cmkelley
Very Senior Member
Took the plunge and installed Stubby with @Jack Yaz's patches for the 86U. All the tests check out including the cloudfare help. Super cool. 2 things I noted:
@preacher65's comment about changing the echo | openssl line worked, but I think the correct command is supposed to be:
to ensure the Entware certs were correctly installed. That worked as well and makes more logical sense to me at least since you want to check that those certs were correctly installed.
Looking at the rest of the output from the line above, I noticed this:
even though the script downloaded the files patched for TLS1.3 and the patched getdns and stubby show up in 'opkg list-installed'. This happened either way I did the echo | openssl line. So, while not necessarily a problem, I'm curious as to why it used 1.2 and not 1.3.
EDIT: And now after rebooting the router, stubby claims to be working, all of the checks listed on github work, but 1.1.1.1/help and cloudfare's ESNI checker both say DoT is not working ...
@preacher65's comment about changing the echo | openssl line worked, but I think the correct command is supposed to be:
Code:
echo | openssl s_client -verify on -CApath /opt/etc/ssl/certs -connect 1.1.1.1:853
Looking at the rest of the output from the line above, I noticed this:
Code:
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
Session-ID: 60108C2782ACD64D98C8D33BC329635902F788C8D426B2E3579B28AD96131745
Session-ID-ctx:
Master-Key: 05F9C218F5079B34550DD0A0C4E587FC34F8FC34EF7863A047121F95117FE4856A94237B5C3629A455D4FA7BFDB285B3
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 21600 (seconds)
TLS session ticket:
EDIT: And now after rebooting the router, stubby claims to be working, all of the checks listed on github work, but 1.1.1.1/help and cloudfare's ESNI checker both say DoT is not working ...
Last edited: