家里 ipv6 访问 api.map.baidu.com ssl 握手失败，发出 Client hello 后收不到 Server hello

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

已注册用户请登录

这是一个创建于 843 天前的主题，其中的信息可能已经有所发展或是发生改变。

家里 ipv6 访问 api.map.baidu.com ssl 握手失败，发出 Client hello 后收不到 Server hello，www.taobao.com ipv6 没问题，一切正常。

起因是最近在家里的 mikrotik hex BR750Gr3 配置了 ipv6 ，通过无状态地址分配 ipv6 ，然后老婆说家里 wifi 打开建行生活 APP 就显示定位失败，我抓包分析发现是 api.map.baidu.com ipv6 地址 SSL 握手失败，导致定位 API 无法连通，显示定位失败。老婆天天吐槽我花那么多钱搞的什么破 wifi （πーπ）（ wifi 是申请买的 unifi ）

所以我就抓包分析了下

curl 回显如下：

$ curl -i -vvv https://api.map.baidu.com
*   Trying 240e:ff:e020:3:0:ff:b0ce:15ad:443...
* Connected to api.map.baidu.com (240e:ff:e020:3:0:ff:b0ce:15ad) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to api.map.baidu.com:443 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to api.map.baidu.com:443

TCPing 80 端口一切正常

$ tcping -c5 -H api.map.baidu.com
Ping http://api.map.baidu.com:80([240e:ff:e020:3:0:ff:b0ce:15ad]:80) - http is open - time=106.713939ms method=GET status=200 bytes=0
Ping http://api.map.baidu.com:80([240e:ff:e020:3:0:ff:b0ce:15ad]:80) - http is open - time=61.98791ms method=GET status=200 bytes=0
Ping http://api.map.baidu.com:80([240e:ff:e020:3:0:ff:b0ce:15ad]:80) - http is open - time=66.884024ms method=GET status=200 bytes=0
Ping http://api.map.baidu.com:80([240e:ff:e020:3:0:ff:b0ce:15ad]:80) - http is open - time=72.943282ms method=GET status=200 bytes=0
Ping http://api.map.baidu.com:80([240e:ff:e020:3:0:ff:b0ce:15ad]:80) - http is open - time=59.91197ms method=GET status=200 bytes=0

Ping statistics http://api.map.baidu.com:80
        5 probes sent.
        5 successful, 0 failed.
Approximate trip times:
        Minimum = 59.91197ms, Maximum = 106.713939ms, Average = 73.688225ms