My questions are at the bottom of this post, but first the I'll try to explain the situation.
I am troubleshooting an issue for a user that I have isolated to encryption negotiation.
When attempting to load a website, the site intermittently hangs during initial load for approximately 30 seconds.
I ran wireshark while accessing the website.
During attempts that failed, each of the "Client Hello" messages during the encryption handshake were using SSL. The client send a few tcp keep-alive messages. Then traffic halts for approximately 30 seconds. Then, the client reattempts encryption handshake using SSLv2 "Client Hello" and the server responds with SSLv3 "Server Hello" as expected.
During attempts that behave normally / do no fail, the initial encryption handshake appears to be handled using TLSv1.0.
And now for the questions...
What is involved in SSL / HTTPS negotiation?
How does a signed certificate get verified? (i.e. a certificate from thawte)
How do CA bundles / certificate authorities come in to play?
If a web server that is using a https / ssl cert is installed and TCP port 443 is allowed between the web server and the end user, are there ANY other ports that would need to be open? (i.e. for certificate authorities, certificate verification, etc)
Based on the symptoms / troubleshooting that I described, can any other suggestions or conclusions be made?