Hi Michael, another point was TFO for DoT whereby Matthis found an interessting mailinglist entry --> https://www.mail-archive.com/unbound-users@nlnetlabs.nl/msg00523.html . So it appears that DoT currently do not benefits from TFO which reflects also my testings. There has been longer time ago also some requests on OpenSSL causing this topic --> https://github.com/openssl/openssl/issues/4783 (there ist more).
In general, after some faster tests with curl, TFO seems to work --> https://forum.ipfire.org/viewtopic.php?f=50&t=21954&start=15#p122372 .
Best,
Erik
On Do, 2019-02-14 at 11:01 +0000, Michael Tremer wrote:
Hi,
On 14 Feb 2019, at 07:05, Matthias Fischer < matthias.fischer@ipfire.org> wrote:
Hi Michael,
On 13.02.2019 18:32, Michael Tremer wrote:
Hi,
I did *not* merge this one, yet.
No problem - I'm in touch with Erik trying to help testing TFO and DoT.
Please don’t forget to share what you are doing on this list :)
Its a bit weird...
The change log that you linked wasn’t very helpful, but there was an announcement email with some more details:
https://nlnetlabs.nl/pipermail/unbound-users/2019-February/011353.html
This release contains all the EDNS Flag Day changes and that might cause some trouble. I would prefer to merge this with the next Core Update because Core 128 should already have been closed and I do not want to risk re-opening it.
So, please remind me to merge this next week in case I forgot.
No hurry - I'll do. ;-)
Best, Matthias
...
-Michael