[Bug 922823] New: Authentication to esp.attachmategroup.com on IPv6 sometimes hangs
http://bugzilla.novell.com/show_bug.cgi?id=922823 Bug ID: 922823 Summary: Authentication to esp.attachmategroup.com on IPv6 sometimes hangs Classification: openSUSE Product: openSUSE 13.1 Version: Final Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: jimc@math.ucla.edu QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 627270 --> http://bugzilla.novell.com/attachment.cgi?id=627270&action=edit tcpdump showing failed connection to esp.attachmategroup.com When I try to authenticate on bugzilla.novell.com (served by esp.attachmategroup.com), the web browser sometimes hangs. I narrowed down the problem to the step of establishing the HTTPS connection on IPv6 (OK on IPv4). If I do: w3m -4 https://esp.attachmategroup.com/ it replies 403 access forbidden (correct, because I cut off the CGI and args). This is IPv4. If instead I do: w3m -6 https://esp.attachmategroup.com/ I get two variants. At work I always get 403 forbidden (and I'm filing this bug report from the work machine). At home it always fails to make the HTTPS connection. w3m takes about 5 secs (unusually long) then reports: Openingsocket...SSL error: error:00000000:lib(0):func(0):reason(0) Firefox claims to have connected, then just hangs for at least 60 secs then reports that it couldn't connect. openssl s_client connects with a good cipher but it only supports IPv4. I tried: gnutls-cli -p 443 esp.attachmategroup.com It reports connecting to the IPv6 address but "*** Fatal error: Error in the pull function.; *** Handshake has failed." If I give the IPv4 address with --no-ca-verification it connects successfully. I'm attaching a tcpdump from "w3m -6 $URL". It was taken on the net's router from the IPv6 tunnel to Hurricane Electric. So this sounds like a work vs. home issue, i.e. user misconfiguration. However, I configured both nets "identically" except that work has native IPv6 while home is tunneled via Hurricane Electric (and has worked trouble free since 2009 including Attachmate authentication), and home has a IPTables firewall (that caught nothing relevant) while work uses Cisco ACLs. Attachmate authentication used to work from home, presumably with IPv6 (not actually verified). If you guys can shed some light, either in the direction of Attachmate or towards my net, I would be most grateful. By the way, "host 2620:113:8044:66:130:57:66:3" reports: Host 3.0.0.0.6.6.0.0.7.5.0.0.0.3.1.0.6.6.0.0.4.4.0.8.3.1.1.0.0.2.6.2.ip6.arpa not found: 2(SERVFAIL) Browsers (w3m, firefox) at work don't care, so it's irrelevant to this issue, but perhaps the Attachmate people should fix their PTR record. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=922823
Matthew Ehle
http://bugzilla.novell.com/show_bug.cgi?id=922823
Matthew Ehle
participants (1)
-
bugzilla_noreply@novell.com