From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: OpenSSL-1.1.1a - No TLSv1.3 with unbound
Date: Tue, 05 Mar 2019 18:17:06 +0100 [thread overview]
Message-ID: <ba63805713edf3a8ed016d3d7d1e53e7e6e8653b.camel@ipfire.org> (raw)
In-Reply-To: <b3397f5fca2e59e602d08a74e306a9c4f4ad8e2a.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 14661 bytes --]
Hi all,
really was hoping that things are changing with the testings of Core
128 and was then happy to see that OpenSSL-1.1.1b addresses a potential
problem/solution -->
https://www.openssl.org/news/changelog.html#x1
but it doesn´t...
Have currently Core 129 with unbound -1.9.0 and OpenSSL-1.1.1b
installed -->
Version 1.9.0
linked libs: libevent 2.1.8-stable (it uses epoll), OpenSSL 1.1.1b 26 Feb 2019
linked modules: dns64 respip validator iterator
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs(a)nlnetlabs.nl
but (only?) unbound uses no TLSv1.3 (curl and Apache does), tested with Quad9 and Cloudflare -->
;; DEBUG: Querying for owner(www.isoc.org.), class(1), type(1), server(9.9.9.9), port(853), protocol(TCP)
;; DEBUG: TLS, imported 135 certificates from '/etc/ssl/certs/ca-bundle.crt'
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, C=US,ST=California,L=Berkeley,O=Quad9,CN=*.quad9.net
;; DEBUG: SHA-256 PIN: /SlsviBkb05Y/8XiKF9+CZsgCtrqPQk5bh47o0R3/Cg=
;; DEBUG: #2, C=US,O=DigiCert Inc,CN=DigiCert ECC Secure Server CA
;; DEBUG: SHA-256 PIN: PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.2)-(ECDHE-ECDSA-SECP256R1)-(CHACHA20-POLY1305)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 10011
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: NOERROR
;; QUESTION SECTION:
;; www.isoc.org. IN A
;; ANSWER SECTION:
www.isoc.org. 300 IN A 46.43.36.222
www.isoc.org. 300 IN RRSIG A 7 3 300 20190319085001 20190305085001 54512 isoc.org. Mapbxw7G2F4QRTgrFg9P2uA2GYz2YnJIQu58t9MRdQJi4MU2EJeWqCRdUpy0kCHVCxDcDln9u+hnlF271IjZG/fTPGhw0A4bgCtHXXqAr/89b83maNRuYw/DVO4JI20z4+7TYY18yQinutvZUvzobmUebXVPWhNsRPLHbb4tOeI=
;; Received 225 B
;; Time 2019-03-05 18:09:18 CET
;; From 9.9.9.9(a)853(TCP) in 142.4 ms
Exit status: 0
========================================================================================================================
;; DEBUG: Querying for owner(www.isoc.org.), class(1), type(1), server(1.1.1.1), port(853), protocol(TCP)
;; DEBUG: TLS, imported 135 certificates from '/etc/ssl/certs/ca-bundle.crt'
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=cloudflare-dns.com
;; DEBUG: SHA-256 PIN: V6zes8hHBVwUECsHf7uV5xGM7dj3uMXIS9//7qC8+jU=
;; DEBUG: #2, C=US,O=DigiCert Inc,CN=DigiCert ECC Secure Server CA
;; DEBUG: SHA-256 PIN: PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.2)-(ECDHE-ECDSA-SECP256R1)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 24241
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 1452 B; ext-rcode: NOERROR
;; PADDING: 239 B
;; QUESTION SECTION:
;; www.isoc.org. IN A
;; ANSWER SECTION:
www.isoc.org. 300 IN A 46.43.36.222
