Hi,
Can you check the offered cipher using openssl s_client ?
It could be that there is no suggested cipher or changing suggested cipher between ipv4 vs ipv6, (something that can happen with some farms and other load balancing systems) .
On Thursday, 11 January 2024 12:18:24 IST Rabin Yasharzadehe wrote:
Nice catch,
IPv4 works, as the moment I remove the address from my interface, I can connect to the site. From what I can see, it does able to complete the TLS handshake, and I can see the certificate. And I see the same behavior from inside a container.
Ping to the address seems to be working, and I don't see any routing issue to the destination.
Issue with telegram service?
-- Rabin
On Wed, 10 Jan 2024 at 07:52, Lior Okman lior@okman.name wrote:
Looking at the curl output, it manages to connect using IPv6 and is timing out on the SSL negotiation.
Few things to check:
- Does this work for you with IPv4?
- Can you use "openssl s_client" to see if your environment manages to
finish the SSL handshake?
- Can you try to connect from inside a Docker container that is using a
different base distro?
-- Lior
---- On Tue, 09 Jan 2024 13:17:23 +0200 *Rabin Yasharzadehe <rabin@rabin.io rabin@rabin.io>* wrote ---
Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/
- processing: https://web.telegram.org/
- Trying [2001:67c:4e8:f004::9]:443...
- Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443
- ALPN: offers h2,http/1.1
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- CAfile: /etc/pki/tls/certs/ca-bundle.crt
- CApath: none
- SSL connection timeout
- Closing connection
curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like google.com
Can you please check on your side? and which ISP are you using?
Thanks. Regards
-- Rabin _______________________________________________ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-leave@cs.huji.ac.il