Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS Issues on sponsor.ajay.app when using IPv6? #1990

Open
user01010111 opened this issue Mar 25, 2024 · 2 comments
Open

TLS Issues on sponsor.ajay.app when using IPv6? #1990

user01010111 opened this issue Mar 25, 2024 · 2 comments

Comments

@user01010111
Copy link

user01010111 commented Mar 25, 2024
edited

Having issues browsing to https://sponsor.ajay.app -- however https://status.sponsor.ajay.app works fine on both.

Changing between IPv4 and IPv6 connection methods causes the failure. The former works, the latter does not.

IPv6 example:

➜  ~ curl -vvv -6 https://sponsor.ajay.app
*   Trying [2606:4700:e6::ac40:cf0f]:443...
* Connected to sponsor.ajay.app (2606:4700:e6::ac40:cf0f) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* Recv failure: Connection reset by peer
* LibreSSL/3.3.6: error:02FFF036:system library:func(4095):Connection reset by peer
* Closing connection
curl: (35) Recv failure: Connection reset by peer
➜  ~ curl -vvv -6 https://sponsor.ajay.app
*   Trying [2606:4700:e6::ac40:cf0f]:443...
* Connected to sponsor.ajay.app (2606:4700:e6::ac40:cf0f) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* Recv failure: Connection reset by peer
* LibreSSL/3.3.6: error:02FFF036:system library:func(4095):Connection reset by peer
* Closing connection
curl: (35) Recv failure: Connection reset by peer
➜  ~ curl -vvv -6 https://sponsor.ajay.app
*   Trying [2606:4700:e6::ac40:cf0f]:443...
* Connected to sponsor.ajay.app (2606:4700:e6::ac40:cf0f) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=ajay.app
*  start date: Feb 25 14:13:00 2024 GMT
*  expire date: May 25 14:12:59 2024 GMT
*  subjectAltName: host "sponsor.ajay.app" matched cert's "*.ajay.app"
*  issuer: C=US; O=Let's Encrypt; CN=E1
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://sponsor.ajay.app/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: sponsor.ajay.app]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: sponsor.ajay.app
> User-Agent: curl/8.4.0
> Accept: */*
> 
* Recv failure: Connection reset by peer
* LibreSSL SSL_read: LibreSSL/3.3.6: error:02FFF036:system library:func(4095):Connection reset by peer, errno 54
* Failed receiving HTTP2 data: 56(Failure when receiving data from the peer)
* Connection #0 to host sponsor.ajay.app left intact
curl: (56) Recv failure: Connection reset by peer

Whereas, IPv4 works without issue:

➜  ~ curl -vvv -4 https://sponsor.ajay.app
*   Trying 172.64.207.15:443...
* Connected to sponsor.ajay.app (172.64.207.15) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=ajay.app
*  start date: Feb 25 14:13:00 2024 GMT
*  expire date: May 25 14:12:59 2024 GMT
*  subjectAltName: host "sponsor.ajay.app" matched cert's "*.ajay.app"
*  issuer: C=US; O=Let's Encrypt; CN=E1
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://sponsor.ajay.app/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: sponsor.ajay.app]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: sponsor.ajay.app
> User-Agent: curl/8.4.0
> Accept: */*
> 
< HTTP/2 200 
< date: Mon, 25 Mar 2024 11:36:36 GMT
< content-type: text/html
< last-modified: Sun, 17 Mar 2024 01:08:44 GMT
< strict-transport-security: max-age=31536000; includeSubDomains
< cf-cache-status: DYNAMIC
< server: cloudflare
< cf-ray: 869e9aa86ef084a6-HKG
< alt-svc: h3=":443"; ma=86400
< 
<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="x-ua-compatible" content="ie=edge"/><html begins here>

Any ideas? It's preventing the app from working for me.
@mchangrh
Copy link
Contributor

the status subdomain is not proxied through cloudflare, 2606:4700:e6::ac40:cf0f is a CF IP. I can't replicate but you can you use api.sponsor.ajay.app to bypass CF if CF is giving you isssues

@user01010111
Copy link
Author

but you can you use api.sponsor.ajay.app to bypass CF if CF is giving you isssues

Thanks, this has solved the issue. Might look at mirror my own so I avoid smashing the public API directly 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@user01010111 @mchangrh