Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site
On Mon, Feb 29, 2016 at 8:26 PM, The Wanderer wrote: > So unless wget has a similar feature (which would rather surprise me, > particularly since I don't see one documented in the man page), I think > this is an unlikely explanation. Recent versions of wget support HSTS: pabs@chianamo ~ $ grep www.debian.org .wget-hsts pabs@chianamo ~ $ wget -qO /dev/null https://www.debian.org/ pabs@chianamo ~ $ grep www.debian.org .wget-hsts www.debian.org00145674935715552000 However, get.d.o is redirecting to https now. I think this changed after the bug was filed. -- bye, pabs https://wiki.debian.org/PaulWise
Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site
On 2016-02-18 at 04:27, Niklas Edmundsson wrote: * The Wanderer[2015-09-04 12:17]: > When I connect to http://get.debian.org/ in a Web browser, I > am redirected to https://www.debian.org/CD/, which is a HTTPS > site. > > FYI, get.debian.org redirects to http://www.debian.org/CD/ > > I think the https stuff comes from the > https-was-previously-used-for-this-site-so-lets-enforce-it > site/browser feature, I forget what it's called... > > So at least the confusion is not intentional on our part ;-) The same redirection happens with wget: $ wget http://get.debian.org/ --2016-02-29 07:19:52-- http://get.debian.org/ Resolving get.debian.org (get.debian.org)... 130.239.18.173, 130.239.18.165, 2001:6b0:e:2018::165, ... Connecting to get.debian.org (get.debian.org)|130.239.18.173|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://www.debian.org/CD/ [following] --2016-02-29 07:19:52-- https://www.debian.org/CD/ So unless wget has a similar feature (which would rather surprise me, particularly since I don't see one documented in the man page), I think this is an unlikely explanation. (For that matter, it also happens with lynx, for which I'd be even more surprised if such a feature were present.) -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site
On Thu, 18 Feb 2016, Niklas Edmundsson wrote: On Thu, 18 Feb 2016, Luca Filipozzi wrote: On Wed, Feb 17, 2016 at 06:15:46PM -0800, Martin Michlmayr wrote: * The Wanderer[2015-09-04 12:17]: When I connect to http://get.debian.org/ in a Web browser, I am redirected to https://www.debian.org/CD/, which is a HTTPS site. FYI, get.debian.org redirects to http://www.debian.org/CD/ I think the https stuff comes from the https-was-previously-used-for-this-site-so-lets-enforce-it site/browser feature, I forget what it's called... So at least the confusion is not intentional on our part ;-) /Nikke -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | ni...@acc.umu.se --- Only lemmings jump to conclusions. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site
On Thu, 18 Feb 2016, Luca Filipozzi wrote: On Wed, Feb 17, 2016 at 06:15:46PM -0800, Martin Michlmayr wrote: * The Wanderer[2015-09-04 12:17]: When I connect to http://get.debian.org/ in a Web browser, I am redirected to https://www.debian.org/CD/, which is a HTTPS site. However, the initial connection attempt is made over HTTP, and is potentially subject to external observation. When I connect to https://get.debian.org/, I get a near-instant "connection refused" or "failed to connect" error. Initial testing seems to indicate that the same basic behavior occurs with cdimage.debian.org, which is the old name for the service now provided by get.debian.org. debian-admin: can you help with this? $ host get.debian.org get.debian.org is an alias for ftp.acc.umu.se. Carbon copying Niklas Edmundsson (maswan). This should be doable as long as https is only used for the initial redirect stuff, not for the actual file transfer. Our ftp cluster composed of 5+ year old machines barely have the power to do https at 10 gigabit, and we'd like to be able to scale to 100 gigabit when SUNET gets upgraded later this year. Niklas, I can get provide an X.509 certificate. OK, we can handle this off-ticket. /Nikke -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | ni...@acc.umu.se --- Has anyone found my marbles? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site
On Wed, Feb 17, 2016 at 06:15:46PM -0800, Martin Michlmayr wrote: > * The Wanderer[2015-09-04 12:17]: > > When I connect to http://get.debian.org/ in a Web browser, I am > > redirected to https://www.debian.org/CD/, which is a HTTPS site. > > However, the initial connection attempt is made over HTTP, and is > > potentially subject to external observation. > > > > When I connect to https://get.debian.org/, I get a near-instant > > "connection refused" or "failed to connect" error. > > > Initial testing seems to indicate that the same basic behavior occurs > > with cdimage.debian.org, which is the old name for the service now > > provided by get.debian.org. > > debian-admin: can you help with this? $ host get.debian.org get.debian.org is an alias for ftp.acc.umu.se. Carbon copying Niklas Edmundsson (maswan). Niklas, I can get provide an X.509 certificate. Let me know, Luca -- Luca Filipozzi http://www.crowdrise.com/SupportDebian
Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site
* The Wanderer[2015-09-04 12:17]: > When I connect to http://get.debian.org/ in a Web browser, I am > redirected to https://www.debian.org/CD/, which is a HTTPS site. > However, the initial connection attempt is made over HTTP, and is > potentially subject to external observation. > > When I connect to https://get.debian.org/, I get a near-instant > "connection refused" or "failed to connect" error. > Initial testing seems to indicate that the same basic behavior occurs > with cdimage.debian.org, which is the old name for the service now > provided by get.debian.org. debian-admin: can you help with this? -- Martin Michlmayr http://www.cyrius.com/
Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site
Package: www.debian.org Severity: minor Dear Maintainer, I'm not completely positive that this is the correct place for this bug report, but I don't know of anywhere else which would be better. Please feel free to reassign if appropriate. Whenever possible, I prefer to connect to Websites via HTTPS. This includes all Debian Websites. When I connect to http://get.debian.org/ in a Web browser, I am redirected to https://www.debian.org/CD/, which is a HTTPS site. However, the initial connection attempt is made over HTTP, and is potentially subject to external observation. When I connect to https://get.debian.org/, I get a near-instant "connection refused" or "failed to connect" error. Firefox reports "Unable to connect", w3m reports "Failed to load", and wget reports "Connection refused". Initial testing seems to indicate that the same basic behavior occurs with cdimage.debian.org, which is the old name for the service now provided by get.debian.org. Please make it possible to connect to get.debian.org via HTTPS and have the redirection function properly. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-2-amd64 (SMP w/12 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)