<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Hi Daniel,<div><br></div><div>I think this may be because the measurement code doesn’t support TLS 1.3 yet, and vercel.com does. It’s a known issue, we’d like to add TLS 1.3 at some point.</div><div><br></div><div>You can find the relevant code here:</div><div><div style="display: block;"><div style="-webkit-user-select: all; -webkit-user-drag: element; display: inline-block;" class="apple-rich-link" draggable="true" role="link" data-url="https://github.com/RIPE-NCC/ripe-atlas-probe-measurements/blob/7c03fba082e93b7a1f0f14cc3769bb31e83909e3/eperd/sslgetcert.c#L927"><a style="border-radius:10px;font-family:-apple-system, Helvetica, Arial, sans-serif;display:block;-webkit-user-select:none;width:300px;user-select:none;-webkit-user-modify:read-only;user-modify:read-only;overflow:hidden;text-decoration:none;" class="lp-rich-link" rel="nofollow" href="https://github.com/RIPE-NCC/ripe-atlas-probe-measurements/blob/7c03fba082e93b7a1f0f14cc3769bb31e83909e3/eperd/sslgetcert.c#L927" dir="ltr" role="button" draggable="false" width="300"><table style="table-layout:fixed;border-collapse:collapse;width:300px;background-color:#E5E6E9;font-family:-apple-system, Helvetica, Arial, sans-serif;" class="lp-rich-link-emailBaseTable" cellpadding="0" cellspacing="0" border="0" width="300"><tbody><tr><td vertical-align="center" align="center"><img style="width:300px;filter:brightness(0.97);height:150px;" width="300" height="150" draggable="false" class="lp-rich-link-mediaImage" alt="ripe-atlas-probe-measurements.png" src="cid:A348F6D8-B875-4EE1-9EA5-346CF0C8DF96"></td></tr><tr><td vertical-align="center"><table bgcolor="#E5E6E9" cellpadding="0" cellspacing="0" width="300" style="font-family:-apple-system, Helvetica, Arial, sans-serif;table-layout:fixed;background-color:rgba(229, 230, 233, 1);" class="lp-rich-link-captionBar"><tbody><tr><td style="padding:8px 0px 8px 0px;" class="lp-rich-link-captionBar-textStackItem"><div style="max-width:100%;margin:0px 16px 0px 16px;overflow:hidden;" class="lp-rich-link-captionBar-textStack"><div style="word-wrap:break-word;font-weight:500;font-size:12px;overflow:hidden;text-overflow:ellipsis;text-align:left;" class="lp-rich-link-captionBar-textStack-topCaption-leading"><a rel="nofollow" href="https://github.com/RIPE-NCC/ripe-atlas-probe-measurements/blob/7c03fba082e93b7a1f0f14cc3769bb31e83909e3/eperd/sslgetcert.c#L927" style="text-decoration: none" draggable="false"><font color="#272727" style="color: rgba(0, 0, 0, 0.847059);">ripe-atlas-probe-measurements/sslgetcert.c at 7c03fba082e93b7a1f0f14cc3769bb31e83909e3 · RIPE-NCC/ripe-atlas-probe-measurements</font></a></div><div style="word-wrap:break-word;font-weight:400;font-size:11px;overflow:hidden;text-overflow:ellipsis;text-align:left;" class="lp-rich-link-captionBar-textStack-bottomCaption-leading"><a rel="nofollow" href="https://github.com/RIPE-NCC/ripe-atlas-probe-measurements/blob/7c03fba082e93b7a1f0f14cc3769bb31e83909e3/eperd/sslgetcert.c#L927" style="text-decoration: none" draggable="false"><font color="#808080" style="color: rgba(0, 0, 0, 0.498039);">github.com</font></a></div></div></td></tr></tbody></table></td></tr></tbody></table></a></div></div><br></div><div></div><div>Cheers,</div><div><br></div><div>Michel<br><div><br><blockquote type="cite"><div>On 25 Jan 2023, at 18:16, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:</div><br class="Apple-interchange-newline"><div><div>Hi RIPE Atlas folks--<br><br>I noticed today that using the "SSL" probe (gathering X.509 certificates<br>from a TLS endpoint) appears to fail against servers operated by<br>Vercel. the failure is a uniform "handshake failure" according to the<br>web interface.<br><br>I think this might be a bug in the probe's implementation of the client<br>side of TLS. Where could i find the specific implementation of that<br>probe type so that i can debug it further?<br><br>Or, if this is a known issue, where can i read up on it in more detail?