Hi, Can you check the offered cipher using openssl s_client ? It could be that there is no suggested cipher or changing suggested cipher between ipv4 vs ipv6, (something that can happen with some farms and other load balancing systems) . On Thursday, 11 January 2024 12:18:24 IST Rabin Yasharzadehe wrote:
Nice catch,
IPv4 works, as the moment I remove the address from my interface, I can connect to the site. From what I can see, it does able to complete the TLS handshake, and I can see the certificate. And I see the same behavior from inside a container.
Ping to the address seems to be working, and I don't see any routing issue to the destination.
Issue with telegram service?
-- Rabin
On Wed, 10 Jan 2024 at 07:52, Lior Okman <lior@okman.name> wrote:
Looking at the curl output, it manages to connect using IPv6 and is timing out on the SSL negotiation.
Few things to check:
- Does this work for you with IPv4? - Can you use "openssl s_client" to see if your environment manages to finish the SSL handshake? - Can you try to connect from inside a Docker container that is using a different base distro?
-- Lior
---- On Tue, 09 Jan 2024 13:17:23 +0200 *Rabin Yasharzadehe <rabin@rabin.io <rabin@rabin.io>>* wrote ---
Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ * processing: https://web.telegram.org/ * Trying [2001:67c:4e8:f004::9]:443... * Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443 * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection timeout * Closing connection curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like google.com
Can you please check on your side? and which ISP are you using?
Thanks. Regards
-- Rabin _______________________________________________ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-leave@cs.huji.ac.il