Re: [Sks-devel] Something broken?

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Something broken?

From:	Valentin Sundermann
Subject:	Re: [Sks-devel] Something broken?
Date:	Sat, 19 Nov 2016 16:20:54 +0100

Hey,

>>> There seems to be some HSTS setup blocking access to 
>>> http://keys.vsund.de:11371/pks/lookup?op=stats ?
>> Not HSTS but;
HSTS only prevents a "real" browser from viewing it. As of my
understanding, all other client implementations shouldn't have problems
with HSTS on the domain but HTTP traffic at port 11371.
So I'm sure it isn't a problem.

>> 139752133074456:error:140770FC:SSL 
>> routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
> 
>> (proxy is sending https traffic to http)
> 
>> ie no ssl offload.
I'm pretty sure that this is because of my ssl settings (I only accept
TLS 1.2 atm).
But the clients shouldn't have problem with this either, because they
use the plain protocol at port 11371.

> + a rewrite rule to https, (I hadn't visited the url before so HSTS
> wouldn't apply)
There is one at port 80 but not at 11371. If I understood it correctly,
the client implementations expect to have plain traffic at port 11371.
So having a rewrite there would confuse them, I guess.

Best regards,
Valentin Sundermann

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] Something broken?, (continued)

Prev by Date: Re: [Sks-devel] Unreachable status (still) for pgp.key-server.io
Next by Date: Re: [Sks-devel] SKS and containers
Previous by thread: Re: [Sks-devel] Something broken?
Next by thread: Re: [Sks-devel] Something broken?
Index(es):
- Date
- Thread