Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander Sobyanin2016-05-10 00:25:45
Domain Name System
Alexander Sobyanin, 2016-05-10 00:25:45

How to solve the problem with IPv6 priority over IPv4 on some HTTPS resources, in particular, habracdn.net?

Good for you.

I have:

  • Windows 10
  • TP-Link TP-WR841N(RU) V8.2 with OpenWRT 15.05
  • Domru provider with IPv6


Problem:
Some https resources with IPv6 try to open over IPv6 due to protocol priority, although they work successfully only over IPv4. These include, for example, Toster.ru CSS files, like this one .

Let's take a look at how Curl works in MINGW64.
Version:
$ curl -V 
curl 7.44.0 (x86_64-w64-mingw32) libcurl/7.44.0 OpenSSL/1.0.2d zlib/1.2.8 libidn/1.32 libssh2/1.6.0 librtmp/2.3 
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp 
Features: IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL libz TLS-SRP


Default:
$ curl -v https://habracdn.net/toster/frontend.47dba5ea-12bc-11e6-81cb-38eaa71001f0.css 
01f0.css 
* timeout on name lookup is not supported 
* Trying 2400:cb00:2048:1::8d65:7d1a... 
* Connected to habracdn.net (2400:cb00:2048:1::8d65:7d1a) port 443 (#0) 
* ALPN, offering http/1.1 
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH 
* successfully set certificate verify locations: 
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt 
CApath: none 
* Unknown SSL protocol error in connection to habracdn.net:443 
* Closing connection 0 
curl: (35) Unknown SSL protocol error in connection to habracdn.net:443


Enforcing IPv6 is no different:
$ curl -v https://habracdn.net/toster/frontend.47dba5ea-12bc-11e6-81cb-38eaa71001f0.css
01f0.css -6 
* timeout on name lookup is not supported 
* Trying 2400:cb00:2048:1::8d65:7e1a... 
* Connected to habracdn.net (2400:cb00:2048:1::8d65:7e1a) port 443 (#0) 
* ALPN, offering http/1.1 
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH 
* successfully set certificate verify locations: 
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt 
CApath: none 
* Unknown SSL protocol error in connection to habracdn.net:443 
* Closing connection 0 
curl: (35) Unknown SSL protocol error in connection to habracdn.net:443


But forced IPv4:
$ curl -v https://habracdn.net/toster/frontend.47dba5ea-12bc-11e6-81cb-38eaa71001f0.css
01f0.css -4 -only 
* timeout on name lookup is not supported 
* Trying 141.101.126.26... 
% Total % Received % Xferd Average Speed Time Time Time Current 
Dload Upload Total Spent Left Speed 
0 0 0 0 0 0 0 0 —:--:— —:--:— —:--:— 0* Connected to habracdn.net (141.101.126.26) port 443 (#0) 
* ALPN, offering http/1.1 
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH 
* successfully set certificate verify locations: 
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt 
CApath: none 
* TLSv1.2 (OUT), TLS header, Certificate Status (22): 
} [5 bytes data] 
* TLSv1.2 (OUT), TLS handshake, Client hello (1): 
} [512 bytes data] 
0 0 0 0 0 0 0 0 —:--:— —:--:— —:--:— 0* TLSv1.2 (IN), TLS handshake, Server hello (2): 
{ [108 bytes data] 
* TLSv1.2 (IN), TLS handshake, Certificate (11): 
{ [3065 bytes data] 
* TLSv1.2 (IN), TLS handshake, Server key exchange (12): 
{ [148 bytes data] 
* TLSv1.2 (IN), TLS handshake, Server finished (14): 
{ [4 bytes data] 
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16): 
} [70 bytes data] 
* TLSv1.2 (OUT), TLS change cipher, Client hello (1): 
} [1 bytes data] 
* TLSv1.2 (OUT), TLS handshake, Finished (20): 
} [16 bytes data] 
* TLSv1.2 (IN), TLS change cipher, Client hello (1): 
{ [1 bytes data] 
* TLSv1.2 (IN), TLS handshake, Finished (20): 
{ [16 bytes data] 
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256 
* ALPN, server accepted to use http/1.1 
* Server certificate: 
* subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl338341.cloudflaressl.com


Screenshots:
g_ypUhnNj2Q.jpg
5cCxicxW_tM.jpg

I got acquainted with a similar question: https://toster.ru/q/157949

To ask a question, I disabled IPv6 for the network card.

Question:
How to prioritize IPv4 traffic in Google Chrome? Is there any way I can force Google Chrome on certain sites to use IPv4?
Or defeat "Unknown SSL protocol error in connection" over IPv6?
In short, how to be?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
0
0x131315, 2016-05-10
@b1oki

I look at the address of the site I need by ipv4 here chrome://net-internals/#dns
And then I enter its range /32 here: superuser.com/questions/436574/ipv4-vs-ipv6-priori...
For Linux https:/ /version6.ru/deprefer-ipv6
Well, to the heap drtr0jan.livejournal.com/229199.html I
installed the ipvfoo plugin for chrome to see what I went through.
This helped in particular to drive YouTube through ipv4, where it is faster.

Similar questions
E
ettaluni2021-04-28 20:31:20
How to make linux work in two DNS zones? 2Reply
A
Arthur2015-06-19 11:16:00
How to change information in whois? 2Reply
A
Andrew2015-06-28 15:31:11
DNS bind. How to create a domain zone for a local network on a home server? 1Reply
E
eth422017-06-08 18:54:33
How does Windows deal with DNS? 1Reply
X
Xrum2019-11-12 09:00:03
When trying to register a domain? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question