pay.gov and IPv6

• Previous message (by thread): pay.gov and IPv6
• Next message (by thread): pay.gov and IPv6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/16/16, Mark Andrews <marka at isc.org> wrote:
>
> In message <1479249003.3937.6.camel at ns.five-ten-sg.com>, Carl Byington
> writes
> :
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Following up on a two year old thread, one of my clients just hit this
>> problem. The failure is not that www.pay.gov is not reachable over ipv6
>> (2605:3100:fffd:100::15). They accept (TCP handshake) the port 443
>> connection, but the connection then hangs waiting for the TLS handshake.
>>
>> openssl s_client -connect www.pay.gov:443
>>
>> openssl s_client -servername www.pay.gov -connect 199.169.192.21:443
>>
>> Browsers (at least firefox) see that as a very slow site, and it does
>> not trigger their happy eyeballs fast failover to ipv4.
>
> Happy eyeballs is about making the connection not whether TCP
> connections work after the initial packet exchange.
>
> I would send a physical letter to the relevent Inspector General
> requesting that they ensure all web sites under their juristiction
> that are supposed to be reachable from the public net get audited
> regularly to ensure that IPv6 connections work from public IP space.

That will absolutely work.

NIST is still monitoring ipv6 .gov sites
  https://usgv6-deploymon.antd.nist.gov/cgi-bin/generate-gov
so the IG isn't going to do anything there & pay.gov has a contact us page
  https://pay.gov/public/home/contact
that I'd bet works much better than a letter to the IG

Regards,
Lee

• Previous message (by thread): pay.gov and IPv6
• Next message (by thread): pay.gov and IPv6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]