From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: OpenSSL-1.1.1a - No TLSv1.3 with unbound
Date: Thu, 07 Mar 2019 08:54:02 +0000 [thread overview]
Message-ID: <0161201C-AAF8-49B7-9764-F531DE3C17C0@ipfire.org> (raw)
In-Reply-To: <1fe0478023695abdc41921bb1a8f13f0a517f9f2.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 3152 bytes --]
Hi,
Wait, so does that mean that unbound works with TLS 1.3 but kdig doesn’t?
-Michael
> On 7 Mar 2019, at 04:16, ummeegge <ummeegge(a)ipfire.org> wrote:
>
> Hi,
> have captured now the traffic with tshark and it seems that unbound do
> uses TLSv1.3 but kdig seems to be the problem which did not reflect
> this. Shortend output:
>
> 5 0.017092078 192.168.25.13 → 9.9.9.9 TLSv1 405 Client Hello
> 9 0.030988995 9.9.9.9 → 192.168.25.13 TLSv1.3 1506 Server Hello, Change Cipher Spec, Application Data
> 10 0.031152498 9.9.9.9 → 192.168.25.13 TLSv1.3 1506 Application Data [TCP segment of a reassembled PDU]
> 11 0.031305390 9.9.9.9 → 192.168.25.13 TLSv1.3 195 Application Data, Application Data
> 12 0.032631746 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [ACK] Seq=340 Ack=1441 Win=32256 Len=0 TSval=1081350533 TSecr=3653489529
> 13 0.032703370 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [ACK] Seq=340 Ack=2881 Win=35328 Len=0 TSval=1081350533 TSecr=3653489529
> 14 0.032834733 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [ACK] Seq=340 Ack=3010 Win=37888 Len=0 TSval=1081350534 TSecr=3653489529
> 16 0.048498506 192.168.25.13 → 9.9.9.9 TLSv1.3 146 Change Cipher Spec, Application Data
> 26 0.061705575 9.9.9.9 → 192.168.25.13 TLSv1.3 145 Application Data
> 27 0.061814933 9.9.9.9 → 192.168.25.13 TLSv1.3 145 Application Data
> 28 0.062346891 192.168.25.13 → 9.9.9.9 TLSv1.3 135 Application Data
> 31 0.093868737 9.9.9.9 → 192.168.25.13 TLSv1.3 1374 Application Data
> 32 0.094863556 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [ACK] Seq=489 Ack=4476 Win=40960 Len=0 TSval=1081350596 TSecr=3653489561
> 34 0.095815051 192.168.25.13 → 9.9.9.9 TLSv1.3 90 Application Data
> 35 0.095889061 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [FIN, ACK] Seq=513 Ack=4476 Win=40960 Len=0 TSval=1081350597 TSecr=3653489561
> 39 0.106144908 192.168.25.13 → 9.9.9.9 TCP 74 49712 → 853 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=1081350607 TSecr=0 WS=512
> 42 0.108875164 9.9.9.9 → 192.168.25.13 TLSv1.3 90 Application Data
> 43 0.109334250 9.9.9.9 → 192.168.25.13 TCP 66 853 → 49708 [FIN, ACK] Seq=4500 Ack=514 Win=30208 Len=0 TSval=3653489608 TSecr=1081350596
> 44 0.109656164 192.168.25.13 → 9.9.9.9 TCP 54 49708 → 853 [RST] Seq=514 Win=0 Len=0
> 45 0.109961291 192.168.25.13 → 9.9.9.9 TCP 54 49708 → 853 [RST] Seq=514 Win=0 Len=0
> 49 0.118048710 9.9.9.9 → 192.168.25.13 TCP 74 853 → 49712 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1452 SACK_PERM=1 TSval=3653489618 TSecr=1081350607 WS=256
> 50 0.119914237 192.168.25.13 → 9.9.9.9 TCP 66 49712 → 853 [ACK] Seq=1 Ack=1 Win=29696 Len=0 TSval=1081350620 TSecr=3653489618
> 51 0.120180988 192.168.25.13 → 9.9.9.9 TLSv1 405 Client Hello
>
> so forget about this subject but thanks for sharing your opinions.
>
> Will go for a checkout if i can find something in knot section...
>
>
> Best,
>
> Erik
>
next prev parent reply other threads:[~2019-03-07 8:54 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-10 14:15 ummeegge
2019-02-13 18:05 ` Michael Tremer
2019-02-13 19:40 ` Peter Müller
2019-02-14 7:24 ` ummeegge
2019-02-14 11:11 ` Michael Tremer
2019-02-14 11:31 ` ummeegge
2019-03-07 4:16 ` ummeegge
2019-03-07 8:54 ` Michael Tremer [this message]
2019-03-07 9:05 ` ummeegge
2019-05-24 5:50 ` ummeegge
2019-02-14 6:57 ` ummeegge
2019-02-14 11:08 ` Michael Tremer
2019-02-14 11:28 ` ummeegge
2019-02-14 11:31 ` Michael Tremer
2019-02-14 14:18 ` ummeegge
2019-02-14 15:01 ` Michael Tremer
2019-02-14 15:18 ` ummeegge
2019-02-15 14:17 ` ummeegge
2019-03-05 17:17 ` ummeegge
2019-03-05 17:23 ` Michael Tremer
[not found] <5DEFDAC6-908C-43EB-BC66-A7BD5835626A@ipfire.org>
2019-03-05 17:56 ` ummeegge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0161201C-AAF8-49B7-9764-F531DE3C17C0@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox