江苏电信宽带知乎 ipv6 tls 连接超时

IPv6 访问超时

~$ curl https://www.zhihu.com -v --ipv6
*   Trying 240e:978:5404:0:35:::443...
* TCP_NODELAY set
* Connected to www.zhihu.com (240e:978:5404:0:35::) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
（无响应）

~$ curl https://www.zhihu.com -v --ipv6 --tls-max 1.2
*   Trying 240e:978:5404:0:38:::443...
* TCP_NODELAY set
* Connected to www.zhihu.com (240e:978:5404:0:38::) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
（无响应）

IPv4 正常

~$ curl https://www.zhihu.com -v --ipv4
*   Trying 180.101.217.181:443...
* TCP_NODELAY set
* Connected to www.zhihu.com (180.101.217.181) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=CN; ST=\U5317\U4EAC\U5E02; O=\U667A\U8005\U56DB\U6D77\UFF08\U5317\U4EAC\UFF09\U6280\U672F\U6709\U9650\U516C\U53F8; CN=*.zhihu.com
*  start date: Nov 25 00:00:00 2020 GMT
*  expire date: Dec 26 23:59:59 2021 GMT
*  subjectAltName: host "www.zhihu.com" matched cert's "*.zhihu.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust CN RSA CA G1
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56553628ae10)
> GET / HTTP/2
> Host: www.zhihu.com
> user-agent: curl/7.68.0
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 302
< server: CLOUD ELB 1.0.0
< date: Sun, 06 Jun 2021 14:51:06 GMT
< content-type: text/html; charset=utf-8
< set-cookie: _zap=<???>; path=/; expires=Tue, 06 Jun 2023 14:51:06 GMT; domain=.zhihu.com
< location: //www.zhihu.com/signin?next=%2F
< x-backend-response: 0.032
< pragma: no-cache
< vary: Accept-Encoding
< referrer-policy: no-referrer-when-downgrade
< x-secng-response: 0.03499<???>
< set-cookie: _xsrf=<???>; path=/; domain=zhihu.com; expires=Thu, 23-Nov-23 14:51:06 GMT
< x-lb-timing: 0.035
< x-idc-id: 2
< set-cookie: KLBRSID=<???>; Path=/
< cache-control: private, must-revalidate, no-cache, no-store, max-age=0
< content-length: 93
< x-nws-log-uuid: <???>
< x-cache-lookup: Cache Miss
< x-edge-timing: 0.064
< x-cdn-provider: tencent
<
* Connection #0 to host www.zhihu.com left intact
Redirecting to <a href="//www.zhihu.com/signin?next=%2F">//www.zhihu.com/signin?next=%2F</a>.

DNS 查询

~$ dig www.zhihu.com aaaa @240e:5a::6666

; <<>> DiG 9.16.1-Ubuntu <<>> www.zhihu.com aaaa @240e:5a::6666
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57073
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.zhihu.com.                 IN      AAAA

;; ANSWER SECTION:
www.zhihu.com.          8       IN      CNAME   www.zhihu.com.ipv6.dsa.dnsv1.com.
www.zhihu.com.ipv6.dsa.dnsv1.com. 135 IN CNAME  1595096.sched.d0-dk.tdnsv5.com.
1595096.sched.d0-dk.tdnsv5.com. 8 IN    AAAA    240e:978:5404:0:35::
1595096.sched.d0-dk.tdnsv5.com. 8 IN    AAAA    240e:978:5404:0:33::
1595096.sched.d0-dk.tdnsv5.com. 8 IN    AAAA    240e:978:5404:0:3b::
1595096.sched.d0-dk.tdnsv5.com. 8 IN    AAAA    240e:978:30a:7:2d::
1595096.sched.d0-dk.tdnsv5.com. 8 IN    AAAA    240e:978:5404:0:39::
1595096.sched.d0-dk.tdnsv5.com. 8 IN    AAAA    240e:978:5404:0:38::
1595096.sched.d0-dk.tdnsv5.com. 8 IN    AAAA    240e:978:a08:2:3b::
1595096.sched.d0-dk.tdnsv5.com. 8 IN    AAAA    240e:978:a08:2:2a::
1595096.sched.d0-dk.tdnsv5.com. 8 IN    AAAA    240e:978:5404:0:36::

;; Query time: 8 msec
;; SERVER: 240e:5a::6666#53(240e:5a::6666)
;; WHEN: Sun Jun 06 14:54:26 UTC 2021
;; MSG SIZE  rcvd: 367

江苏电信宽带 知乎 ipv6 tls 连接超时

江苏电信宽带知乎 ipv6 tls 连接超时