hello -> Server Hello, Change Cipher Spec -> Things go on TLS traffic (which are encrypted) -> Client sends few ACKS -> Client Change Cipher Spec -> Few packets on TLS -> ACK from server/client -> Client sends RST, ACK
- We wonder what is the best practices in debugging such errors, if TLS decryption is not possible.
- Is it normal to see many “CD” errors with TLS or at all?