Re: OpenSSL-1.1.1a - No TLSv1.3 with unbound

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: OpenSSL-1.1.1a - No TLSv1.3 with unbound
Date: Fri, 24 May 2019 07:50:55 +0200	[thread overview]
Message-ID: <8370459a3e40e8d9f1d7cb2b072243753b0483fe.camel@ipfire.org> (raw)
In-Reply-To: <527b00804a34cc97d4e3dc6dceb3a1d93e66b206.camel@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 4317 bytes --]

Just wanted to report that since the update to Core 131 kdig shows
meanwhile also TLSv1.3 correctly.

Best,

Erik


On Do, 2019-03-07 at 10:05 +0100, ummeegge wrote:
> Hi Michael,
> 
> On Do, 2019-03-07 at 08:54 +0000, Michael Tremer wrote:
> > Hi,
> > 
> > Wait, so does that mean that unbound works with TLS 1.3 but kdig
> > doesn’t?
> 
> Yes it strangely looks like. What it makes even more strange that on
> the other machine TLSv1.3 is also detected from kdig. But may you
> remember, some curves on the same servers where differently displayed
> on both machines. tshark shows the same for cloudflare and other not
> TLSv1.3 ready servers are also shown correct with TLSv1.2.
> 
> But which one can now be trust ? Possibly tshark is a little more
> trustworthy IMHO. Am building currently the new knot-2.8.0 version to
> check if things are changing there.
> 
> Best,
> 
> Erik
> 
> > 
> > -Michael
> > 
> > > On 7 Mar 2019, at 04:16, ummeegge <ummeegge(a)ipfire.org> wrote:
> > > 
> > > Hi,
> > > have captured now the traffic with tshark and it seems that
> > > unbound
> > > do
> > > uses TLSv1.3 but kdig seems to be the problem which did not
> > > reflect
> > > this. Shortend output:
> > > 
> > > 5 0.017092078  192.168.25.13 → 9.9.9.9      TLSv1 405 Client
> > > Hello
> > >    9 0.030988995      9.9.9.9 → 192.168.25.13  TLSv1.3 1506
> > > Server
> > > Hello, Change Cipher Spec, Application Data
> > >   10 0.031152498      9.9.9.9 → 192.168.25.13  TLSv1.3 1506
> > > Application Data [TCP segment of a reassembled PDU]
> > >   11 0.031305390      9.9.9.9 → 192.168.25.13  TLSv1.3 195
> > > Application Data, Application Data
> > >   12 0.032631746  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [ACK] Seq=340 Ack=1441 Win=32256 Len=0 TSval=1081350533
> > > TSecr=3653489529
> > >   13 0.032703370  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [ACK] Seq=340 Ack=2881 Win=35328 Len=0 TSval=1081350533
> > > TSecr=3653489529
> > >   14 0.032834733  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [ACK] Seq=340 Ack=3010 Win=37888 Len=0 TSval=1081350534
> > > TSecr=3653489529
> > >   16 0.048498506  192.168.25.13 → 9.9.9.9      TLSv1.3 146 Change
> > > Cipher Spec, Application Data
> > >   26 0.061705575      9.9.9.9 → 192.168.25.13  TLSv1.3 145
> > > Application Data
> > >   27 0.061814933      9.9.9.9 → 192.168.25.13  TLSv1.3 145
> > > Application Data
> > >   28 0.062346891  192.168.25.13 → 9.9.9.9      TLSv1.3 135
> > > Application Data
> > >   31 0.093868737      9.9.9.9 → 192.168.25.13  TLSv1.3 1374
> > > Application Data
> > >   32 0.094863556  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [ACK] Seq=489 Ack=4476 Win=40960 Len=0 TSval=1081350596
> > > TSecr=3653489561
> > >   34 0.095815051  192.168.25.13 → 9.9.9.9      TLSv1.3 90
> > > Application Data
> > >   35 0.095889061  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [FIN, ACK] Seq=513 Ack=4476 Win=40960 Len=0 TSval=1081350597
> > > TSecr=3653489561
> > >   39 0.106144908  192.168.25.13 → 9.9.9.9      TCP 74 49712 → 853
> > > [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=1081350607
> > > TSecr=0 WS=512
> > >   42 0.108875164      9.9.9.9 → 192.168.25.13  TLSv1.3 90
> > > Application Data
> > >   43 0.109334250      9.9.9.9 → 192.168.25.13  TCP 66 853 → 49708
> > > [FIN, ACK] Seq=4500 Ack=514 Win=30208 Len=0 TSval=3653489608
> > > TSecr=1081350596
> > >   44 0.109656164  192.168.25.13 → 9.9.9.9      TCP 54 49708 → 853
> > > [RST] Seq=514 Win=0 Len=0
> > >   45 0.109961291  192.168.25.13 → 9.9.9.9      TCP 54 49708 → 853
> > > [RST] Seq=514 Win=0 Len=0
> > >   49 0.118048710      9.9.9.9 → 192.168.25.13  TCP 74 853 → 49712
> > > [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1452 SACK_PERM=1
> > > TSval=3653489618 TSecr=1081350607 WS=256
> > >   50 0.119914237  192.168.25.13 → 9.9.9.9      TCP 66 49712 → 853
> > > [ACK] Seq=1 Ack=1 Win=29696 Len=0 TSval=1081350620
> > > TSecr=3653489618
> > >   51 0.120180988  192.168.25.13 → 9.9.9.9      TLSv1 405 Client
> > > Hello
> > > 
> > > so forget about this subject but thanks for sharing your
> > > opinions.
> > > 
> > > Will go for a checkout if i can find something in knot section...
> > > 
> > > 
> > > Best,
> > > 
> > > Erik
> > > 
> > 
> >

next prev parent reply	other threads:[~2019-05-24  5:50 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-10 14:15 ummeegge
2019-02-13 18:05 ` Michael Tremer
2019-02-13 19:40   ` Peter Müller
2019-02-14  7:24     ` ummeegge
2019-02-14 11:11       ` Michael Tremer
2019-02-14 11:31         ` ummeegge
2019-03-07  4:16           ` ummeegge
2019-03-07  8:54             ` Michael Tremer
2019-03-07  9:05               ` ummeegge
2019-05-24  5:50                 ` ummeegge [this message]
2019-02-14  6:57   ` ummeegge
2019-02-14 11:08     ` Michael Tremer
2019-02-14 11:28       ` ummeegge
2019-02-14 11:31         ` Michael Tremer
2019-02-14 14:18           ` ummeegge
2019-02-14 15:01             ` Michael Tremer
2019-02-14 15:18               ` ummeegge
2019-02-15 14:17 ` ummeegge
2019-03-05 17:17 ` ummeegge
2019-03-05 17:23   ` Michael Tremer
     [not found] <5DEFDAC6-908C-43EB-BC66-A7BD5835626A@ipfire.org>
2019-03-05 17:56 ` ummeegge

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8370459a3e40e8d9f1d7cb2b072243753b0483fe.camel@ipfire.org \
    --to=ummeegge@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox