subject:"Bug#798033\: www.debian.org\: get.debian.org rejects HTTPS connections, but redirects to HTTPS site"

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

2016-02-29 Thread Paul Wise

On Mon, Feb 29, 2016 at 8:26 PM, The Wanderer wrote:

> So unless wget has a similar feature (which would rather surprise me,
> particularly since I don't see one documented in the man page), I think
> this is an unlikely explanation.

Recent versions of wget support HSTS:

pabs@chianamo ~ $ grep www.debian.org .wget-hsts
pabs@chianamo ~ $ wget -qO /dev/null https://www.debian.org/
pabs@chianamo ~ $ grep www.debian.org .wget-hsts
www.debian.org00145674935715552000

However, get.d.o is redirecting to https now. I think this changed
after the bug was filed.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

2016-02-29 Thread The Wanderer

On 2016-02-18 at 04:27, Niklas Edmundsson wrote:

 * The Wanderer  [2015-09-04 12:17]:

> When I connect to http://get.debian.org/ in a Web browser, I
> am redirected to https://www.debian.org/CD/, which is a HTTPS
> site.
> 
> FYI, get.debian.org redirects to http://www.debian.org/CD/
> 
> I think the https stuff comes from the 
> https-was-previously-used-for-this-site-so-lets-enforce-it 
> site/browser feature, I forget what it's called...
> 
> So at least the confusion is not intentional on our part ;-)

The same redirection happens with wget:

$ wget http://get.debian.org/
--2016-02-29 07:19:52--  http://get.debian.org/
Resolving get.debian.org (get.debian.org)... 130.239.18.173,
130.239.18.165, 2001:6b0:e:2018::165, ...
Connecting to get.debian.org (get.debian.org)|130.239.18.173|:80...
connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.debian.org/CD/ [following]
--2016-02-29 07:19:52--  https://www.debian.org/CD/

So unless wget has a similar feature (which would rather surprise me,
particularly since I don't see one documented in the man page), I think
this is an unlikely explanation.

(For that matter, it also happens with lynx, for which I'd be even more
surprised if such a feature were present.)

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

2016-02-18 Thread Niklas Edmundsson


On Thu, 18 Feb 2016, Niklas Edmundsson wrote:


On Thu, 18 Feb 2016, Luca Filipozzi wrote:


On Wed, Feb 17, 2016 at 06:15:46PM -0800, Martin Michlmayr wrote:

* The Wanderer  [2015-09-04 12:17]:

When I connect to http://get.debian.org/ in a Web browser, I am
redirected to https://www.debian.org/CD/, which is a HTTPS site.


FYI, get.debian.org redirects to http://www.debian.org/CD/

I think the https stuff comes from the 
https-was-previously-used-for-this-site-so-lets-enforce-it 
site/browser feature, I forget what it's called...


So at least the confusion is not intentional on our part ;-)


/Nikke
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se  | ni...@acc.umu.se
---
 Only lemmings jump to conclusions.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

2016-02-18 Thread Niklas Edmundsson


On Thu, 18 Feb 2016, Luca Filipozzi wrote:


On Wed, Feb 17, 2016 at 06:15:46PM -0800, Martin Michlmayr wrote:

* The Wanderer  [2015-09-04 12:17]:

When I connect to http://get.debian.org/ in a Web browser, I am
redirected to https://www.debian.org/CD/, which is a HTTPS site.
However, the initial connection attempt is made over HTTP, and is
potentially subject to external observation.

When I connect to https://get.debian.org/, I get a near-instant
"connection refused" or "failed to connect" error.



Initial testing seems to indicate that the same basic behavior occurs
with cdimage.debian.org, which is the old name for the service now
provided by get.debian.org.


debian-admin: can you help with this?


$ host get.debian.org
get.debian.org is an alias for ftp.acc.umu.se.

Carbon copying Niklas Edmundsson (maswan).


This should be doable as long as https is only used for the initial 
redirect stuff, not for the actual file transfer.


Our ftp cluster composed of 5+ year old machines barely have the power 
to do https at 10 gigabit, and we'd like to be able to scale to 100 
gigabit when SUNET gets upgraded later this year.



Niklas, I can get provide an X.509 certificate.


OK, we can handle this off-ticket.

/Nikke
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se  | ni...@acc.umu.se
---
 Has anyone found my marbles?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

2016-02-17 Thread Luca Filipozzi

On Wed, Feb 17, 2016 at 06:15:46PM -0800, Martin Michlmayr wrote:
> * The Wanderer  [2015-09-04 12:17]:
> > When I connect to http://get.debian.org/ in a Web browser, I am
> > redirected to https://www.debian.org/CD/, which is a HTTPS site.
> > However, the initial connection attempt is made over HTTP, and is
> > potentially subject to external observation.
> > 
> > When I connect to https://get.debian.org/, I get a near-instant
> > "connection refused" or "failed to connect" error.
> 
> > Initial testing seems to indicate that the same basic behavior occurs
> > with cdimage.debian.org, which is the old name for the service now
> > provided by get.debian.org.
> 
> debian-admin: can you help with this?

$ host get.debian.org
get.debian.org is an alias for ftp.acc.umu.se.

Carbon copying Niklas Edmundsson (maswan).

Niklas, I can get provide an X.509 certificate.

Let me know,

Luca

-- 
Luca Filipozzi
http://www.crowdrise.com/SupportDebian

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

2016-02-17 Thread Martin Michlmayr

* The Wanderer  [2015-09-04 12:17]:
> When I connect to http://get.debian.org/ in a Web browser, I am
> redirected to https://www.debian.org/CD/, which is a HTTPS site.
> However, the initial connection attempt is made over HTTP, and is
> potentially subject to external observation.
> 
> When I connect to https://get.debian.org/, I get a near-instant
> "connection refused" or "failed to connect" error.

> Initial testing seems to indicate that the same basic behavior occurs
> with cdimage.debian.org, which is the old name for the service now
> provided by get.debian.org.

debian-admin: can you help with this?

-- 
Martin Michlmayr
http://www.cyrius.com/

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

2015-09-04 Thread The Wanderer

Package: www.debian.org
Severity: minor

Dear Maintainer,

I'm not completely positive that this is the correct place for this bug
report, but I don't know of anywhere else which would be better. Please
feel free to reassign if appropriate.

Whenever possible, I prefer to connect to Websites via HTTPS. This
includes all Debian Websites.

When I connect to http://get.debian.org/ in a Web browser, I am
redirected to https://www.debian.org/CD/, which is a HTTPS site.
However, the initial connection attempt is made over HTTP, and is
potentially subject to external observation.

When I connect to https://get.debian.org/, I get a near-instant
"connection refused" or "failed to connect" error. Firefox reports
"Unable to connect", w3m reports "Failed to load", and wget reports
"Connection refused".

Initial testing seems to indicate that the same basic behavior occurs
with cdimage.debian.org, which is the old name for the service now
provided by get.debian.org.

Please make it possible to connect to get.debian.org via HTTPS and have
the redirection function properly.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-2-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

Bug#798033: www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

7 matches

Site Navigation

Mail list logo

Footer information