Re: [Fwd: Re: request for info: unbound via https / tls]

Hi all, a little update to this comment

Am Mittwoch, den 12.12.2018, 18:44 +0100 schrieb ummeegge:

As a beneath one, Cloudflair offers TLS1.3 support since a couple of days/weeks now.

have tested now a couple of DoT servers and wanted to update some infos causing encryption but also sorted by speed:

*.quad9.net (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA512)-(AES-256-GCM) 9.9.9.10 in 12.4 ms

*.quad9.net (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA512)-(AES-256-GCM) 9.9.9.9 in 18.7 ms

rec1.dns.lightningwirelabs.com (TLS1.2)-(ECDHE-X25519)-(ECDSA-SHA512)-(CHACHA20-POLY1305) 81.3.27.54 in 24.9 ms

*.tenta.io (TLS1.2)-(ECDHE-SECP521R1)-(ECDSA-SHA256)-(CHACHA20-POLY1305) 99.192.182.200 in 28.7 ms

kaitain.restena.lu (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM) 158.64.1.29 in 29.6 ms

dnsovertls2.sinodun.com (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) 145.100.185.17 in 45.1 ms

*.cloudflare-dns.com (TLS1.3)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM) 1.0.0.1 in 46.1 ms

*.cloudflare-dns.com (TLS1.3)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM) 1.1.1.1 in 47.8 ms

dot-de.blahdns.com (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) 159.69.198.101 in 61.1 ms

dns.neutopia.org (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) 89.234.186.112 in 62.2 ms

securedns.eu (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) 146.185.167.43, 146.185.167.43 in 72.8 ms in 75.1 ms

getdnsapi.net (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) 185.49.141.37 in 88.4 ms

dnsovertls3.sinodun.com (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) 145.100.185.18 in 91.2 ms

dns.cmrg.net (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) 199.58.81.218 in 100.8 ms

Lightningwirelabs is really pretty fast (@Michael, did you changed to curve25519 ? seems to be some ms faster) but also TLS1.3 seems to become more common as i thought.

Best,

Erik