This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] Recent TLS supported by probes?

Previous message (by thread): [atlas] Recent TLS supported by probes?
Next message (by thread): [atlas] New on RIPE Labs: Verfploeter: Broad and Load-aware Anycast Mapping

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Philip Homburg philip.homburg at ripe.net
Mon Nov 13 11:15:09 CET 2017

Hi Stephane,

On 2017/11/13 10:10 , Stephane Bortzmeyer wrote:
> I cannot get the certificate for <https://dns-resolver.yeti.eu.org/>
> (measurement #10174881): "alert" is "{u'description': 40, u'level':
> 2}".
> 
> It works with other, more "mainstream", HTTPS sites (see #10174883). I
> suspect this is because the probes don't handle the recent TLS
> stuff. Can anyone confirm or infirm?

The only issue I'm aware of is SNI. We added that in 4780.

SNI or no SNI doesn't seem to make a difference to dns-resolver.yeti.eu.org

Hmm, looking at the list of ciphers that the measurement code sends, I
can see how it can fail if somebody applies a rather script security policy.

I'll create a ticket to add improved ciphers.

Philip

Previous message (by thread): [atlas] Recent TLS supported by probes?
Next message (by thread): [atlas] New on RIPE Labs: Verfploeter: Broad and Load-aware Anycast Mapping

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]