TLS handshake fails for some sites over IPv6?

  • I'm using a pfSense box behind an ADSL modem (bridge mode). The setup worked nicely for a very long time but since the last reset of my PPPoE session, I've having strange behaviour with some TLS services over IPv6. My ISP (Proximus in Belgium) made some changes on their network but I don't know which ones.

    My PPPoE session has an MTU of 1492. No packet is dropped by the firewall. TCP 3-way handshake is ok, not a routing issue.

    Any idea where to look for? This affects all hosts on the LAN (OSX, Linux, Windows)

    $ curl -v
    * Rebuilt URL to:
    *   Trying 2001:bc8:xxxx:xxx::1...
    * TCP_NODELAY set
    *   Trying
    * TCP_NODELAY set
    * Connected to (2001:bc8:xxxx:xxx::1) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: /etc/ssl/cert.pem
      CApath: none
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
    * stopped the pause stream!
    * Closing connection 0
    curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to

  • Did you manage to find a solution to the above problem?

  • No, the problem disappeared by itself… Probably an issue with my ISP?

Log in to reply