nanog mailing list archives

Re: Google and Coronavirus Tech Handbook

From: Eric Tykwinski <eric-list () truenet com>
Date: Fri, 20 Mar 2020 16:40:26 -0400

Alex, Rob,

So I advised to run through Qualsys’s SSL Test: 
https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com 
<https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com>
It’s pretty much fine, I did manually run though LibreSSL 2.6.5 with OSX 10.14.6 and it errors out, but that’s usually 
an edge case.
____________
eric$ openssl s_client -connect coronavirustechhandbook.com:443 -showcerts -tls1_2 -crlf
CONNECTED(00000006)
4526024300:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake 
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL 
alert number 40
4526024300:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake 
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Start Time: 1584736646
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

On Mar 20, 2020, at 4:34 PM, Alexandre Petrescu <alexandre.petrescu () gmail com> wrote:

please stop writing me private emails, thank you, with due politeness and smiley :-)



Alex, LF/HF 2
Le 20/03/2020 à 19:40, Rob Pickering a écrit :



On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu () gmail com <mailto:alexandre.petrescu () 
gmail com>> wrote:
CA==Certificate Authority

the browser makes me questions before allowing me to see the content, after I click the indicated URL

LF/HF
What root CA list are you using?

I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted 
by the default CA list of the browser vendor on my desktop.

--
Rob Pickering, rob () pickering org <mailto:rob () pickering org>

Current thread:

Google and Coronavirus Tech Handbook Rob Pickering (Mar 20)
- Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
  - Re: Google and Coronavirus Tech Handbook Rob Pickering (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Rob Pickering (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Rob Pickering (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Eric Tykwinski (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Rob Pickering (Mar 20)
    - Re: Google and Coronavirus Tech Handbook Alexandre Petrescu (Mar 20)
- Re: Google and Coronavirus Tech Handbook Randy Bush (Mar 20)