Trac.nginx.org incorrect https

I noticed that trac.nginx.org has https/SNI configured for the host
but no actual ssl configuration (how do you even do that):

$ openssl s_client -connect trac.nginx.org:443 -servername
trac.nginx.org
CONNECTED(00000003)
140010415498912:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:770:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 318 bytes

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

Relevant (which is how I noticed it in the first place):

https://github.com/EFForg/https-everywhere/pull/1993

Hello!

On Thu, Jun 25, 2015 at 06:16:42PM +0900, Edho A. wrote:

I noticed that trac.nginx.org has https/SNI configured for the host
but no actual ssl configuration (how do you even do that):

The trac.nginx.org domain isn’t available via https.

The IP address trac.nginx.org maps to does have other sites
answering on https/SNI though, and to avoid sending invalid
certificate the “ssl_ciphers aNULL;” is used in the default server
configuration. This is what causes the message you see.

SSL handshake has read 7 bytes and written 318 bytes

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

JFYI:

You can use something like

$ openssl s_client -connect trac.nginx.org:443 -servername
trac.nginx.org -cipher aNULL

to establish a connection. (Requests won’t work though, as the
same server also have “return 444;” in the configuration.)

Relevant (which is how I noticed it in the first place):

https://github.com/EFForg/https-everywhere/pull/1993

When people try to use something they weren’t asked to, it
strikes back.


Maxim D.
http://nginx.org/

On Sat, Jul 4, 2015 at 2:48 PM, Maxim D. [email protected] wrote:

answering on https/SNI though, and to avoid sending invalid

Whoever added it probably didn’t actually try accessing the
site. It has been removed. Thanks.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs