On Tue, Nov 06, 2018 at 08:19:07PM +0100, Mark Kettenis wrote:
> > From:
> > Date: Tue, 6 Nov 2018 10:50:20 -0800
> >
> > Both system are on the same network, hub, router etc. The amd system is on
> > Virtualbox on my PC and the arm system is an orangepi one.
> >
> > >From the arm system:
> >
The attached tcpdump traces are from armv7 and amd64 systems. The problem
on the armv7 system is very reproducible even though the pypi.io site uses
different hosts at random.
It has been many years since I analysed tcp traces and then it was with
wireshark and so my abilities are lacking.
On 2018/11/13 20:43, Bob Beck wrote:
> I have worked around this, for now, however this is NOT a bug. The
> key they are using for the accepted sigalg does not use the right
> curve,
> So when we check for the curve, we should reject this signature ->
> this site is doing it wrong.
>
> I have
On Wed, Nov 14, 2018 at 03:20:59AM -0700, Anthony J. Bentley wrote:
> Hi,
>
> I have httpd running two servers on two different ports:
>
> server "a" {
> listen on * port 8080
> root "/foo"
> }
>
> server "b" {
> listen on * port 8081
>
Hi,
I have httpd running two servers on two different ports:
server "a" {
listen on * port 8080
root "/foo"
}
server "b" {
listen on * port 8081
root "/bar"
}
/var/www/foo/ contains foo.html, and /var/www/bar/ contains bar.html.
On Tue, Nov 13, 2018 at 08:40:58PM -0700, Bob Beck wrote:
> This is fixed, I had the wrong hash NID in the legacy sigalgs.
>
> Interesting fact: when the client sends sigalgs in order of
> preference, mircosoft processes all of them for every cipher type, and
> therefore chooses the weakest ;)