[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: old https security debian org does not redirect to new page, invalid ssl cert instead

On Tue, 2019-04-02 at 12:02 +0000, dragon@peerfreedom.org wrote:

> and even archive.org has archives of it, on the https URL:
> http://archive.is/MahaH  (and many more)

The URL you quoted explicitly says http not https for security.d.o.

BTW, archive.org and archive.is/fo/today are unrelated projects.

> I got tests from friends both on ipv4 and ipv6, it resolves and connects to:
> and
> 2a02:16a8:dc41:100::233

The security.debian.org domain resolves to a different IP address
depending on the GeoIP region you are doing DNS queries from.


The IP address you mention is used by the server schmelzer.d.o.

I had a bit of a poke around on there and https is being used for this:


I note that other servers (eg mirror-anu.d.o) are also syncproxies and
also some of them host www.d.o and other static sites. Each https
hostname is on one of several IP addresses but we have the web servers
listening on all IP addresses for https. So to not have the web server
listen on security.d.o, we would have to not put it on any of the IPs
used by other services and then tell the web server to listen for https
only on the IPs used by other services. So closing the port is going to
be quite complicated.

Adding https to security.d.o (which we would need in order to redirect)
I'm even less sure of how to do since there is also apt to think about.
I expect this might get tackled once the Fastly CDN finishes their
https beta and deb.d.o gets https support.



Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: