Hi, Can you check the offered cipher using openssl s_client ?
It could be that there is no suggested cipher or changing suggested cipher between ipv4 vs ipv6, (something that can happen with some farms and other load balancing systems) . On Thursday, 11 January 2024 12:18:24 IST Rabin Yasharzadehe wrote: > Nice catch, > > IPv4 works, as the moment I remove the address from my interface, I can > connect to the site. > From what I can see, it does able to complete the TLS handshake, and I can > see the certificate. > And I see the same behavior from inside a container. > > Ping to the address seems to be working, and I don't see any routing issue > to the destination. > > Issue with telegram service? > > > > -- > Rabin > > > On Wed, 10 Jan 2024 at 07:52, Lior Okman <l...@okman.name> wrote: > > > > > Looking at the curl output, it manages to connect using IPv6 and is timing > > out on the SSL negotiation. > > > > > > Few things to check: > > > > - Does this work for you with IPv4? > > - Can you use "openssl s_client" to see if your environment manages to > > finish the SSL handshake? > > - Can you try to connect from inside a Docker container that is using a > > different base distro? > > > > > > -- > > Lior > > > > > > > > ---- On Tue, 09 Jan 2024 13:17:23 +0200 *Rabin Yasharzadehe > > <ra...@rabin.io <ra...@rabin.io>>* wrote --- > > > > Hi list, > > > > Can you please help me identify if the issue, is in my end / ISP (Bezeq) > > and not the service it self. > > > > When I try to load telegram web, with IPv6 address, the connection will > > hang for me. > > > > > > ❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ > > * processing: https://web.telegram.org/ > > * Trying [2001:67c:4e8:f004::9]:443... > > * Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443 > > * ALPN: offers h2,http/1.1 > > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > > * CApath: none > > * SSL connection timeout > > * Closing connection > > curl: (28) SSL connection timeout > > > > > > But I don't have this issue with other IPv6 services, like google.com > > > > Can you please check on your side? and which ISP are you using? > > > > Thanks. Regards > > > > -- > > Rabin > > _______________________________________________ > > Linux-il mailing list -- linux-il@cs.huji.ac.il > > To unsubscribe send an email to linux-il-le...@cs.huji.ac.il > > > > > > > _______________________________________________ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-le...@cs.huji.ac.il
