pfSense Gold Subscription

Author Topic: TLS handshake fails for some sites over IPv6?  (Read 120 times)

0 Members and 1 Guest are viewing this topic.

Offline xme

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
TLS handshake fails for some sites over IPv6?
« on: October 11, 2017, 03:23:24 pm »
I'm using a pfSense box behind an ADSL modem (bridge mode). The setup worked nicely for a very long time but since the last reset of my PPPoE session, I've having strange behaviour with some TLS services over IPv6. My ISP (Proximus in Belgium) made some changes on their network but I don't know which ones.

My PPPoE session has an MTU of 1492. No packet is dropped by the firewall. TCP 3-way handshake is ok, not a routing issue.

Any idea where to look for? This affects all hosts on the LAN (OSX, Linux, Windows)

Code: [Select]
$ curl -v https://xxx.be
* Rebuilt URL to: https://xxx.be/
*   Trying 2001:bc8:xxxx:xxx::1...
* TCP_NODELAY set
*   Trying 163.172.xxx.xxx...
* TCP_NODELAY set
* Connected to xxx.be (2001:bc8:xxxx:xxx::1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to xxx.be:443
* stopped the pause stream!
* Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to xxx.be:443