On Mon, Feb 28, 2022 at 12:24 PM Rodrigo Araujo <araujo...@gmail.com> wrote: > > I'd say the problem is on the host that might not have all packages updated, > namely the ca-certificates (or equivalent) package. At a first glance it > doesn't seem like a firewall problem. > > @Vieri, please try to do a yum/apt (or equivalent depending on the machine OS > package manager) update/upgrade for at least the ca-certificates, openssl and > gnutls packages and try again.
The client hosts are both Windows 10 64bits. The curl client software used for testing is the same (for Windows) and has the same ca-certificates (CAfile: C:\cURL\curl-ca-bundle.crt). In a wireshark pcap file I can see an initial SYN, a SYN,ACK from the Microsoft server, an ACK from my host followed by a "Client Hello" with TLSv1 data. The last packet is an ACK from the Microsoft server, and nothing else. I'm supposing the MS server did not like the Client Hello offer, but why... I'm trying to compare the "Client Hello" data with that of when the same host connects to Teams via 52.113.195.132, or when the "other host in the LAN" properly connects to 52.113.194.132, but I see no difference. On a successful connection, the Server Hello replies with TLS v 1.2 and Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030). I see that even the failing hosts are also offering the same in their "Client Hello" messages. Anyway, if the Teams server is sending back an ACK right after the Client Hello, can I safely discard that there is an issue on the Shorewall router? Thanks, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
