Bug ID 922823
Summary Authentication to esp.attachmategroup.com on IPv6 sometimes hangs
Classification openSUSE
Product openSUSE 13.1
Version Final
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Network
Assignee bnc-team-screening@forge.provo.novell.com
Reporter jimc@math.ucla.edu
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Created attachment 627270 [details]
tcpdump showing failed connection to esp.attachmategroup.com

When I try to authenticate on bugzilla.novell.com (served by
esp.attachmategroup.com), the web browser sometimes hangs.  I narrowed down the
problem to the step of establishing the HTTPS connection on IPv6 (OK on IPv4). 
If I do:
    w3m -4 https://esp.attachmategroup.com/
it replies 403 access forbidden (correct, because I cut off the CGI and args). 
This is IPv4.  If instead I do:
    w3m -6 https://esp.attachmategroup.com/
I get two variants.  At work I always get 403 forbidden (and I'm filing this
bug report from the work machine).  At home it always fails to make the HTTPS
connection.  w3m takes about 5 secs (unusually long) then reports: 
    Openingsocket...SSL error: error:00000000:lib(0):func(0):reason(0)
Firefox claims to have connected, then just hangs for at least 60 secs then
reports that it couldn't connect.  openssl s_client connects with a good cipher
but it only supports IPv4.  
    I tried: gnutls-cli -p 443 esp.attachmategroup.com
It reports connecting to the IPv6 address but "*** Fatal error: Error in the
pull function.; *** Handshake has failed."  If I give the IPv4 address with
--no-ca-verification it connects successfully.  
    I'm attaching a tcpdump from "w3m -6 $URL".  It was taken on the net's
router from the IPv6 tunnel to Hurricane Electric.  

So this sounds like a work vs. home issue, i.e. user misconfiguration. 
However, I configured both nets "identically" except that work has native IPv6
while home is tunneled via Hurricane Electric (and has worked trouble free
since 2009 including Attachmate authentication), and home has a IPTables
firewall (that caught nothing relevant) while work uses Cisco ACLs.  

Attachmate authentication used to work from home, presumably with IPv6 (not
actually verified).  If you guys can shed some light, either in the direction
of Attachmate or towards my net, I would be most grateful.  

By the way, "host 2620:113:8044:66:130:57:66:3" reports:
Host 3.0.0.0.6.6.0.0.7.5.0.0.0.3.1.0.6.6.0.0.4.4.0.8.3.1.1.0.0.2.6.2.ip6.arpa
not found: 2(SERVFAIL)
Browsers (w3m, firefox) at work don't care, so it's irrelevant to this issue,
but perhaps the Attachmate people should fix their PTR record.

You are receiving this mail because: