This repository was archived by the owner on Jul 23, 2024. It is now read-only.
Issue with connecting to site with IPv6 enabled #14
Description
Heya, I've run into something funny with https://downloads.microzig.tech and trying to access it from my macOS machine via mechanisms that use IPv6. The short of it is that all attempts failed until I disabled IPv6. I was able to connect to other IPv6 sites, so I'm not sure what's going on exactly. I was able to access microzig site previously, so I thought I'd mention it here!
Repro steps for macOS:
$ openssl s_client -connect downloads.microzig.tech:443 -6
will return something like
Connecting to 2a0d:5940:6:163::ad7e
CONNECTED(00000003)
write:errno=54
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 331 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Comparing to a known good site:
$ openssl s_client -connect ipv6.google.com:443 -6
which returns something like
Connecting to 2607:f8b0:4004:c19::66
CONNECTED(00000005)
depth=2 C=US, O=Google Trust Services LLC, CN=GTS Root R1
verify return:1
depth=1 C=US, O=Google Trust Services, CN=WR2
verify return:1
depth=0 CN=*.google.com
verify return:1
---
Certificate chain
0 s:CN=*.google.com
i:C=US, O=Google Trust Services, CN=WR2
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 13 15:27:14 2024 GMT; NotAfter: Sep 5 15:27:13 2024 GMT
1 s:C=US, O=Google Trust Services, CN=WR2
i:C=US, O=Google Trust Services LLC, CN=GTS Root R1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 13 09:00:00 2023 GMT; NotAfter: Feb 20 14:00:00 2029 GMT
2 s:C=US, O=Google Trust Services LLC, CN=GTS Root R1
i:C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIN4zCCDMugAwIBAgIRAJGr9eV0xqbNCoYAPpiuMp8wDQYJKoZIhvcNAQELBQAw
...
3USGNk3L5g==
-----END CERTIFICATE-----
subject=CN=*.google.com
issuer=C=US, O=Google Trust Services, CN=WR2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 6550 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)