Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ * processing: https://web.telegram.org/ * Trying [2001:67c:4e8:f004::9]:443... * Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443 * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection timeout * Closing connection curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like google.com
Can you please check on your side? and which ISP are you using?
Thanks. Regards
-- Rabin
I tried both: curl --connect-timeout 3 -ipv6 https://web.telegram.org/ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ In both cases, the response was prompt.
I am connected to the Internet via Bezeq (as infrastructure provider) and Partner (as ISP). I got IPv6 from Partner several months ago, and replaced the router due to this.
United we shall win, --- Omer Zak
On Tue, 2024-01-09 at 13:17 +0200, Rabin Yasharzadehe wrote:
Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/
- processing: https://web.telegram.org/
- Trying [2001:67c:4e8:f004::9]:443...
- Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443
- ALPN: offers h2,http/1.1
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- CAfile: /etc/pki/tls/certs/ca-bundle.crt
- CApath: none
- SSL connection timeout
- Closing connection
curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like google.com
Can you please check on your side? and which ISP are you using?
Looking at the curl output, it manages to connect using IPv6 and is timing out on the SSL negotiation.
Few things to check:
- Does this work for you with IPv4?
- Can you use "openssl s_client" to see if your environment manages to finish the SSL handshake?
- Can you try to connect from inside a Docker container that is using a different base distro?
--
Lior
---- On Tue, 09 Jan 2024 13:17:23 +0200 Rabin Yasharzadehe rabin@rabin.io wrote ---
Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq)
and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ * processing: https://web.telegram.org/ * Trying [2001:67c:4e8:f004::9]:443... * Connected to http://web.telegram.org (2001:67c:4e8:f004::9) port 443 * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection timeout * Closing connection curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like http://google.com
Can you please check on your side? and which ISP are you using?
Thanks. Regards
-- Rabin
_______________________________________________
Linux-il mailing list -- mailto:linux-il@cs.huji.ac.il
To unsubscribe send an email to mailto:linux-il-leave@cs.huji.ac.il
Nice catch,
IPv4 works, as the moment I remove the address from my interface, I can connect to the site. From what I can see, it does able to complete the TLS handshake, and I can see the certificate. And I see the same behavior from inside a container.
Ping to the address seems to be working, and I don't see any routing issue to the destination.
Issue with telegram service?
-- Rabin
On Wed, 10 Jan 2024 at 07:52, Lior Okman lior@okman.name wrote:
Looking at the curl output, it manages to connect using IPv6 and is timing out on the SSL negotiation.
Few things to check:
- Does this work for you with IPv4?
- Can you use "openssl s_client" to see if your environment manages to
finish the SSL handshake?
- Can you try to connect from inside a Docker container that is using a
different base distro?
-- Lior
---- On Tue, 09 Jan 2024 13:17:23 +0200 *Rabin Yasharzadehe <rabin@rabin.io rabin@rabin.io>* wrote ---
Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/
- processing: https://web.telegram.org/
- Trying [2001:67c:4e8:f004::9]:443...
- Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443
- ALPN: offers h2,http/1.1
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- CAfile: /etc/pki/tls/certs/ca-bundle.crt
- CApath: none
- SSL connection timeout
- Closing connection
curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like google.com
Can you please check on your side? and which ISP are you using?
Thanks. Regards
-- Rabin _______________________________________________ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-leave@cs.huji.ac.il
Hi,
Can you check the offered cipher using openssl s_client ?
It could be that there is no suggested cipher or changing suggested cipher between ipv4 vs ipv6, (something that can happen with some farms and other load balancing systems) .
On Thursday, 11 January 2024 12:18:24 IST Rabin Yasharzadehe wrote:
Nice catch,
IPv4 works, as the moment I remove the address from my interface, I can connect to the site. From what I can see, it does able to complete the TLS handshake, and I can see the certificate. And I see the same behavior from inside a container.
Ping to the address seems to be working, and I don't see any routing issue to the destination.
Issue with telegram service?
-- Rabin
On Wed, 10 Jan 2024 at 07:52, Lior Okman lior@okman.name wrote:
Looking at the curl output, it manages to connect using IPv6 and is timing out on the SSL negotiation.
Few things to check:
- Does this work for you with IPv4?
- Can you use "openssl s_client" to see if your environment manages to
finish the SSL handshake?
- Can you try to connect from inside a Docker container that is using a
different base distro?
-- Lior
---- On Tue, 09 Jan 2024 13:17:23 +0200 *Rabin Yasharzadehe <rabin@rabin.io rabin@rabin.io>* wrote ---
Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/
- processing: https://web.telegram.org/
- Trying [2001:67c:4e8:f004::9]:443...
- Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443
- ALPN: offers h2,http/1.1
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- CAfile: /etc/pki/tls/certs/ca-bundle.crt
- CApath: none
- SSL connection timeout
- Closing connection
curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like google.com
Can you please check on your side? and which ISP are you using?
Thanks. Regards
-- Rabin _______________________________________________ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-leave@cs.huji.ac.il
-
borissh1983@gmail.com -
Lior Okman -
Omer Zak -
Rabin Yasharzadehe