and IPv6

Lee ler762 at
Wed Nov 16 22:00:08 UTC 2016

On 11/16/16, Mark Andrews <marka at> wrote:
> In message <1479249003.3937.6.camel at>, Carl Byington
> writes
> :
>> Hash: SHA512
>> Following up on a two year old thread, one of my clients just hit this
>> problem. The failure is not that is not reachable over ipv6
>> (2605:3100:fffd:100::15). They accept (TCP handshake) the port 443
>> connection, but the connection then hangs waiting for the TLS handshake.
>> openssl s_client -connect
>> openssl s_client -servername -connect
>> Browsers (at least firefox) see that as a very slow site, and it does
>> not trigger their happy eyeballs fast failover to ipv4.
> Happy eyeballs is about making the connection not whether TCP
> connections work after the initial packet exchange.
> I would send a physical letter to the relevent Inspector General
> requesting that they ensure all web sites under their juristiction
> that are supposed to be reachable from the public net get audited
> regularly to ensure that IPv6 connections work from public IP space.

That will absolutely work.

NIST is still monitoring ipv6 .gov sites
so the IG isn't going to do anything there & has a contact us page
that I'd bet works much better than a letter to the IG


More information about the NANOG mailing list