From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: OpenSSL-1.1.1a - No TLSv1.3 with unbound Date: Thu, 07 Mar 2019 05:16:24 +0100 Message-ID: <1fe0478023695abdc41921bb1a8f13f0a517f9f2.camel@ipfire.org> In-Reply-To: <9b9ca70177dc1ccc3d086bd33221624e087ea868.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2767055475622622963==" List-Id: --===============2767055475622622963== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, have captured now the traffic with tshark and it seems that unbound do uses TLSv1.3 but kdig seems to be the problem which did not reflect this. Shortend output: 5 0.017092078 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1 405 Client Hello 9 0.030988995 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 1506 Server H= ello, Change Cipher Spec, Application Data 10 0.031152498 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 1506 Applicat= ion Data [TCP segment of a reassembled PDU] 11 0.031305390 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 195 Applicati= on Data, Application Data 12 0.032631746 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [ACK] Seq=3D340 Ack=3D1441 Win=3D32256 Len=3D0 TSval=3D1081350533 TSe= cr=3D3653489529 13 0.032703370 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [ACK] Seq=3D340 Ack=3D2881 Win=3D35328 Len=3D0 TSval=3D1081350533 TSe= cr=3D3653489529 14 0.032834733 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [ACK] Seq=3D340 Ack=3D3010 Win=3D37888 Len=3D0 TSval=3D1081350534 TSe= cr=3D3653489529 16 0.048498506 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1.3 146 Change Ci= pher Spec, Application Data 26 0.061705575 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 145 Applicati= on Data 27 0.061814933 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 145 Applicati= on Data 28 0.062346891 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1.3 135 Applicati= on Data 31 0.093868737 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 1374 Applicat= ion Data 32 0.094863556 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [ACK] Seq=3D489 Ack=3D4476 Win=3D40960 Len=3D0 TSval=3D1081350596 TSe= cr=3D3653489561 34 0.095815051 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1.3 90 Applicatio= n Data 35 0.095889061 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49708 =E2=86= =92 853 [FIN, ACK] Seq=3D513 Ack=3D4476 Win=3D40960 Len=3D0 TSval=3D108135059= 7 TSecr=3D3653489561 39 0.106144908 192.168.25.13 =E2=86=92 9.9.9.9 TCP 74 49712 =E2=86= =92 853 [SYN] Seq=3D0 Win=3D29200 Len=3D0 MSS=3D1460 SACK_PERM=3D1 TSval=3D10= 81350607 TSecr=3D0 WS=3D512 42 0.108875164 9.9.9.9 =E2=86=92 192.168.25.13 TLSv1.3 90 Applicatio= n Data 43 0.109334250 9.9.9.9 =E2=86=92 192.168.25.13 TCP 66 853 =E2=86=92 = 49708 [FIN, ACK] Seq=3D4500 Ack=3D514 Win=3D30208 Len=3D0 TSval=3D3653489608 = TSecr=3D1081350596 44 0.109656164 192.168.25.13 =E2=86=92 9.9.9.9 TCP 54 49708 =E2=86= =92 853 [RST] Seq=3D514 Win=3D0 Len=3D0 45 0.109961291 192.168.25.13 =E2=86=92 9.9.9.9 TCP 54 49708 =E2=86= =92 853 [RST] Seq=3D514 Win=3D0 Len=3D0 49 0.118048710 9.9.9.9 =E2=86=92 192.168.25.13 TCP 74 853 =E2=86=92 = 49712 [SYN, ACK] Seq=3D0 Ack=3D1 Win=3D28960 Len=3D0 MSS=3D1452 SACK_PERM=3D1= TSval=3D3653489618 TSecr=3D1081350607 WS=3D256 50 0.119914237 192.168.25.13 =E2=86=92 9.9.9.9 TCP 66 49712 =E2=86= =92 853 [ACK] Seq=3D1 Ack=3D1 Win=3D29696 Len=3D0 TSval=3D1081350620 TSecr=3D= 3653489618 51 0.120180988 192.168.25.13 =E2=86=92 9.9.9.9 TLSv1 405 Client Hello so forget about this subject but thanks for sharing your opinions. Will go for a checkout if i can find something in knot section... Best, Erik --===============2767055475622622963==--