www.isoc.org. 300 IN RRSIG A 7 3 300 20190319085001 20190305085001 54512 isoc.org. Mapbxw7G2F4QRTgrFg9P2uA2GYz2YnJIQu58t9MRdQJi4MU2EJeWqCRdUpy0kCHVCxDcDln9u+hnlF271IjZG/fTPGhw0A4bgCtHXXqAr/89b83maNRuYw/DVO4JI20z4+7TYY18yQinutvZUvzobmUebXVPWhNsRPLHbb4tOeI=
;; Received 468 B
;; Time 2019-03-05 18:09:24 CET
;; From 1.1.1.1(a)853(TCP) in 19.3 ms
Exit status: 0
whereby my "old" machine with unbound -->
Version 1.8.1
linked libs: libevent 2.1.8-stable (it uses epoll), OpenSSL 1.1.1a 20 Nov 2018
linked modules: dns64 respip validator iterator
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs(a)nlnetlabs.nl
uses it -->
;; DEBUG: Querying for owner(www.isoc.org.), class(1), type(1), server(1.1.1.1), port(853), protocol(TCP)
;; DEBUG: TLS, imported 128 certificates from '/etc/ssl/certs/ca-bundle.crt'
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=cloudflare-dns.com
;; DEBUG: SHA-256 PIN: V6zes8hHBVwUECsHf7uV5xGM7dj3uMXIS9//7qC8+jU=
;; DEBUG: #2, C=US,O=DigiCert Inc,CN=DigiCert ECC Secure Server CA
;; DEBUG: SHA-256 PIN: PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.3)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 5997
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 1452 B; ext-rcode: NOERROR
;; PADDING: 239 B
;; QUESTION SECTION:
;; www.isoc.org. IN A
;; ANSWER SECTION:
www.isoc.org. 158 IN A 46.43.36.222
www.isoc.org. 158 IN RRSIG A 7 3 300 20190319085001 20190305085001 54512 isoc.org. Mapbxw7G2F4QRTgrFg9P2uA2GYz2YnJIQu58t9MRdQJi4MU2EJeWqCRdUpy0kCHVCxDcDln9u+hnlF271IjZG/fTPGhw0A4bgCtHXXqAr/89b83maNRuYw/DVO4JI20z4+7TYY18yQinutvZUvzobmUebXVPWhNsRPLHbb4tOeI=
;; Received 468 B
;; Time 2019-03-05 18:11:44 CET
;; From 1.1.1.1(a)853(TCP) in 47.5 ms
Exit status: 0
=======================================================================
;; DEBUG: Querying for owner(www.isoc.org.), class(1), type(1),
server(9.9.9.9), port(853), protocol(TCP)
;; DEBUG: TLS, imported 128 certificates from '/etc/ssl/certs/ca-
bundle.crt'
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, C=US,ST=California,L=Berkeley,O=Quad9,CN=*.quad9.net
;; DEBUG: SHA-256 PIN:
/SlsviBkb05Y/8XiKF9+CZsgCtrqPQk5bh47o0R3/Cg=
;; DEBUG: #2, C=US,O=DigiCert Inc,CN=DigiCert ECC Secure Server CA
;; DEBUG: SHA-256 PIN:
PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.3)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-
(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 13744
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: NOERROR
;; QUESTION SECTION:
;; www.isoc.org. IN A
;; ANSWER SECTION:
www.isoc.org. 300 IN A 46.43.36.222
www.isoc.org. 300 IN RRSIG A 7 3 300
20190319085001 20190305085001 54512 isoc.org.
Mapbxw7G2F4QRTgrFg9P2uA2GYz2YnJIQu58t9MRdQJi4MU2EJeWqCRdUpy0kCHVCxDcDln
9u+hnlF271IjZG/fTPGhw0A4bgCtHXXqAr/89b83maNRuYw/DVO4JI20z4+7TYY18yQinut
vZUvzobmUebXVPWhNsRPLHbb4tOeI=
;; Received 225 B
;; Time 2019-03-05 18:11:44 CET
;; From 9.9.9.9(a)853(TCP) in 286.9 ms
Exit status: 0
Haven´t found until now a reason for this ! May someone else did some
tests/have_an_idea ?
Best,
Erik
On So, 2019-02-10 at 15:15 +0100, ummeegge wrote:
> Hi all,
> did an fresh install from origin/next of Core 128 with the new
> OpenSSL-
> 1.1.1a . Have checked also DNS-over-TLS which works well but kdig
> points out that the TLS sessions operates only with TLSv1.2 instaed
> of
> the new delivered TLSv1.3 .
>
> A test with Cloudflair (which uses TLSv1.3) looks like this -->
>
> kdig Test:
>
>
> ;; DEBUG: Querying for owner(www.isoc.org.), class(1), type(1),
> server(1.1.1.1), port(853), protocol(TCP)
> ;; DEBUG: TLS, imported 135 certificates from '/etc/ssl/certs/ca-
> bundle.crt'
> ;; DEBUG: TLS, received certificate hierarchy:
> ;; DEBUG: #1, C=US,ST=California,L=San Francisco,O=Cloudflare\,
> Inc.,CN=cloudflare-dns.com
> ;; DEBUG: SHA-256 PIN:
> V6zes8hHBVwUECsHf7uV5xGM7dj3uMXIS9//7qC8+jU=
> ;; DEBUG: #2, C=US,O=DigiCert Inc,CN=DigiCert ECC Secure Server CA
> ;; DEBUG: SHA-256 PIN:
> PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=
> ;; DEBUG: TLS, skipping certificate PIN check
> ;; DEBUG: TLS, The certificate is trusted.
> ;; TLS session (TLS1.2)-(ECDHE-ECDSA-SECP256R1)-(AES-256-GCM)
> ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 51175
> ;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL:
> 1
>
> ;; EDNS PSEUDOSECTION:
> ;; Version: 0; flags: do; UDP size: 1452 B; ext-rcode: NOERROR
> ;; PADDING: 239 B
>
> ;; QUESTION SECTION:
> ;; www.isoc.org. IN A
>
> ;; ANSWER SECTION:
> www.isoc.org. 300 IN A 46.43.36.222
> www.isoc.org. 300 IN RRSIG A 7 3 300
> 20190224085001 20190210085001 45830 isoc.org.
> g64C7zJUL1zqUBbcZVDcEKO05EHz19ZHwxr4i8kTieW8XgX63lLZwhJTL1UK0NxOGCPOZ
> SVthWBp9HF9WnFjPsxsfkrxkOoz/Hcl1ZuTpWUTBLfBKqnpPJm2NJ2yoR7hPerUvtl0sH
> JnIOczrHnAlCwZBo8OOw9tlW0va+706ZQ=
>
> ;; Received 468 B
> ;; Time 2019-02-10 12:40:19 CET
> ;; From 1.1.1.1(a)853(TCP) in 18.0 ms
>
>
>
> And a test with s_client:
>
> [root(a)ipfire tmp]# openssl s_client -connect 1.1.1.1:853
> CONNECTED(00000003)
> depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
> DigiCert Global Root CA
> verify return:1
> depth=1 C = US, O = DigiCert Inc, CN = DigiCert ECC Secure Server CA
> verify return:1
> depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare,
> Inc.", CN = cloudflare-dns.com
> verify return:1
> ---
> Certificate chain
> 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare,
> Inc.", CN = cloudflare-dns.com
> i:C = US, O = DigiCert Inc, CN = DigiCert ECC Secure Server CA
> 1 s:C = US, O = DigiCert Inc, CN = DigiCert ECC Secure Server CA
> i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
> Global Root CA
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIFxjCCBUygAwIBAgIQAczjGN6fVn+rKySQH62nHTAKBggqhkjOPQQDAjBMMQsw
> CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSYwJAYDVQQDEx1EaWdp
> Q2VydCBFQ0MgU2VjdXJlIFNlcnZlciBDQTAeFw0xOTAxMjgwMDAwMDBaFw0yMTAy
> MDExMjAwMDBaMHIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYw
> FAYDVQQHEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMu
> MRswGQYDVQQDExJjbG91ZGZsYXJlLWRucy5jb20wWTATBgcqhkjOPQIBBggqhkjO
> PQMBBwNCAATFIHCMIEJQKB59REF8MHkpHGNeHUSbxfdxOive0qKksWw9ash3uMuP
> LlBT/fQYJn9hN+3/wr7pC125fuHfHOJ0o4ID6DCCA+QwHwYDVR0jBBgwFoAUo53m
> H/naOU/AbuiRy5Wl2jHiCp8wHQYDVR0OBBYEFHCV3FyjjmYH28uBEMar58OoRX+g
> MIGsBgNVHREEgaQwgaGCEmNsb3VkZmxhcmUtZG5zLmNvbYIUKi5jbG91ZGZsYXJl
> LWRucy5jb22CD29uZS5vbmUub25lLm9uZYcEAQEBAYcEAQAAAYcEop+ENYcQJgZH
> AEcAAAAAAAAAAAAREYcQJgZHAEcAAAAAAAAAAAAQAYcQJgZHAEcAAAAAAAAAAAAA
> ZIcQJgZHAEcAAAAAAAAAAABkAIcEop8kAYcEop8uATAOBgNVHQ8BAf8EBAMCB4Aw
> HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGkGA1UdHwRiMGAwLqAsoCqG
> KGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLWVjYy1nMS5jcmwwLqAsoCqG
> KGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLWVjYy1nMS5jcmwwTAYDVR0g
> BEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGln
> aWNlcnQuY29tL0NQUzAIBgZngQwBAgIwewYIKwYBBQUHAQEEbzBtMCQGCCsGAQUF
> BzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6
> Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEVDQ1NlY3VyZVNlcnZlckNB
> LmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCk
> uQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWiVHhSLAAAEAwBHMEUC
> IQDlnoPeMXtFkRsy3Vs0eovk3ILKt01x6bgUdMlmQTFIvAIgcAn0lFSjiGzHm2eO
> jDZJzMiP5Uaj0Jwub9GO8RkxkkoAdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDB
> tOr/XqCDDwAAAWiVHhVsAAAEAwBGMEQCIFC0n0JModeol8b/Qicxd5Blf/o7xOs/
> Bk0j9hdc5N7jAiAQocYnHL9iMqTtFkh0vmSsII5NbiakM/2yDEXnwkPRvAB3ALvZ
> 37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABaJUeFJEAAAQDAEgwRgIh
> AL3OPTBzOZpS5rS/uLzqMOiACCFQyY+mTJ+L0I9TcB3RAiEA4+SiPz0/5kFxvrk7
> AKYKdvelgV1hiiPbM2YHY+/0BIkwCgYIKoZIzj0EAwIDaAAwZQIwez76hX2HTMur
> /I3XRuwfdmVoa8J6ZVEVq+AZsE7DyQh7AV4WNLU+092BrPbnyVUFAjEAzUf5jdz1
> pyc74lgOunC7LBE6cPtWbzfGpJiYyT/T+c5eIAwRYziKT0DKbaql7tiZ
> -----END CERTIFICATE-----
> subject=C = US, ST = California, L = San Francisco, O = "Cloudflare,
> Inc.", CN = cloudflare-dns.com
>
> issuer=C = US, O = DigiCert Inc, CN = DigiCert ECC Secure Server CA
>
> ---
> No client certificate CA names sent
> Peer signing digest: SHA256
> Peer signature type: ECDSA
> Server Temp Key: X25519, 253 bits
> ---
> SSL handshake has read 2787 bytes and written 421 bytes
> Verification: OK
> ---
> New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
> Server public key is 256 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
> ---
> Post-Handshake New Session Ticket arrived:
> SSL-Session:
> Protocol : TLSv1.3
> Cipher : TLS_CHACHA20_POLY1305_SHA256
> Session-ID:
> FAA394DF4959235034E350399A968F5C945D413F68CC5D29191B209900735C01
> Session-ID-ctx:
> Resumption PSK:
> 414F9C16B3D4845BC0592B35CC2D28DBD9B807BCBCB95125870379E1AAA480C7
> PSK identity: None
> PSK identity hint: None
> TLS session ticket lifetime hint: 21600 (seconds)
> TLS session ticket:
> 0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00
> 00 ................
