Hi Michael,
On Do, 2019-03-07 at 08:54 +0000, Michael Tremer wrote:
Hi,
Wait, so does that mean that unbound works with TLS 1.3 but kdig doesn’t?
Yes it strangely looks like. What it makes even more strange that on the other machine TLSv1.3 is also detected from kdig. But may you remember, some curves on the same servers where differently displayed on both machines. tshark shows the same for cloudflare and other not TLSv1.3 ready servers are also shown correct with TLSv1.2.
But which one can now be trust ? Possibly tshark is a little more trustworthy IMHO. Am building currently the new knot-2.8.0 version to check if things are changing there.
Best,
Erik
-Michael
On 7 Mar 2019, at 04:16, ummeegge ummeegge@ipfire.org wrote:
Hi, have captured now the traffic with tshark and it seems that unbound do uses TLSv1.3 but kdig seems to be the problem which did not reflect this. Shortend output:
5 0.017092078 192.168.25.13 → 9.9.9.9 TLSv1 405 Client Hello 9 0.030988995 9.9.9.9 → 192.168.25.13 TLSv1.3 1506 Server Hello, Change Cipher Spec, Application Data 10 0.031152498 9.9.9.9 → 192.168.25.13 TLSv1.3 1506 Application Data [TCP segment of a reassembled PDU] 11 0.031305390 9.9.9.9 → 192.168.25.13 TLSv1.3 195 Application Data, Application Data 12 0.032631746 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [ACK] Seq=340 Ack=1441 Win=32256 Len=0 TSval=1081350533 TSecr=3653489529 13 0.032703370 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [ACK] Seq=340 Ack=2881 Win=35328 Len=0 TSval=1081350533 TSecr=3653489529 14 0.032834733 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [ACK] Seq=340 Ack=3010 Win=37888 Len=0 TSval=1081350534 TSecr=3653489529 16 0.048498506 192.168.25.13 → 9.9.9.9 TLSv1.3 146 Change Cipher Spec, Application Data 26 0.061705575 9.9.9.9 → 192.168.25.13 TLSv1.3 145 Application Data 27 0.061814933 9.9.9.9 → 192.168.25.13 TLSv1.3 145 Application Data 28 0.062346891 192.168.25.13 → 9.9.9.9 TLSv1.3 135 Application Data 31 0.093868737 9.9.9.9 → 192.168.25.13 TLSv1.3 1374 Application Data 32 0.094863556 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [ACK] Seq=489 Ack=4476 Win=40960 Len=0 TSval=1081350596 TSecr=3653489561 34 0.095815051 192.168.25.13 → 9.9.9.9 TLSv1.3 90 Application Data 35 0.095889061 192.168.25.13 → 9.9.9.9 TCP 66 49708 → 853 [FIN, ACK] Seq=513 Ack=4476 Win=40960 Len=0 TSval=1081350597 TSecr=3653489561 39 0.106144908 192.168.25.13 → 9.9.9.9 TCP 74 49712 → 853 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=1081350607 TSecr=0 WS=512 42 0.108875164 9.9.9.9 → 192.168.25.13 TLSv1.3 90 Application Data 43 0.109334250 9.9.9.9 → 192.168.25.13 TCP 66 853 → 49708 [FIN, ACK] Seq=4500 Ack=514 Win=30208 Len=0 TSval=3653489608 TSecr=1081350596 44 0.109656164 192.168.25.13 → 9.9.9.9 TCP 54 49708 → 853 [RST] Seq=514 Win=0 Len=0 45 0.109961291 192.168.25.13 → 9.9.9.9 TCP 54 49708 → 853 [RST] Seq=514 Win=0 Len=0 49 0.118048710 9.9.9.9 → 192.168.25.13 TCP 74 853 → 49712 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1452 SACK_PERM=1 TSval=3653489618 TSecr=1081350607 WS=256 50 0.119914237 192.168.25.13 → 9.9.9.9 TCP 66 49712 → 853 [ACK] Seq=1 Ack=1 Win=29696 Len=0 TSval=1081350620 TSecr=3653489618 51 0.120180988 192.168.25.13 → 9.9.9.9 TLSv1 405 Client Hello
so forget about this subject but thanks for sharing your opinions.
Will go for a checkout if i can find something in knot section...
Best,
Erik