<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<style>
/* Linda's Style playground (c) 2011 L. A Walsh (permission given to
do w/this anything other than claim my original as your own!
-- <a class="moz-txt-link-abbreviated" href="mailto:***@tlinx.org">***@tlinx.org</a> )
*/
/* margin:(X):=T+B+R+L; (V H):V=T+B,H=R+L; (T H B):T,H=R+L, (T R B L) */
html, body {
font: 12pt "Lucida Console", monospace, fixed;
font-size-adjust:.50;
background-color:#f8fefb; color:#104060;
max-width:90ex;
}
table, tbody, tr, td {font: inherit;font-size 11.4pt; }
p { margin: 1em; text-indent:1em }
p+p { margin-top: .75em;margin-bottom:.75em }
small { font-size:85.18% }
big { font-size:117.4% }
quote { font-style:italic;
.l quote { font-style:italic; font-family:cursive,sans-serif;}
em { font-variant:small-caps }
h6 { font-size:85.180%/117.398% }
h5 { font-size:100%/132.824% }
h4 { font-size:117.398%/161.803% }
h3 { font-size:132.824%/200.00% }
h2 { font-size:161.803%/234.797% }
h1 { font-size:200.000%/265.648% }
h1, h2, h3, h4, h5 {font-size: inherit; font-weight:bold}
h5, h6 {font-size: inherit; font-variant:small-caps;}
hr {font-family:monospace:fixed; width:90ex; margin:0;left}
h5 {font: inherit; font-weight:800 }
h6 { font: inherit; font-weight:700 }
h1,h2,h3,h4,h5,h6 { margin:1em }
blockquote { margin:1em 1em; font-style:italic; }
blockquote > p, blockquote > blockquote {
margin-top:0.50em;margin-bottom:0.50em; text-indent:0;}
pre
{
-moz-tab-size: 4;
-o-tab-size: 4;
tab-size: 4;
}
pre, cite { -moz-tab-size:2;-o-tab-size:2;tab-size:2;margin: 1.2em .8em; }
pre, cite, tt {font-style:oblique; background-color:#f6f6f0; color:#202040;
font-family:"Lucida Console", monospace;
}
pre+pre {font-inherit; font-style:oblique;
background-color:#f6f6f0; color:#202040; margin:1ex .8em }
address {font inherit; font-style:oblique; font-family:"Cambria";}
address {font:inherit; margin:1em 3em; background-color:#f8faff;}
address+address {margin:0 2em}
img { margin:1.6em }
q {quotes:"â" "â" "â" "â" }
q:before { content:open-quote }
q:after { content:close-quote }
a, a:link, a:focus, a:visited {text-decoration:underline}
a:link { color:#44BB33 }
a:focus { color: #22FF11 }
a:visited { color: #557722 }
.sig { font: oblique 15.75pt/84pt "Lucida Handwriting",cursive }
.sig:first-letter {
float:left;
font: italic 56pt/84pt "Lucida Calligraphy",cursive;
font-weight:200;
}
#sig_fl {
float:left;font:italic 56pt/84pt "Lucida Calligraphy",cursive;
font-weight:200;
}
@font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face {font-family:Cambria; panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face {font-family:"Lucida Calligraphy"; panose-1:3 1 1 1 1 1 1 1 1 1;}
@font-face {font-family:"Lucida Handwriting"; panose-1:3 1 1 1 1 1 1 1 1 1;}
.MsoNormal, .MsoNormalTab {
padding:0; margin:0; color:"darkmagenta"; background:"honeydew";
font: oblique 100%/100% "Calibri","Verdana","Arial" !important;
}
span.MsoNormal , span.MsoNormalTable {
font-family: inherit !important; font-size: inherit !important; font-style:
inherit !important; color: inherit !important;
}
span[font-family=Arial], span[font-family="Times New Roman"],
font[face=Arial] ,font[face="Times New Roman"] {
font-family: inherit !important; font-size-adjust:inherit !important;
font-size: inherit !important; line-height: inherit !important;
color: inherit !important;
}
</style>
<!-- vim: ts=1 sw=1 et sc fo=cqwa1 tw=78 syntax=css
-->
</head>
<body>
On 2019/08/04 08:50, Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯 wrote:
<blockquote id="mid_20190804175002_116dc16c_champion_fmtyew_tk"
cite="mid:***@champion.fmtyew.tk" type="cite">
<pre wrap="">Works for me. What were the results of your diagnosis to before posting?
</pre>
</blockquote>
My results of my diagnosis 'to'? I usually believe in reporting
problems<br>
immediately, while investigating the problem on the basis that if I<br>
find out there are problems from other people, I should probably stop<br>
investigating until I hear more. If I hear others don't have the
problem and<br>
if I haven't had time to investigate yet, I will move the priority of my<br>
investigation 'up' to look at it ASAP (usually when I get to a break
point <br>
in a current task).<br>
<br>
But I'm not sure what you mean by my results of my diagnosis 'to'.
