From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: OpenSSL-1.1.1a - No TLSv1.3 with unbound
Date: Thu, 07 Mar 2019 10:05:50 +0100 [thread overview]
Message-ID: <527b00804a34cc97d4e3dc6dceb3a1d93e66b206.camel@ipfire.org> (raw)
In-Reply-To: <0161201C-AAF8-49B7-9764-F531DE3C17C0@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 3918 bytes --]
Hi Michael,
On Do, 2019-03-07 at 08:54 +0000, Michael Tremer wrote:
> Hi,
>
> Wait, so does that mean that unbound works with TLS 1.3 but kdig
> doesn’t?
Yes it strangely looks like. What it makes even more strange that on
the other machine TLSv1.3 is also detected from kdig. But may you
remember, some curves on the same servers where differently displayed
on both machines. tshark shows the same for cloudflare and other not
TLSv1.3 ready servers are also shown correct with TLSv1.2.
But which one can now be trust ? Possibly tshark is a little more
trustworthy IMHO. Am building currently the new knot-2.8.0 version to
check if things are changing there.
Best,
Erik
>
> -Michael
>
> > On 7 Mar 2019, at 04:16, ummeegge <ummeegge(a)ipfire.org> wrote:
> >
> > Hi,
> > have captured now the traffic with tshark and it seems that unbound
> > do
> > uses TLSv1.3 but kdig seems to be the problem which did not reflect
> > this. Shortend output:
> >
> > 5 0.017092078 192.168.25.13 → 9.9.9.9 TLSv1 405 Client Hello
> > 9 0.030988995 9.9.9.9 → 192.168.25.13 TLSv1.3 1506 Server
> > Hello, Change Cipher Spec, Application Data
> > 10 0.031152498 9.9.9.9 → 192.168.25.13 TLSv1.3 1506
> > Application Data [TCP segment of a reassembled PDU]
> > 11 0.031305390 9.9.9.9 → 192.168.25.13 TLSv1.3 195
> > Application Data, Application Data
> > 12 0.032631746 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853
> > [ACK] Seq=340 Ack=1441 Win=32256 Len=0 TSval=1081350533
> > TSecr=3653489529
> > 13 0.032703370 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853
> > [ACK] Seq=340 Ack=2881 Win=35328 Len=0 TSval=1081350533
> > TSecr=3653489529
> > 14 0.032834733 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853
> > [ACK] Seq=340 Ack=3010 Win=37888 Len=0 TSval=1081350534
> > TSecr=3653489529
> > 16 0.048498506 192.168.25.13 → 9.9.9.9 TLSv1.3 146 Change
> > Cipher Spec, Application Data
> > 26 0.061705575 9.9.9.9 → 192.168.25.13 TLSv1.3 145
> > Application Data
> > 27 0.061814933 9.9.9.9 → 192.168.25.13 TLSv1.3 145
> > Application Data
> > 28 0.062346891 192.168.25.13 → 9.9.9.9 TLSv1.3 135
> > Application Data
> > 31 0.093868737 9.9.9.9 → 192.168.25.13 TLSv1.3 1374
> > Application Data
> > 32 0.094863556 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853
> > [ACK] Seq=489 Ack=4476 Win=40960 Len=0 TSval=1081350596
> > TSecr=3653489561
> > 34 0.095815051 192.168.25.13 → 9.9.9.9 TLSv1.3 90
> > Application Data
> > 35 0.095889061 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853
> > [FIN, ACK] Seq=513 Ack=4476 Win=40960 Len=0 TSval=1081350597
> > TSecr=3653489561
> > 39 0.106144908 192.168.25.13 → 9.9.9.9 TCP 74 49712 → 853
> > [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=1081350607
> > TSecr=0 WS=512
> > 42 0.108875164 9.9.9.9 → 192.168.25.13 TLSv1.3 90
> > Application Data
> > 43 0.109334250 9.9.9.9 → 192.168.25.13 TCP 66 853 → 49708
> > [FIN, ACK] Seq=4500 Ack=514 Win=30208 Len=0 TSval=3653489608
> > TSecr=1081350596
> > 44 0.109656164 192.168.25.13 → 9.9.9.9 TCP 54 49708 → 853
> > [RST] Seq=514 Win=0 Len=0
> > 45 0.109961291 192.168.25.13 → 9.9.9.9 TCP 54 49708 → 853
> > [RST] Seq=514 Win=0 Len=0
> > 49 0.118048710 9.9.9.9 → 192.168.25.13 TCP 74 853 → 49712
> > [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1452 SACK_PERM=1
> > TSval=3653489618 TSecr=1081350607 WS=256
> > 50 0.119914237 192.168.25.13 → 9.9.9.9 TCP 66 49712 → 853
> > [ACK] Seq=1 Ack=1 Win=29696 Len=0 TSval=1081350620 TSecr=3653489618
> > 51 0.120180988 192.168.25.13 → 9.9.9.9 TLSv1 405 Client
> > Hello
> >
> > so forget about this subject but thanks for sharing your opinions.
> >
> > Will go for a checkout if i can find something in knot section...
> >
> >
> > Best,
> >
> > Erik
> >
>
>
next prev parent reply other threads:[~2019-03-07 9:05 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-10 14:15 ummeegge
2019-02-13 18:05 ` Michael Tremer
2019-02-13 19:40 ` Peter Müller
2019-02-14 7:24 ` ummeegge
2019-02-14 11:11 ` Michael Tremer
2019-02-14 11:31 ` ummeegge
2019-03-07 4:16 ` ummeegge
2019-03-07 8:54 ` Michael Tremer
2019-03-07 9:05 ` ummeegge [this message]
2019-05-24 5:50 ` ummeegge
2019-02-14 6:57 ` ummeegge
2019-02-14 11:08 ` Michael Tremer
2019-02-14 11:28 ` ummeegge
2019-02-14 11:31 ` Michael Tremer
2019-02-14 14:18 ` ummeegge
2019-02-14 15:01 ` Michael Tremer
2019-02-14 15:18 ` ummeegge
2019-02-15 14:17 ` ummeegge
2019-03-05 17:17 ` ummeegge
2019-03-05 17:23 ` Michael Tremer
[not found] <5DEFDAC6-908C-43EB-BC66-A7BD5835626A@ipfire.org>
2019-03-05 17:56 ` ummeegge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=527b00804a34cc97d4e3dc6dceb3a1d93e66b206.camel@ipfire.org \
--to=ummeegge@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox