On Thu, Aug 27, 2015 at 05:21:25PM +0000, Viktor Dukhovni wrote: > So the OP appears to have a system that does not tolerate large
> client HELLO messages. There may be some "middle-box" (firewall
> or similar) that is doing protocol inspection and choking on large
> client HELLOs.
Well, it can be verified with tcpdump or some other network sniffer.
If this guess is true, then running sniffers both on client and
server side we observe tcp rentransmissions of ClientHello packet
on client host and nothing on the server host.
As you mentioned, Path MTU might be also checked. I tried to run
traceroute to tcp port 25 of mail.ringways.co.uk (88.211.105.31)
with packets of different size. There is no difference for forward
reachability of this host, so Path MTU seems to be ruled out.
--
Eugene Berdnikov