I<br>
did try to make sure I had current versions of the various perl modules<br>
that seemed to be called, thinking that if it recompiled one, that also
might<br>
make the problem go away. Having done that, I thought I should ask to
see<br>
if it was problematic for anyone else.<br>
<br>
I also looked at perl.orgs security settings. While it has a good
overall<br>
grade, it does have a few problems.<br>
<table class="reportTable">
<tbody>
<tr>
<td class="tableLeft" width="180"><span
class="greySmall colorF88017 cursor-help"
title="Browser does not support Server Name Indication.">No SNI <sup>2</sup></span>
</td>
<td class="tableLeft" colspan="3"> <font color="red">Incorrect
certificate because this client doesn't support SNI</font></td>
</tr>
</tbody>
</table>
<br>
<table class="reportTable">
<tbody>
<tr>
<td class="tableLeft" width="180"> <span
class="greySmall colorF88017 cursor-help"
title="Browser effectively does not support Forward Secrecy.">No FS <sup>1</sup></span>
<span class="greySmall colorF88017 cursor-help"
title="Browser does not support Server Name Indication.">No SNI <sup>2</sup></span>
</td>
<td class="tableLeft" colspan="3"> <font color="red">Server sent
fatal alert: handshake_failure</font></td>
</tr>
</tbody>
</table>
<br>
<table class="reportTable">
<tbody class="cipher1Block">
<tr class="tableRow">
<td class="tableLeft"><font color="#f88017">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(<code>0xc027</code>) <span class="greySmall">ECDH x25519 (eq. 3072
bits RSA) FS</span> <b>WEAK</b></font> </td>
<td class="tableRight"><font color="#f88017">128</font></td>
</tr>
<tr class="tableRow">
<td class="tableLeft"><font color="#f88017">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(<code>0xc013</code>) <span class="greySmall">ECDH x25519 (eq. 3072
bits RSA) FS</span> <b>WEAK</b></font> </td>
<td class="tableRight"><font color="#f88017">128</font></td>
</tr>
<tr class="tableRow">
<td class="tableLeft"><font color="#f88017">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
(<code>0xc028</code>) <span class="greySmall">ECDH x25519 (eq. 3072
bits RSA) FS</span> <b>WEAK</b></font> </td>
<td class="tableRight"><font color="#f88017">256</font></td>
</tr>
<tr class="tableRow">
<td class="tableLeft"><font color="#f88017">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(<code>0xc014</code>) <span class="greySmall">ECDH x25519 (eq. 3072
bits RSA) FS</span> <b>WEAK</b></font> </td>
<td class="tableRight"><font color="#f88017">256</font></td>
</tr>
<tr class="tableRow">
<td class="tableLeft"><font color="#f88017">TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
(<code>0x67</code>) <span class="greySmall"> <span
title="p: 256, g: 256, Ys: 256">DH 2048 bits</span> FS</span> <b>WEAK</b></font>
</td>
<td class="tableRight"><font color="#f88017">128</font></td>
</tr>
<tr class="tableRow">
<td class="tableLeft"><font color="#f88017">TLS_DHE_RSA_WITH_AES_128_CBC_SHA
(<code>0x33</code>) <span class="greySmall"> <span
title="p: 256, g: 256, Ys: 256">DH 2048 bits</span> FS</span> <b>WEAK</b></font>
</td>
<td class="tableRight"><font color="#f88017">128</font></td>
</tr>
<tr class="tableRow">
<td class="tableLeft"><font color="#f88017">TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
(<code>0x6b</code>) <span class="greySmall"> <span
title="p: 256, g: 256, Ys: 256">DH 2048 bits</span> FS</span> <b>WEAK</b></font>
</td>
<td class="tableRight"><font color="#f88017">256</font></td>
</tr>
<tr class="tableRow">
<td class="tableLeft"><font color="#f88017">TLS_DHE_RSA_WITH_AES_256_CBC_SHA
(<code>0x39</code>) <span class="greySmall"> <span
title="p: 256, g: 256, Ys: 256">DH 2048 bits</span> FS</span> <b>WEAK</b></font></td>
</tr>
</tbody>
</table>
<br>
Two non-validating certs in the certification path<br>
<table class="reportTable">
<tbody>
<tr class="tableRow">
<td class="tableLabel"><font color="red">Alternative names</font></td>
<td class="tableCell"><font color="red">ingress.local <b>MISMATCH</b></font></td>
</tr>
</tbody>
</table>
<br>
<table class="reportTable">
<tbody>
<tr class="tableRow">
<td class="tableLabel"><font color="#f88017">Certificate
Transparency</font></td>
<td class="tableCell"><font color="#f88017">No</font></td>
</tr>
</tbody>
</table>
<table class="reportTable">
<tbody>
<tr class="tableRow">
<td class="tableLabel"><font color="red">Trusted</font></td>
<td class="tableCell"><font color="red">No <b>NOT TRUSTED</b> <b><br>
<span class="greySmall"> <font
title="Not trusted by Mozilla trust store" class="cursor-help"
color="red">Mozilla</font> <font
title="Not trusted by Apple trust store" class="cursor-help"
color="red">Apple</font> <font
title="Not trusted by Android trust store" class="cursor-help"
color="red">Android</font> <font
title="Not trusted by Java trust store" class="cursor-help" color="red">Java</font>
<font title="Not trusted by Windows trust store"
class="cursor-help" color="red">Windows</font> </span></b> </font></td>
</tr>
</tbody>
</table>
<br>
<table class="reportTable cert3Block" style="">
<tbody id="Mozilla3content" class="tabcontent3 fadeEffect"
style="display: block;">
<tr class="tableSeparator">
</tr>
<tr class="tableSeparator">
<td class="tableSubHead" colspan="3">
<div class="serverKeyCert"> Path #1: Not trusted (path does not
chain to a trusted anchor) </div>
<a
href="https://www.ssllabs.com/ssltest/getTestTrustPath?d=perl.org&cid=f3ad7002ec7520bfc5fae4334888b7d039663f153d902e0d9c2140dd5127a0e3&time=1564948165870&id=1&trustStore=1"
title="Download chain"> </a> </td>
</tr>
<tr class="tableRow">
<td class="tableCell tableCellRight"><b>1</b></td>
<td class="tableCell tableCellCenter"> Sent by server <br>
<font color="#f88017">Not in trust store</font> </td>
<td class="tableCell"
title="CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co">Kubernetes
Ingress Controller Fake Certificate <font color="grey">Self-signed</font>
<br>
<span class="greySmall"> Fingerprint SHA256:
7f1f24f5e310c37f96c342ec61d1c49198b86c02990de8095111fc16ed722c1a<br>
Pin SHA256: 6QdPoeWrBas67CYtT56BVDIw2Wird4ZKQRrztEFy124= </span> <br>
RSA 2048 bits (e 65537) / SHA256withRSA </td>
</tr>
</tbody>
</table>
<br>
and <br>
<table class="reportTable">
<tbody>
<tr class="tableRow">
<td class="tableLabel"><font color="#f88017">DNS CAA</font></td>
<td class="tableCell"><font color="#f88017">No (<a
class="colorF88017"
href="https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum">more
info</a>)</font></td>
</tr>
</tbody>
</table>
Which was passed as a standard<br>
and<br>
This site works only in browsers with SNI support. <br>
<br>
(maybe the algorithms on some proxies don't support everything yet).<br>
<br>
(to see the full report, visit
<a class="moz-txt-link-freetext" href="https://www.ssllabs.com/ssltest/analyze.html?d=perl.org">https://www.ssllabs.com/ssltest/analyze.html?d=perl.org</a>)<br>
<br>
<br>
Are those the types of item you meant by a diagnosis to? I still don't
get<br>
what that means.<br>
<br>
Thanks<br>
<br>
<blockquote id="mid_20190804175002_116dc16c_champion_fmtyew_tk"
cite="mid:***@champion.fmtyew.tk" type="cite">
<pre wrap="">
› perl p5-ssl-tools/analyze-ssl.pl pause.perl.org:443
-- pause.perl.org port 443
* maximum SSL version : TLSv1_2 (SSLv23)
* supported SSL versions with handshake used and preferred cipher(s):
* handshake protocols ciphers
* SSLv23 TLSv1_2 AES256-GCM-SHA384
* TLSv1_2 TLSv1_2 AES256-GCM-SHA384
* TLSv1_1 TLSv1_1 AES256-SHA
* TLSv1 TLSv1 AES256-SHA
* cipher order by : client
* SNI supported : ok
* certificate verified : ok
* chain on 147.75.38.228
* [0/0] bits=2048, ocsp_uri=<a class="moz-txt-link-freetext" href="http://ocsp.int-x3.letsencrypt.org">http://ocsp.int-x3.letsencrypt.org</a>, /CN=pause.perl.org SAN=DNS:pause.cpan.org,DNS:pause.perl.org
* [1/1] bits=2048, ocsp_uri=<a class="moz-txt-link-freetext" href="http://isrg.trustid.ocsp.identrust.com">http://isrg.trustid.ocsp.identrust.com</a>, /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
* [-/2] bits=2048, ocsp_uri=, /O=Digital Signature Trust Co./CN=DST Root CA X3
* OCSP stapling : no stapled response
* OCSP status : good
</pre>
</blockquote>
</body>
</html>