From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: OpenSSL-1.1.1a - No TLSv1.3 with unbound Date: Thu, 07 Mar 2019 08:54:02 +0000 Message-ID: <0161201C-AAF8-49B7-9764-F531DE3C17C0@ipfire.org> In-Reply-To: <1fe0478023695abdc41921bb1a8f13f0a517f9f2.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7809133023847364794==" List-Id: --===============7809133023847364794== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, Wait, so does that mean that unbound works with TLS 1.3 but kdig doesn=E2=80= =99t? -Michael > On 7 Mar 2019, at 04:16, ummeegge wrote: >=20 > Hi, > have captured now the traffic with tshark and it seems that unbound do > uses TLSv1.3 but kdig seems to be the problem which did not reflect > this. Shortend output: >=20 > 5 0.017092078 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1 405 Client Hello > 9 0.030988995 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 1506 Server = Hello, Change Cipher Spec, Application Data > 10 0.031152498 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 1506 Applica= tion Data [TCP segment of a reassembled PDU] > 11 0.031305390 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 195 Applicat= ion Data, Application Data > 12 0.032631746 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [ACK] Seq=3D340 Ack=3D1441 Win=3D32256 Len=3D0 TSval=3D1081350533 TSe= cr=3D3653489529 > 13 0.032703370 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [ACK] Seq=3D340 Ack=3D2881 Win=3D35328 Len=3D0 TSval=3D1081350533 TSe= cr=3D3653489529 > 14 0.032834733 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [ACK] Seq=3D340 Ack=3D3010 Win=3D37888 Len=3D0 TSval=3D1081350534 TSe= cr=3D3653489529 > 16 0.048498506 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1.3 146 Change C= ipher Spec, Application Data > 26 0.061705575 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 145 Applicat= ion Data > 27 0.061814933 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 145 Applicat= ion Data > 28 0.062346891 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1.3 135 Applicat= ion Data > 31 0.093868737 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 1374 Applica= tion Data > 32 0.094863556 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [ACK] Seq=3D489 Ack=3D4476 Win=3D40960 Len=3D0 TSval=3D1081350596 TSe= cr=3D3653489561 > 34 0.095815051 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1.3 90 Applicati= on Data > 35 0.095889061 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [FIN, ACK] Seq=3D513 Ack=3D4476 Win=3D40960 Len=3D0 TSval=3D108135059= 7 TSecr=3D3653489561 > 39 0.106144908 192.168.25.13 =E2=86=92 9.9.9.9 TCP 74 49712 =E2=86= =92 853 [SYN] Seq=3D0 Win=3D29200 Len=3D0 MSS=3D1460 SACK_PERM=3D1 TSval=3D10= 81350607 TSecr=3D0 WS=3D512 > 42 0.108875164 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 90 Applicati= on Data > 43 0.109334250 9.9.9.9 =E2=86=92 192.168.25.13 TCP 66 853 =E2=86=92= 49708 [FIN, ACK] Seq=3D4500 Ack=3D514 Win=3D30208 Len=3D0 TSval=3D3653489608= TSecr=3D1081350596 > 44 0.109656164 192.168.25.13 =E2=86=92 9.9.9.9 TCP 54 49708 =E2=86= =92 853 [RST] Seq=3D514 Win=3D0 Len=3D0 > 45 0.109961291 192.168.25.13 =E2=86=92 9.9.9.9 TCP 54 49708 =E2=86= =92 853 [RST] Seq=3D514 Win=3D0 Len=3D0 > 49 0.118048710 9.9.9.9 =E2=86=92 192.168.25.13 TCP 74 853 =E2=86=92= 49712 [SYN, ACK] Seq=3D0 Ack=3D1 Win=3D28960 Len=3D0 MSS=3D1452 SACK_PERM=3D= 1 TSval=3D3653489618 TSecr=3D1081350607 WS=3D256 > 50 0.119914237 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49712 =E2=86= =92 853 [ACK] Seq=3D1 Ack=3D1 Win=3D29696 Len=3D0 TSval=3D1081350620 TSecr=3D= 3653489618 > 51 0.120180988 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1 405 Client Hel= lo >=20 > so forget about this subject but thanks for sharing your opinions. >=20 > Will go for a checkout if i can find something in knot section... >=20 >=20 > Best, >=20 > Erik >=20 --===============7809133023847364794==--