On 11/16/16, Mark Andrews <ma...@isc.org> wrote: > > In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington > writes > : >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> Following up on a two year old thread, one of my clients just hit this >> problem. The failure is not that www.pay.gov is not reachable over ipv6 >> (2605:3100:fffd:100::15). They accept (TCP handshake) the port 443 >> connection, but the connection then hangs waiting for the TLS handshake. >> >> openssl s_client -connect www.pay.gov:443 >> >> openssl s_client -servername www.pay.gov -connect 199.169.192.21:443 >> >> Browsers (at least firefox) see that as a very slow site, and it does >> not trigger their happy eyeballs fast failover to ipv4. > > Happy eyeballs is about making the connection not whether TCP > connections work after the initial packet exchange. > > I would send a physical letter to the relevent Inspector General > requesting that they ensure all web sites under their juristiction > that are supposed to be reachable from the public net get audited > regularly to ensure that IPv6 connections work from public IP space.
That will absolutely work. NIST is still monitoring ipv6 .gov sites https://usgv6-deploymon.antd.nist.gov/cgi-bin/generate-gov so the IG isn't going to do anything there & pay.gov has a contact us page https://pay.gov/public/home/contact that I'd bet works much better than a letter to the IG Regards, Lee