I instrumented /usr/sbin/pollinate to display the trace information: ⟫ sudo pollinate -r <13>Jan 10 16:50:43 pollinate[8877]: system was previously seeded at [2017-01-10 16:48:43.103906490 +0200] <13>Jan 10 16:50:43 pollinate[8877]: client sent challenge to [https://entropy.ubuntu.com/] <13>Jan 10 16:50:44 pollinate[8877]: client verified challenge/response with [https://entropy.ubuntu.com/] <13>Jan 10 16:50:44 pollinate[8877]: client hashed response from [https://entropy.ubuntu.com/] <13>Jan 10 16:50:44 pollinate[8877]: client successfully seeded [/dev/urandom] % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 016:50:43.176650 * Trying 91.189.94.24... 16:50:43.355617 * Connected to entropy.ubuntu.com (91.189.94.24) port 443 (#0) 16:50:43.355891 * found 2 certificates in /etc/pollinate/entropy.ubuntu.com.pem 16:50:43.355909 * found 0 certificates in /dev/null 16:50:43.355959 * ALPN, offering http/1.1 16:50:43.960703 * SSL connection using TLS1.2 / DHE_RSA_AES_128_GCM_SHA256 16:50:43.961323 * server certificate verification OK 16:50:43.961343 * server certificate status verification SKIPPED 16:50:43.961471 * common name: entropy.ubuntu.com (matched) 16:50:43.961489 * server certificate expiration date OK 16:50:43.961504 * server certificate activation date OK 16:50:43.961527 * certificate public key: RSA 16:50:43.961541 * certificate version: #3 16:50:43.961592 * subject: C=GB,L=London,O=Canonical Group Ltd,CN=entropy.ubuntu.com 16:50:43.961611 * start date: Fri, 22 Jul 2016 00:00:00 GMT 16:50:43.961638 * expire date: Tue, 05 Sep 2017 12:00:00 GMT 16:50:43.961672 * issuer: C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA 16:50:43.961698 * compression: NULL 16:50:43.961712 * ALPN, server did not agree to a protocol 16:50:43.961794 > POST / HTTP/1.1 16:50:43.961794 > Host: entropy.ubuntu.com 16:50:43.961794 > User-Agent: pollinate/4.24-0ubuntu1 curl/7.47.0-1ubuntu2.2 cloud-init/ Ubuntu/16.04.1/LTS GNU/Linux/4.4.0-57-generic/x86_64 Intel(R)/Core(TM)/i7-5600U/CPU/@/2.60GHz uptime/224399.63/367735.05 16:50:43.961794 > Accept: */* 16:50:43.961794 > Content-Length: 138 16:50:43.961794 > Content-Type: application/x-www-form-urlencoded 16:50:43.961794 > 16:50:43.961876 } [138 bytes data] 16:50:43.961900 * upload completely sent off: 138 out of 138 bytes 16:50:44.143388 < HTTP/1.1 200 OK 16:50:44.143424 < Date: Tue, 10 Jan 2017 14:50:46 GMT 16:50:44.143435 < Content-Length: 258 16:50:44.143446 < Content-Type: text/plain; charset=utf-8 16:50:44.143456 < X-Cache: MISS from okra 16:50:44.143465 < X-Cache-Lookup: MISS from okra:3128 16:50:44.143475 < Via: 1.1 okra (squid/3.3.8) 16:50:44.143485 < Connection: keep-alive 16:50:44.143495 < 34 396 0 0 100 138 0 140 --:--:-- --:--:-- --:--:-- 14016:50:44.143570 { [258 bytes data] 100 396 100 258 100 138 263 140 --:--:-- --:--:-- --:--:-- 263 16:50:44.143628 * Connection #0 to host entropy.ubuntu.com left intact
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1634346 Title: https://entropy.ubuntu.com lacks Perfect Forward Secrecy (PFS) and has certificate chain issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pollen/+bug/1634346/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
