On Nov 15, 2016, at 5:30 PM, Carl Byington <carl@five-ten-sg.com> wrote:
openssl s_client -connect www.pay.gov:443
I’m not seeing the issue here, but they do have some possible issues the way they’re setting cookies (See details below). What path are you seeing to them? I’m also not having the issue from the IETF97 network here in Seoul which has IPv6 as well. puck:~$ traceroute6 www.pay.gov. traceroute to www.pay.gov. (2605:3100:fffd:100::15), 30 hops max, 80 byte packets 1 ge-0-7-0-22.r05.chcgil09.us.bb.gin.ntt.net (2001:418:3f4::1) 0.751 ms 0.871 ms 0.994 ms 2 verio-gw.cgcil.ipv6.att.net (2001:1890:1fff:307:192:205:32:193) 2.008 ms 1.991 ms 2.837 ms 3 cgcil22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:132:198) 27.333 ms 27.167 ms 27.070 ms 4 sl9mo22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:2:178) 27.602 ms 27.646 ms 27.628 ms 5 sl9mo21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:2:217) 30.055 ms 29.894 ms 29.855 ms 6 dlstx22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:2:1) 28.888 ms 27.016 ms 26.933 ms 7 dlstx84crs.ipv6.att.net (2001:1890:ff:ffff:12:123:18:249) 28.126 ms 26.757 ms 26.645 ms 8 2001:1890:ff:ffff:12:122:124:141 (2001:1890:ff:ffff:12:122:124:141) 26.142 ms 26.269 ms 26.179 ms 9 2001:1890:c00:610b::1138:7d27 (2001:1890:c00:610b::1138:7d27) 27.273 ms 27.255 ms 27.544 ms 10 2001:1890:1c08:cf01::2 (2001:1890:1c08:cf01::2) 27.673 ms !X 27.559 ms !X 27.465 ms !X curl -v https://www.pay.gov/public/home * Trying 2605:3100:fffd:100::15... * TCP_NODELAY set * Connected to www.pay.gov (2605:3100:fffd:100::15) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * ALPN/NPN, server did not agree to a protocol * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=www.pay.gov,O=United States Department of Treasury,L=Washington,ST=District of Columbia,C=US * start date: May 28 14:58:43 2015 GMT * expire date: May 29 06:16:02 2018 GMT * common name: www.pay.gov * issuer: CN=Entrust Certification Authority - L1K,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
GET /public/home HTTP/1.1 Host: www.pay.gov User-Agent: curl/7.51.0 Accept: */*
< HTTP/1.1 200 OK < Date: Wed, 16 Nov 2016 21:52:08 GMT < Content-type: text/html; charset=ISO-8859-1 < Strict-transport-security: max-age=31536001; includeSubDomains < Cache-Control: no-cache < Cache-Control: no-store < Pragma: no-cache < Expires: Thu, 01 Jan 1970 00:00:00 GMT < X-XSS-Protection: 1; mode=block < Strict-Transport-Security: max-age=31536000 < Set-Cookie: JSESSIONID=949QYsVLKQqBB42HTy91pJnGfnfJthLfQTv02CvDnt7rNQnpSvb1!1259175335!-1040755441!1479333128223; path=/public; secure; HttpOnly < Set-Cookie: JSESSIONID=949QYsVLKQqBB42HTy91pJnGfnfJthLfQTv02CvDnt7rNQnpSvb1!1259175335!-1040755441; path=/public; HttpOnly < Set-Cookie: ClientId=14793331282345260; path=/public; HttpOnly; secure < Set-Cookie: ClientId=1479333128244363; path=/public; HttpOnly; secure < X-FRAME-OPTIONS: DENY < Content-Language: en-US < X-Powered-By: Servlet/2.5 JSP/2.1 < Transfer-encoding: chunked