<br><br>I've demonstrated this by probing Vercel's own servers, since they<br>appear to be eating their own dogfood.<br><br>You can see this with measurement 49131334:<br>https://atlas.ripe.net/measurements/49131334/#probes<br><br>here is the definition of the query i made:<br><br>{<br> "definitions": [<br> {<br> "target": "vercel.com",<br> "af": 4,<br> "port": 443,<br> "hostname": "vercel.com",<br> "description": "SSL measurement to vercel.com",<br> "resolve_on_probe": true,<br> "skip_dns_check": false,<br> "type": "sslcert"<br> }<br> ],<br> "probes": [<br> {<br> "type": "area",<br> "value": "WW",<br> "requested": 10<br> }<br> ],<br> "is_oneoff": true,<br>}<br><br><br>This is pretty odd, since normal TLS clients appear to be able to<br>connect to them fine. Here's me running a manual handshake debugger<br>against vercel.com's servers:<br><br>$ gnutls-cli-debug vercel.com<br>GnuTLS debug client 3.7.8<br>Checking vercel.com:443<br>whether the server accepts default record size (512 bytes)... yes<br> whether %ALLOW_SMALL_RECORDS is required... no<br> whether we need to disable TLS 1.2... no<br> whether we need to disable TLS 1.1... no<br> whether we need to disable TLS 1.0... no<br> whether %NO_EXTENSIONS is required... no<br> for TLS 1.0 (RFC2246) support... no<br> for TLS 1.0 (RFC2246) support with TLS 1.0 record version... no<br> for TLS 1.1 (RFC4346) support... no<br> fallback from TLS 1.1 to... failed<br> for TLS 1.2 (RFC5246) support... yes<br> for TLS 1.3 (RFC8446) support... yes<br> for known TLS or SSL protocols support... yes<br> TLS1.2 neg fallback from TLS 1.6 to... failed (server requires fallback dance)<br> for HTTPS server name... Vercel<br> for certificate chain order... sorted<br> for safe renegotiation (RFC5746) support... yes<br> for encrypt-then-MAC (RFC7366) support... no<br> for ext master secret (RFC7627) support... no<br> for heartbeat (RFC6520) support... no<br> for version rollback bug in RSA PMS... yes<br> whether the server ignores the RSA PMS version... yes<br>whether small records (512 bytes) are tolerated on handshake... yes<br> whether cipher suites not in SSL 3.0 spec are accepted... yes<br>whether a bogus TLS record version in the client hello is accepted... yes<br> whether the server understands TLS closure alerts... yes<br> whether the server supports session resumption... yes<br> for anonymous authentication support... no<br> for RSA key exchange support... no<br>|<1>| FFDHE groups advertised, but server didn't support it; falling back to server's choice<br> for ephemeral Diffie-Hellman support... yes<br>|<1>| FFDHE groups advertised, but server didn't support it; falling back to server's choice<br> for RFC7919 Diffie-Hellman support... no<br> for ephemeral EC Diffie-Hellman support... yes<br>for VKO GOST-2012 (draft-smyshlyaev-tls12-gost-suites) support... no<br> for curve SECP256r1 (RFC4492)... yes<br> for curve SECP384r1 (RFC4492)... yes<br> for curve SECP521r1 (RFC4492)... yes<br> for curve X25519 (RFC8422)... yes<br> for AES-GCM cipher (RFC5288) support... yes<br> for AES-CCM cipher (RFC6655) support... no<br> for AES-CCM-8 cipher (RFC6655) support... no<br> for AES-CBC cipher (RFC3268) support... no<br> for CAMELLIA-GCM cipher (RFC6367) support... no<br> for CAMELLIA-CBC cipher (RFC5932) support... no<br> for 3DES-CBC cipher (RFC2246) support... no<br> for ARCFOUR 128 cipher (RFC2246) support... no<br> for CHACHA20-POLY1305 cipher (RFC7905) support... yes<br>for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support... no<br> for MD5 MAC support... no<br> for SHA1 MAC support... no<br> for SHA256 MAC support... no<br>for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support... no<br> for max record size (RFC6066) support... no<br> for OCSP status response (RFC6066) support... yes<br>$<br><br>Thanks for any pointers,<br><br> --dkg<br><br>-- <br>ripe-atlas mailing list<br>ripe-atlas@ripe.net<br>https://mailman.ripe.net/<br></div></div></blockquote></div><br></div></body></html>