On Sat, Mar 22, 2025 at 08:56:39PM -0500, Bob Lindner wrote:
> Thank you, Viktor. I do think this is possibly a networking issue, as
> things work well until Client Hello, where everything just stops. tcpdump
> below.
Retransmission with no ACKs is indicative of a firewall issue more than
an application-level barrier, which would typically not prevent TCP
ACKs. Speculatively, your TLS Client Hello is a bit large at 517 bytes,
but when I tried with a much larger Hello (post-quantum hybrid +
separate X25519 keyshares), the handshake went through fine, but perhaps
this is an anycast IP and you're hitting a problem node...
You might however decode the content of your client hello and see
whether it could be slimmed down a bit, perhaps make sure to use TLS 1.2
for these domains, since that's all they support. While the successful
TLS 1.3 PQ Client Hellow was in excess of 1500 bytes:
$ posttls-finger -c -Lssl-debug,summary,ssl-handshake-packet-dump
"[144.160.235.144]"
posttls-finger: SSL_connect:before SSL initialization
posttls-finger: write to 5593153BC8A0 [5593153C4100] (1554 bytes => 1554
(0x612))
posttls-finger: SSL_connect:SSLv3/TLS write client hello
posttls-finger: read from 5593153BC8A0 [5593153CD203] (5 bytes => 5 (0x5))
posttls-finger: read from 5593153BC8A0 [5593153CD208] (53 bytes => 53
(0x35))
posttls-finger: SSL_connect:SSLv3/TLS write client hello
posttls-finger: read from 5593153BC8A0 [5593153CD203] (5 bytes => 5 (0x5))
posttls-finger: read from 5593153BC8A0 [5593153CD208] (3419 bytes => 3419
(0xD5B))
posttls-finger: SSL_connect:SSLv3/TLS read server hello
posttls-finger: read from 5593153BC8A0 [5593153CD203] (5 bytes => 5 (0x5))
posttls-finger: read from 5593153BC8A0 [5593153CD208] (1039 bytes => 1039
(0x40F))
posttls-finger: SSL_connect:SSLv3/TLS read server certificate
posttls-finger: read from 5593153BC8A0 [5593153CD203] (5 bytes => 5 (0x5))
posttls-finger: read from 5593153BC8A0 [5593153CD208] (242 bytes => 242
(0xF2))
posttls-finger: SSL_connect:SSLv3/TLS read server key exchange
posttls-finger: SSL_connect:SSLv3/TLS read server certificate request
posttls-finger: SSL_connect:SSLv3/TLS read server done
posttls-finger: SSL_connect:SSLv3/TLS write client certificate
posttls-finger: SSL_connect:SSLv3/TLS write client key exchange
posttls-finger: SSL_connect:SSLv3/TLS write change cipher spec
posttls-finger: write to 5593153BC8A0 [5593153C4100] (330 bytes => 330
(0x14A))
posttls-finger: SSL_connect:SSLv3/TLS write finished
posttls-finger: read from 5593153BC8A0 [5593153CD203] (5 bytes => 5 (0x5))
posttls-finger: read from 5593153BC8A0 [5593153CD208] (170 bytes => 170
(0xAA))
posttls-finger: SSL_connect:SSLv3/TLS write finished
posttls-finger: read from 5593153BC8A0 [5593153CD203] (5 bytes => 5 (0x5))
posttls-finger: read from 5593153BC8A0 [5593153CD208] (1 bytes => 1 (0x1))
posttls-finger: SSL_connect:SSLv3/TLS read server session ticket
posttls-finger: read from 5593153BC8A0 [5593153CD203] (5 bytes => 5 (0x5))
posttls-finger: read from 5593153BC8A0 [5593153CD208] (40 bytes => 40
(0x28))
posttls-finger: SSL_connect:SSLv3/TLS read change cipher spec
posttls-finger: SSL_connect:SSLv3/TLS read finished
posttls-finger: Untrusted TLS connection established to
144.160.235.144[144.160.235.144]:25: TLSv1.2 with cipher
DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
when I explicitly choose TLS 1.2, the TLS Client Hello size is a much
more modest 235 bytes (5 record layer):
$ posttls-finger -p TLSv1.2 -c
-Lssl-debug,summary,ssl-handshake-packet-dump "[144.160.235.144]"
posttls-finger: SSL_connect:before SSL initialization
posttls-finger: write to 560493462CC0 [56049346A520] (235 bytes => 235
(0xEB))
posttls-finger: SSL_connect:SSLv3/TLS write client hello
posttls-finger: read from 560493462CC0 [5604934705C3] (5 bytes => 5 (0x5))
posttls-finger: read from 560493462CC0 [5604934705C8] (53 bytes => 53
(0x35))
posttls-finger: SSL_connect:SSLv3/TLS write client hello
posttls-finger: read from 560493462CC0 [5604934705C3] (5 bytes => 5 (0x5))
posttls-finger: read from 560493462CC0 [5604934705C8] (4334 bytes => 4033
(0xFC1))
posttls-finger: 0fc0 1d .
posttls-finger: read from 560493462CC0 [560493471589] (301 bytes => 301
(0x12D))
posttls-finger: SSL_connect:SSLv3/TLS read server hello
posttls-finger: read from 560493462CC0 [5604934705C3] (5 bytes => 5 (0x5))
posttls-finger: read from 560493462CC0 [5604934705C8] (1039 bytes => 1039
(0x40F))
posttls-finger: SSL_connect:SSLv3/TLS read server certificate
posttls-finger: read from 560493462CC0 [5604934705C3] (5 bytes => 5 (0x5))
posttls-finger: read from 560493462CC0 [5604934705C8] (242 bytes => 242
(0xF2))
posttls-finger: 00ef - <SPACES/NULLS>
posttls-finger: SSL_connect:SSLv3/TLS read server key exchange
posttls-finger: SSL_connect:SSLv3/TLS read server certificate request
posttls-finger: SSL_connect:SSLv3/TLS read server done
posttls-finger: SSL_connect:SSLv3/TLS write client certificate
posttls-finger: SSL_connect:SSLv3/TLS write client key exchange
posttls-finger: SSL_connect:SSLv3/TLS write change cipher spec
posttls-finger: write to 560493462CC0 [56049346A520] (330 bytes => 330
(0x14A))
posttls-finger: SSL_connect:SSLv3/TLS write finished
posttls-finger: read from 560493462CC0 [5604934705C3] (5 bytes => 5 (0x5))
posttls-finger: read from 560493462CC0 [5604934705C8] (170 bytes => 170
(0xAA))
posttls-finger: SSL_connect:SSLv3/TLS write finished
posttls-finger: read from 560493462CC0 [5604934705C3] (5 bytes => 5 (0x5))
posttls-finger: read from 560493462CC0 [5604934705C8] (1 bytes => 1 (0x1))
posttls-finger: SSL_connect:SSLv3/TLS read server session ticket
posttls-finger: read from 560493462CC0 [5604934705C3] (5 bytes => 5 (0x5))
posttls-finger: read from 560493462CC0 [5604934705C8] (40 bytes => 40
(0x28))
posttls-finger: SSL_connect:SSLv3/TLS read change cipher spec
posttls-finger: SSL_connect:SSLv3/TLS read finished
posttls-finger: Untrusted TLS connection established to
144.160.235.144[144.160.235.144]:25: TLSv1.2 with cipher
DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[ tshark(1) decode of the above ]
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 230
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 226
Version: TLS 1.2 (0x0303)
Random:
154a88a58f98c815e51b9c7512acd03d7b99bcc776569e9189e0a35f55759a23
GMT Unix Time: Apr 27, 1981 17:56:21.000000000 AEST
Random Bytes:
8f98c815e51b9c7512acd03d7b99bcc776569e9189e0a35f55759a23
Session ID Length: 0
Cipher Suites Length: 106
Cipher Suites (53 suites)
...
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 79
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
EC point format: uncompressed (0)
EC point format: ansiX962_compressed_prime (1)
EC point format: ansiX962_compressed_char2 (2)
Extension: supported_groups (len=10)
Type: supported_groups (10)
Length: 10
Supported Groups List Length: 8
Supported Groups (4 groups)
Supported Group: x25519 (0x001d)
Supported Group: secp256r1 (0x0017)
Supported Group: x448 (0x001e)
Supported Group: secp384r1 (0x0018)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Session Ticket: <MISSING>
Extension: encrypt_then_mac (len=0)
Type: encrypt_then_mac (22)
Length: 0
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: signature_algorithms (len=36)
Type: signature_algorithms (13)
Length: 36
Signature Hash Algorithms Length: 34
Signature Hash Algorithms (17 algorithms)
...
--
Viktor.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
