Добра вам.
Имею:
- Wnidows 10
- TP-Link TP-WR841N(RU) V8.2 с OpenWRT 15.05
- провайдер Domru с IPv6
Проблема:
Некоторые https ресурсы с IPv6 из-за приоритета протокола пробуют открыться по IPv6, хотя успешно работают только по IPv4. К таким относятся, например, CSS файлы Toster.ru, вроде
этого.
Посмотрим на работу Curl в MINGW64.
Версия:
$ curl -V
curl 7.44.0 (x86_64-w64-mingw32) libcurl/7.44.0 OpenSSL/1.0.2d zlib/1.2.8 libidn/1.32 libssh2/1.6.0 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL libz TLS-SRP
По умолчанию:
$ curl -v https://habracdn.net/toster/frontend.47dba5ea-12bc-11e6-81cb-38eaa71001f0.css
01f0.css
* timeout on name lookup is not supported
* Trying 2400:cb00:2048:1::8d65:7d1a...
* Connected to habracdn.net (2400:cb00:2048:1::8d65:7d1a) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
CApath: none
* Unknown SSL protocol error in connection to habracdn.net:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to habracdn.net:443
Принудительный IPv6 ничем не отличается:
$ curl -v https://habracdn.net/toster/frontend.47dba5ea-12bc-11e6-81cb-38eaa71001f0.css
01f0.css -6
* timeout on name lookup is not supported
* Trying 2400:cb00:2048:1::8d65:7e1a...
* Connected to habracdn.net (2400:cb00:2048:1::8d65:7e1a) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
CApath: none
* Unknown SSL protocol error in connection to habracdn.net:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to habracdn.net:443
Зато принудительный IPv4:
$ curl -v https://habracdn.net/toster/frontend.47dba5ea-12bc-11e6-81cb-38eaa71001f0.css
01f0.css -4 -only
* timeout on name lookup is not supported
* Trying 141.101.126.26...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 —:--:— —:--:— —:--:— 0* Connected to habracdn.net (141.101.126.26) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
0 0 0 0 0 0 0 0 —:--:— —:--:— —:--:— 0* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3065 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [148 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl338341.cloudflaressl.com
Скриншоты:
Ознакомился со схожим вопросом:
https://toster.ru/q/157949
Чтобы задать вопрос отключил IPv6 для сетевой карты.
Вопрос:
Как задать приоритет IPv4 трафика в Google Chrome? Можно ли как-то вынудить Google Chrome на определенных сайтах использовать IPv4?
Или победить "Unknown SSL protocol error in connection" по IPv6?
Коротко говоря, как быть?
Простой
Простой
