On Fri, Nov 18, 2016 at 01:01:50PM -0800, Carl Byington wrote: > On Fri, 2016-11-18 at 15:41 -0500, valdis.kletni...@vt.edu wrote: > > > Did you do anything to specifically identify Yahoo's routers as the > > offenders? > > > Hint: If there's a tunnel in the path, it will be *your* end of the > > tunnel > > that sends back the "can't frag" ICMP. So the filtering is happening > > somewhere > > between your end of the tunnel and you. > > This happens very early in the TLS handshake. The tcp (syn,syn-ack,ack) > handshake works; my system sends a 286 byte TLS client hello, and the > response to that will be a bunch of full size packets from Yahoo with > the certificate, etc. The *far* end of my tunnel will be sending the > icmpv6 "packet too big" back to Yahoo.
Could this "packet too big" part of the path MTU discovery? Probably not wrong if you see this. Maybe the fragmentation to the other site (or somewhere in between) is broken? (as said before) Johann K. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
