This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Recent TLS supported by probes?
- Previous message (by thread): [atlas] Recent TLS supported by probes?
- Next message (by thread): [atlas] New on RIPE Labs: Verfploeter: Broad and Load-aware Anycast Mapping
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Philip Homburg
philip.homburg at ripe.net
Mon Nov 13 11:15:09 CET 2017
Hi Stephane, On 2017/11/13 10:10 , Stephane Bortzmeyer wrote: > I cannot get the certificate for <https://dns-resolver.yeti.eu.org/> > (measurement #10174881): "alert" is "{u'description': 40, u'level': > 2}". > > It works with other, more "mainstream", HTTPS sites (see #10174883). I > suspect this is because the probes don't handle the recent TLS > stuff. Can anyone confirm or infirm? The only issue I'm aware of is SNI. We added that in 4780. SNI or no SNI doesn't seem to make a difference to dns-resolver.yeti.eu.org Hmm, looking at the list of ciphers that the measurement code sends, I can see how it can fail if somebody applies a rather script security policy. I'll create a ticket to add improved ciphers. Philip
- Previous message (by thread): [atlas] Recent TLS supported by probes?
- Next message (by thread): [atlas] New on RIPE Labs: Verfploeter: Broad and Load-aware Anycast Mapping
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]