[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why there is no encryption if I download files from cdimage.debian.org ?

Hi,

On 3 July 2016 at 23:51,  <german398@ya.ru> wrote:
> Of course I can use Tor. But why you can't make my life easier by just always using the certificate for cdimage.debian.org that you ALREADY have?

Accessing "cdimage.debian.org/" and
"cdimage.debian.org/any-subfolder/" are different things. See:

$ curl -o /dev/null -v cdimage.debian.org/
(...)
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Host: cdimage.debian.org
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 04 Jul 2016 14:36:05 GMT
* Server Apache/2.4.20 (Unix) is not blacklisted
< Server: Apache/2.4.20 (Unix)
< Location: http://www.debian.org/CD/
(...)

Trying to access "/" you are redirected "www.debian.org", which does
have HTTPS enabled. If you try to access "cdimage.debian.org" using
HTTPS, you'll see that currently this is not possible:

$ curl -o /dev/null https://cdimage.debian.org
(...)
curl: (7) Failed to connect to cdimage.debian.org port 443: Connection refused

This way we can't say that "cdimage.debian.org" isn't offering a
certificate that it already has, because this doesn't looks to be the
case.

Regards,
Tiago.

-- 
Tiago "Myhro" Ilieve
Blog: https://blog.myhro.info/
GitHub: https://github.com/myhro
LinkedIn: https://br.linkedin.com/in/myhro
Montes Claros - MG, Brasil
Reply to: