[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Something broken?
From: |
Valentin Sundermann |
Subject: |
Re: [Sks-devel] Something broken? |
Date: |
Sat, 19 Nov 2016 16:20:54 +0100 |
Hey,
>>> There seems to be some HSTS setup blocking access to
>>> http://keys.vsund.de:11371/pks/lookup?op=stats ?
>> Not HSTS but;
HSTS only prevents a "real" browser from viewing it. As of my
understanding, all other client implementations shouldn't have problems
with HSTS on the domain but HTTP traffic at port 11371.
So I'm sure it isn't a problem.
>> 139752133074456:error:140770FC:SSL
>> routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
>
>> (proxy is sending https traffic to http)
>
>> ie no ssl offload.
I'm pretty sure that this is because of my ssl settings (I only accept
TLS 1.2 atm).
But the clients shouldn't have problem with this either, because they
use the plain protocol at port 11371.
> + a rewrite rule to https, (I hadn't visited the url before so HSTS
> wouldn't apply)
There is one at port 80 but not at 11371. If I understood it correctly,
the client implementations expect to have plain traffic at port 11371.
So having a rewrite there would confuse them, I guess.
Best regards,
Valentin Sundermann
signature.asc
Description: OpenPGP digital signature
- Re: [Sks-devel] Something broken?, (continued)
- Re: [Sks-devel] Something broken?, Valentin Sundermann, 2016/11/17
- Re: [Sks-devel] Something broken?, Danny Horne, 2016/11/18
- Re: [Sks-devel] Something broken?, Valentin Sundermann, 2016/11/18
- Re: [Sks-devel] Something broken?, Kristian Fiskerstrand, 2016/11/18
- Re: [Sks-devel] Something broken?, Kristian Fiskerstrand, 2016/11/18
- Re: [Sks-devel] Something broken?, Michael Jones, 2016/11/18
- Re: [Sks-devel] Something broken?, Michael Jones, 2016/11/18
- Re: [Sks-devel] Something broken?,
Valentin Sundermann <=
- Re: [Sks-devel] Something broken?, Michael Jones, 2016/11/19
- Re: [Sks-devel] Something broken?, Danny Horne, 2016/11/19
- Re: [Sks-devel] Something broken?, Kristian Fiskerstrand, 2016/11/19
- Re: [Sks-devel] Something broken?, Valentin Sundermann, 2016/11/20
- Re: [Sks-devel] Something broken?, Timothy A. Holtzen, 2016/11/18