From mboxrd@z Thu Jan  1 00:00:00 1970
From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: OpenSSL-1.1.1a - No TLSv1.3 with unbound
Date: Fri, 24 May 2019 07:50:55 +0200
Message-ID: <8370459a3e40e8d9f1d7cb2b072243753b0483fe.camel@ipfire.org>
In-Reply-To: <527b00804a34cc97d4e3dc6dceb3a1d93e66b206.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1575106896579442143=="
List-Id: <development.lists.ipfire.org>

--===============1575106896579442143==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Just wanted to report that since the update to Core 131 kdig shows
meanwhile also TLSv1.3 correctly.

Best,

Erik


On Do, 2019-03-07 at 10:05 +0100, ummeegge wrote:
> Hi Michael,
> 
> On Do, 2019-03-07 at 08:54 +0000, Michael Tremer wrote:
> > Hi,
> > 
> > Wait, so does that mean that unbound works with TLS 1.3 but kdig
> > doesn’t?
> 
> Yes it strangely looks like. What it makes even more strange that on
> the other machine TLSv1.3 is also detected from kdig. But may you
> remember, some curves on the same servers where differently displayed
> on both machines. tshark shows the same for cloudflare and other not
> TLSv1.3 ready servers are also shown correct with TLSv1.2.
> 
> But which one can now be trust ? Possibly tshark is a little more
> trustworthy IMHO. Am building currently the new knot-2.8.0 version to
> check if things are changing there.
> 
> Best,
> 
> Erik
> 
> > 
> > -Michael
> > 
> > > On 7 Mar 2019, at 04:16, ummeegge <ummeegge(a)ipfire.org> wrote:
> > > 
> > > Hi,
> > > have captured now the traffic with tshark and it seems that
> > > unbound
> > > do
> > > uses TLSv1.3 but kdig seems to be the problem which did not
> > > reflect
> > > this. Shortend output:
> > > 
> > > 5 0.017092078  192.168.25.13 → 9.9.9.9      TLSv1 405 Client
> > > Hello
> > >    9 0.030988995      9.9.9.9 → 192.168.25.13  TLSv1.3 1506
> > > Server
> > > Hello, Change Cipher Spec, Application Data
> > >   10 0.031152498      9.9.9.9 → 192.168.25.13  TLSv1.3 1506
> > > Application Data [TCP segment of a reassembled PDU]
> > >   11 0.031305390      9.9.9.9 → 192.168.25.13  TLSv1.3 195
> > > Application Data, Application Data
> > >   12 0.032631746  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [ACK] Seq=340 Ack=1441 Win=32256 Len=0 TSval=1081350533
> > > TSecr=3653489529
> > >   13 0.032703370  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [ACK] Seq=340 Ack=2881 Win=35328 Len=0 TSval=1081350533
> > > TSecr=3653489529
> > >   14 0.032834733  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [ACK] Seq=340 Ack=3010 Win=37888 Len=0 TSval=1081350534
> > > TSecr=3653489529
> > >   16 0.048498506  192.168.25.13 → 9.9.9.9      TLSv1.3 146 Change
> > > Cipher Spec, Application Data
> > >   26 0.061705575      9.9.9.9 → 192.168.25.13  TLSv1.3 145
> > > Application Data
> > >   27 0.061814933      9.9.9.9 → 192.168.25.13  TLSv1.3 145
> > > Application Data
> > >   28 0.062346891  192.168.25.13 → 9.9.9.9      TLSv1.3 135
> > > Application Data
> > >   31 0.093868737      9.9.9.9 → 192.168.25.13  TLSv1.3 1374
> > > Application Data
> > >   32 0.094863556  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [ACK] Seq=489 Ack=4476 Win=40960 Len=0 TSval=1081350596
> > > TSecr=3653489561
> > >   34 0.095815051  192.168.25.13 → 9.9.9.9      TLSv1.3 90
> > > Application Data
> > >   35 0.095889061  192.168.25.13 → 9.9.9.9      TCP 66 49708 → 853
> > > [FIN, ACK] Seq=513 Ack=4476 Win=40960 Len=0 TSval=1081350597
> > > TSecr=3653489561
> > >   39 0.106144908  192.168.25.13 → 9.9.9.9      TCP 74 49712 → 853
> > > [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=1081350607
> > > TSecr=0 WS=512
> > >   42 0.108875164      9.9.9.9 → 192.168.25.13  TLSv1.3 90
> > > Application Data
> > >   43 0.109334250      9.9.9.9 → 192.168.25.13  TCP 66 853 → 49708
> > > [FIN, ACK] Seq=4500 Ack=514 Win=30208 Len=0 TSval=3653489608
> > > TSecr=1081350596
> > >   44 0.109656164  192.168.25.13 → 9.9.9.9      TCP 54 49708 → 853
> > > [RST] Seq=514 Win=0 Len=0
> > >   45 0.109961291  192.168.25.13 → 9.9.9.9      TCP 54 49708 → 853
> > > [RST] Seq=514 Win=0 Len=0
> > >   49 0.118048710      9.9.9.9 → 192.168.25.13  TCP 74 853 → 49712
> > > [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1452 SACK_PERM=1
> > > TSval=3653489618 TSecr=1081350607 WS=256
> > >   50 0.119914237  192.168.25.13 → 9.9.9.9      TCP 66 49712 → 853
> > > [ACK] Seq=1 Ack=1 Win=29696 Len=0 TSval=1081350620
> > > TSecr=3653489618
> > >   51 0.120180988  192.168.25.13 → 9.9.9.9      TLSv1 405 Client
> > > Hello
> > > 
> > > so forget about this subject but thanks for sharing your
> > > opinions.
> > > 
> > > Will go for a checkout if i can find something in knot section...
> > > 
> > > 
> > > Best,
> > > 
> > > Erik
> > > 
> > 
> > 


--===============1575106896579442143==--