pay.gov and IPv6

Jared Mauch jared at puck.nether.net
Wed Nov 16 21:56:09 UTC 2016


> On Nov 15, 2016, at 5:30 PM, Carl Byington <carl at five-ten-sg.com> wrote:
> 
> openssl s_client -connect www.pay.gov:443



I’m not seeing the issue here, but they do have some possible issues the way they’re setting cookies (See details below).

What path are you seeing to them?  I’m also not having the issue from the IETF97 network here in Seoul which has IPv6 as well.

puck:~$ traceroute6 www.pay.gov.
traceroute to www.pay.gov. (2605:3100:fffd:100::15), 30 hops max, 80 byte packets
 1  ge-0-7-0-22.r05.chcgil09.us.bb.gin.ntt.net (2001:418:3f4::1)  0.751 ms  0.871 ms  0.994 ms
 2  verio-gw.cgcil.ipv6.att.net (2001:1890:1fff:307:192:205:32:193)  2.008 ms  1.991 ms  2.837 ms
 3  cgcil22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:132:198)  27.333 ms  27.167 ms  27.070 ms
 4  sl9mo22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:2:178)  27.602 ms  27.646 ms  27.628 ms
 5  sl9mo21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:2:217)  30.055 ms  29.894 ms  29.855 ms
 6  dlstx22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:2:1)  28.888 ms  27.016 ms  26.933 ms
 7  dlstx84crs.ipv6.att.net (2001:1890:ff:ffff:12:123:18:249)  28.126 ms  26.757 ms  26.645 ms
 8  2001:1890:ff:ffff:12:122:124:141 (2001:1890:ff:ffff:12:122:124:141)  26.142 ms  26.269 ms  26.179 ms
 9  2001:1890:c00:610b::1138:7d27 (2001:1890:c00:610b::1138:7d27)  27.273 ms  27.255 ms  27.544 ms
10  2001:1890:1c08:cf01::2 (2001:1890:1c08:cf01::2)  27.673 ms !X  27.559 ms !X  27.465 ms !X

curl -v https://www.pay.gov/public/home
*   Trying 2605:3100:fffd:100::15...
* TCP_NODELAY set
* Connected to www.pay.gov (2605:3100:fffd:100::15) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* ALPN/NPN, server did not agree to a protocol
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=www.pay.gov,O=United States Department of Treasury,L=Washington,ST=District of Columbia,C=US
* 	start date: May 28 14:58:43 2015 GMT
* 	expire date: May 29 06:16:02 2018 GMT
* 	common name: www.pay.gov
* 	issuer: CN=Entrust Certification Authority - L1K,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
> GET /public/home HTTP/1.1
> Host: www.pay.gov
> User-Agent: curl/7.51.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Wed, 16 Nov 2016 21:52:08 GMT
< Content-type: text/html; charset=ISO-8859-1
< Strict-transport-security: max-age=31536001; includeSubDomains
< Cache-Control: no-cache
< Cache-Control: no-store
< Pragma: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000
< Set-Cookie: JSESSIONID=949QYsVLKQqBB42HTy91pJnGfnfJthLfQTv02CvDnt7rNQnpSvb1!1259175335!-1040755441!1479333128223; path=/public; secure; HttpOnly
< Set-Cookie: JSESSIONID=949QYsVLKQqBB42HTy91pJnGfnfJthLfQTv02CvDnt7rNQnpSvb1!1259175335!-1040755441; path=/public; HttpOnly
< Set-Cookie: ClientId=14793331282345260; path=/public; HttpOnly; secure
< Set-Cookie: ClientId=1479333128244363; path=/public; HttpOnly; secure
< X-FRAME-OPTIONS: DENY
< Content-Language: en-US
< X-Powered-By: Servlet/2.5 JSP/2.1
< Transfer-encoding: chunked





More information about the NANOG mailing list