Skip to content
This repository has been archived by the owner on Jul 23, 2024. It is now read-only.

Issue with connecting to site with IPv6 enabled #14

Open
chrisbodhi opened this issue Jun 27, 2024 · 0 comments
Open

Issue with connecting to site with IPv6 enabled #14

chrisbodhi opened this issue Jun 27, 2024 · 0 comments

Comments

@chrisbodhi
Copy link

Heya, I've run into something funny with https://downloads.microzig.tech and trying to access it from my macOS machine via mechanisms that use IPv6. The short of it is that all attempts failed until I disabled IPv6. I was able to connect to other IPv6 sites, so I'm not sure what's going on exactly. I was able to access microzig site previously, so I thought I'd mention it here!

Repro steps for macOS:

$ openssl s_client -connect downloads.microzig.tech:443 -6

will return something like

Connecting to 2a0d:5940:6:163::ad7e
CONNECTED(00000003)
write:errno=54
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 331 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Comparing to a known good site:

$ openssl s_client -connect ipv6.google.com:443 -6

which returns something like

Connecting to 2607:f8b0:4004:c19::66
CONNECTED(00000005)
depth=2 C=US, O=Google Trust Services LLC, CN=GTS Root R1
verify return:1
depth=1 C=US, O=Google Trust Services, CN=WR2
verify return:1
depth=0 CN=*.google.com
verify return:1
---
Certificate chain
 0 s:CN=*.google.com
   i:C=US, O=Google Trust Services, CN=WR2
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 13 15:27:14 2024 GMT; NotAfter: Sep  5 15:27:13 2024 GMT
 1 s:C=US, O=Google Trust Services, CN=WR2
   i:C=US, O=Google Trust Services LLC, CN=GTS Root R1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec 13 09:00:00 2023 GMT; NotAfter: Feb 20 14:00:00 2029 GMT
 2 s:C=US, O=Google Trust Services LLC, CN=GTS Root R1
   i:C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIN4zCCDMugAwIBAgIRAJGr9eV0xqbNCoYAPpiuMp8wDQYJKoZIhvcNAQELBQAw
...
3USGNk3L5g==
-----END CERTIFICATE-----
subject=CN=*.google.com
issuer=C=US, O=Google Trust Services, CN=WR2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 6550 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chrisbodhi