On 23 Mar 2026, at 10:27, Gert Doering gert@space.net wrote:
hi,
On Mon, Mar 23, 2026 at 09:12:35AM +0100, Jeroen Massar via swinog wrote:
On 22 Mar 2026, at 14:13, Beni Keller via swinog swinog@lists.swinog.ch wrote:
[..]
$ curl -6 https://sbb.ch -v
- Host sbb.ch:443 was resolved.
- IPv6: 2a00:4bc0:ffff:9::c296:f58e
- IPv4: (none)
- Trying [2a00:4bc0:ffff:9::c296:f58e]:443...
- connect to 2a00:4bc0:ffff:9::c296:f58e port 443 from
2001:8e0:1426:1:47d6:12fd:bc19:5704 port 55992 failed: Connection timed out
Note that it is says "timed out", which means it did connect.
Uh, wat? Who are you, and what did you do to Jeroen...?
*Connection* timed out is exactly this - it did not connect.
The delta between coffee and not :)
That is what one skips over when debugging a CT setup for too long ;) [see threads on the other lists]
At the moment and in my usage in last years though it has just worked over IPv6.
From here (5539) and right now, sbb.ch port 443 is not reachable over IPv6...
$ telnet sbb.ch 443 Trying 2a00:4bc0:ffff:9::c296:f58e... telnet: connect to address 2a00:4bc0:ffff:9::c296:f58e: Operation timed out Trying 194.150.245.142... Connected to sbb.ch. Escape character is '^]'.
(using telnet as a lowest-level connection setup tool - there can not be anything MTU related here, before the first actual data packets flow, and telnet will signal that phase with "Connected to...")
so... if we are being pedantic a bit, do remember that telnet does control characters and tries to do negotiation when it connects, thus if the server sends certain chars it could detect you are doing telnet instead of the much cleaner netcat :)
Also, on Mac they removed telnet, which I indeed aliased to 'nc -v' cause like you, we all do port testing still with telnet even though we know the above tidbit. My other friend for it is 'openssl s_client' though as so much is TLS nowadays.
Regards, Jeroen