My results of my diagnosis 'to'? I usually believe in reporting problemsWorks for me. What were the results of your diagnosis to before posting?
immediately, while investigating the problem on the basis that if I
find out there are problems from other people, I should probably stop
investigating until I hear more. If I hear others don't have the problem and
if I haven't had time to investigate yet, I will move the priority of my
investigation 'up' to look at it ASAP (usually when I get to a break point
in a current task).
But I'm not sure what you mean by my results of my diagnosis 'to'. I
did try to make sure I had current versions of the various perl modules
that seemed to be called, thinking that if it recompiled one, that also might
make the problem go away. Having done that, I thought I should ask to see
if it was problematic for anyone else.
I also looked at perl.orgs security settings. While it has a good overall
grade, it does have a few problems.
No SNI 2 | Incorrect certificate because this client doesn't support SNI |
No FS 1 No SNI 2 | Server sent fatal alert: handshake_failure |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(0xc027 ) ECDH x25519 (eq. 3072
bits RSA) FS WEAK |
128 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(0xc013 ) ECDH x25519 (eq. 3072
bits RSA) FS WEAK |
128 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
(0xc028 ) ECDH x25519 (eq. 3072
bits RSA) FS WEAK |
256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(0xc014 ) ECDH x25519 (eq. 3072
bits RSA) FS WEAK |
256 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
(0x67 ) DH 2048 bits FS WEAK
|
128 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
(0x33 ) DH 2048 bits FS WEAK
|
128 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
(0x6b ) DH 2048 bits FS WEAK
|
256 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
(0x39 ) DH 2048 bits FS WEAK |
Two non-validating certs in the certification path
Alternative names | ingress.local MISMATCH |
Certificate Transparency | No |
Trusted | No NOT TRUSTED Mozilla Apple Android Java Windows |
and
DNS CAA | No (more info) |
and
This site works only in browsers with SNI support.
(maybe the algorithms on some proxies don't support everything yet).
(to see the full report, visit https://www.ssllabs.com/ssltest/analyze.html?d=perl.org)
Are those the types of item you meant by a diagnosis to? I still don't get
what that means.
Thanks
› perl p5-ssl-tools/analyze-ssl.pl pause.perl.org:443 -- pause.perl.org port 443 * maximum SSL version : TLSv1_2 (SSLv23) * supported SSL versions with handshake used and preferred cipher(s): * handshake protocols ciphers * SSLv23 TLSv1_2 AES256-GCM-SHA384 * TLSv1_2 TLSv1_2 AES256-GCM-SHA384 * TLSv1_1 TLSv1_1 AES256-SHA * TLSv1 TLSv1 AES256-SHA * cipher order by : client * SNI supported : ok * certificate verified : ok * chain on 147.75.38.228 * [0/0] bits=2048, ocsp_uri=http://ocsp.int-x3.letsencrypt.org, /CN=pause.perl.org SAN=DNS:pause.cpan.org,DNS:pause.perl.org * [1/1] bits=2048, ocsp_uri=http://isrg.trustid.ocsp.identrust.com, /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 * [-/2] bits=2048, ocsp_uri=, /O=Digital Signature Trust Co./CN=DST Root CA X3 * OCSP stapling : no stapled response * OCSP status : good