Just wanted to report that since the update to Core 131 kdig shows meanwhile also TLSv1.3 correctly. Best, Erik On Do, 2019-03-07 at 10:05 +0100, ummeegge wrote: > Hi Michael, > > On Do, 2019-03-07 at 08:54 +0000, Michael Tremer wrote: > > Hi, > > > > Wait, so does that mean that unbound works with TLS 1.3 but kdig > > doesn’t? > > Yes it strangely looks like. What it makes even more strange that on > the other machine TLSv1.3 is also detected from kdig. But may you > remember, some curves on the same servers where differently displayed > on both machines. tshark shows the same for cloudflare and other not > TLSv1.3 ready servers are also shown correct with TLSv1.2. > > But which one can now be trust ? Possibly tshark is a little more > trustworthy IMHO. Am building currently the new knot-2.8.0 version to > check if things are changing there. > > Best, > > Erik > > > > > -Michael > > > > > On 7 Mar 2019, at 04:16, ummeegge wrote: > > > > > > Hi, > > > have captured now the traffic with tshark and it seems that > > > unbound > > > do > > > uses TLSv1.3 but kdig seems to be the problem which did not > > > reflect > > > this. Shortend output: > > > > > > 5 0.017092078 192.168.25.13 → 9.9.9.9 TLSv1 405 Client > > > Hello > > > 9 0.030988995 9.9.9.9 → 192.168.25.13 TLSv1.3 1506 > > > Server > > > Hello, Change Cipher Spec, Application Data > > > 10 0.031152498 9.9.9.9 → 192.168.25.13 TLSv1.3 1506 > > > Application Data [TCP segment of a reassembled PDU] > > > 11 0.031305390 9.9.9.9 → 192.168.25.13 TLSv1.3 195 > > > Application Data, Application Data > > > 12 0.032631746 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 > > > [ACK] Seq=340 Ack=1441 Win=32256 Len=0 TSval=1081350533 > > > TSecr=3653489529 > > > 13 0.032703370 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 > > > [ACK] Seq=340 Ack=2881 Win=35328 Len=0 TSval=1081350533 > > > TSecr=3653489529 > > > 14 0.032834733 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 > > > [ACK] Seq=340 Ack=3010 Win=37888 Len=0 TSval=1081350534 > > > TSecr=3653489529 > > > 16 0.048498506 192.168.25.13 → 9.9.9.9 TLSv1.3 146 Change > > > Cipher Spec, Application Data > > > 26 0.061705575 9.9.9.9 → 192.168.25.13 TLSv1.3 145 > > > Application Data > > > 27 0.061814933 9.9.9.9 → 192.168.25.13 TLSv1.3 145 > > > Application Data > > > 28 0.062346891 192.168.25.13 → 9.9.9.9 TLSv1.3 135 > > > Application Data > > > 31 0.093868737 9.9.9.9 → 192.168.25.13 TLSv1.3 1374 > > > Application Data > > > 32 0.094863556 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 > > > [ACK] Seq=489 Ack=4476 Win=40960 Len=0 TSval=1081350596 > > > TSecr=3653489561 > > > 34 0.095815051 192.168.25.13 → 9.9.9.9 TLSv1.3 90 > > > Application Data > > > 35 0.095889061 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 > > > [FIN, ACK] Seq=513 Ack=4476 Win=40960 Len=0 TSval=1081350597 > > > TSecr=3653489561 > > > 39 0.106144908 192.168.25.13 → 9.9.9.9 TCP 74 49712 → 853 > > > [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=1081350607 > > > TSecr=0 WS=512 > > > 42 0.108875164 9.9.9.9 → 192.168.25.13 TLSv1.3 90 > > > Application Data > > > 43 0.109334250 9.9.9.9 → 192.168.25.13 TCP 66 853 → 49708 > > > [FIN, ACK] Seq=4500 Ack=514 Win=30208 Len=0 TSval=3653489608 > > > TSecr=1081350596 > > > 44 0.109656164 192.168.25.13 → 9.9.9.9 TCP 54 49708 → 853 > > > [RST] Seq=514 Win=0 Len=0 > > > 45 0.109961291 192.168.25.13 → 9.9.9.9 TCP 54 49708 → 853 > > > [RST] Seq=514 Win=0 Len=0 > > > 49 0.118048710 9.9.9.9 → 192.168.25.13 TCP 74 853 → 49712 > > > [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1452 SACK_PERM=1 > > > TSval=3653489618 TSecr=1081350607 WS=256 > > > 50 0.119914237 192.168.25.13 → 9.9.9.9 TCP 66 49712 → 853 > > > [ACK] Seq=1 Ack=1 Win=29696 Len=0 TSval=1081350620 > > > TSecr=3653489618 > > > 51 0.120180988 192.168.25.13 → 9.9.9.9 TLSv1 405 Client > > > Hello > > > > > > so forget about this subject but thanks for sharing your > > > opinions. > > > > > > Will go for a checkout if i can find something in knot section... > > > > > > > > > Best, > > > > > > Erik > > > > > > >