> 0010 - 8f 9b bb d1 0a 9e a6 0d-df d3 9d 7d 8f c1 f1
> 6b ...........}...k
> 0020 - 00 80 31 55 77 a3 b3 5c-fe 90 11 fb 8c ef b1
> 23 ..1Uw..\.......#
> 0030 - 9c 88 83 b0 33 5d 84 d6-1a 75 db 68 67 fb 57
> 3d ....3]...u.hg.W=
> 0040 - ef 71 6b 7f 22 ae fa bf-d7 0d 12 37 62 69 01
> ff .qk."......7bi..
> 0050 - 5a 78 29 97 8e ab a4 8e-e0 83 ab 0f 63 fa b4
> d9 Zx).........c...
> 0060 - 3b 08 70 38 56 db 6a 43-8c d3 e4 de 5d 1e 7e
> cb ;.p8V.jC....].~.
> 0070 - 82 63 08 cd 31 71 61 17-44 a1 98 87 8a a5 43
> 06 .c..1qa.D.....C.
> 0080 - d1 f8 aa a7 ba 3e 99 32-a9 f8 a6 14 46 bd a2
> 0e .....>.2....F...
> 0090 - 74 79 fa 24 c5 5c a2 12-81 cb 2c 85 4b 91 c1
> 1b ty.$.\....,.K...
> 00a0 - 7d c3 3d c9 6a 58 12 4e-41 b7 eb 29 9e b6 90
> 07 }.=.jX.NA..)....
> 00b0 - e1 92 dd 8d 44 69 ....Di
>
> Start Time: 1549799117
> Timeout : 7200 (sec)
> Verify return code: 0 (ok)
> Extended master secret: no
> Max Early Data: 0
> ---
> read R BLOCK
> closed
>
>
> Which seems strange to me since Cloudflair offers TLSv1.3 but unbound
> initializes only TLSv1.2 .
>
> Have check all working DoT servers from here -->
> https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers too,
> but no TLSv1.3 at all...
>
>
> Did someone have similar behaviors ?
>
> Best,
>
> Erik
>
>
>
>
next prev parent reply other threads:[~2019-03-05 17:17 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-10 14:15 ummeegge
2019-02-13 18:05 ` Michael Tremer
2019-02-13 19:40 ` Peter Müller
2019-02-14 7:24 ` ummeegge
2019-02-14 11:11 ` Michael Tremer
2019-02-14 11:31 ` ummeegge
2019-03-07 4:16 ` ummeegge
2019-03-07 8:54 ` Michael Tremer
2019-03-07 9:05 ` ummeegge
2019-05-24 5:50 ` ummeegge
2019-02-14 6:57 ` ummeegge
2019-02-14 11:08 ` Michael Tremer
2019-02-14 11:28 ` ummeegge
2019-02-14 11:31 ` Michael Tremer
2019-02-14 14:18 ` ummeegge
2019-02-14 15:01 ` Michael Tremer
2019-02-14 15:18 ` ummeegge
2019-02-15 14:17 ` ummeegge
2019-03-05 17:17 ` ummeegge [this message]
2019-03-05 17:23 ` Michael Tremer
[not found] <5DEFDAC6-908C-43EB-BC66-A7BD5835626A@ipfire.org>
2019-03-05 17:56 ` ummeegge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ba63805713edf3a8ed016d3d7d1e53e7e6e8653b.camel@ipfire.org \
--to=ummeegge@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox