Google and Coronavirus Tech Handbook

Eric Tykwinski eric-list at truenet.com
Fri Mar 20 20:40:26 UTC 2020 

Alex, Rob,

So I advised to run through Qualsys’s SSL Test: https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com <https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com>
It’s pretty much fine, I did manually run though LibreSSL 2.6.5 with OSX 10.14.6 and it errors out, but that’s usually an edge case.
____________
eric$ openssl s_client -connect coronavirustechhandbook.com:443 -showcerts -tls1_2 -crlf
CONNECTED(00000006)
4526024300:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 40
4526024300:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Start Time: 1584736646
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Mar 20, 2020, at 4:34 PM, Alexandre Petrescu <alexandre.petrescu at gmail.com> wrote:
> 
> please stop writing me private emails, thank you, with due politeness and smiley :-)
> 
> 
> 
> Alex, LF/HF 2
> Le 20/03/2020 à 19:40, Rob Pickering a écrit :
>> 
>> 
>> On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu at gmail.com <mailto:alexandre.petrescu at gmail.com>> wrote:
>> CA==Certificate Authority
>> 
>> the browser makes me questions before allowing me to see the content, after I click the indicated URL
>> 
>> LF/HF
>> What root CA list are you using?
>> 
>> I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop.
>> 
>> --
>> Rob Pickering, rob at pickering.org <mailto:rob at pickering.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200320/10a2d510/attachment.html>

More information about the NANOG mailing list