Greetings,
I'm trying from several different machines in the house, some directly
connected, as well as any thru the NAT interface. This is the ONLY site
I cannot reach normally. I have to use the Tor browser to reach the
site, and, even then, once I get a new cygwin setup .exe, the list of
mirrors doesn't auto-fill because (surprise, surprise) I cannot connect
via any known protocol to either www.cygwin.com or 209.132.180.131.
The SSL certificates I get from a successful Tor hit and an unsuccessful
403 from home are identical
I am concluding that at least the address range 69.12.250.{40-47} are
being blocked; and it probably extends beyond that.
Firewall is a Watchguard Firebox running pf_sense. I get the 403 even
with a direct (non-firewalled, non-routed connection)
I have attached two .txt file with runs from two servers within my
house, one running NetBSD, one running Windows [thus the importance of
cygwin].
Included are runs from 'host'/'nslookup', 'ping', 'traceroute', 'curl'
and 'openssl'
This is NOT a local firewall issue, otherwise my other machines on
different addresses would not have a problem.
smaug is my internal firewall.
stupidhead is the default next hop from said firewall.
"...it's nothing to do with cygwin.com."
Sooooo, why else would I get a refusal from the web server from this
address when I can connect from elsewhere ** and the SSL certificate is
the same ** ??
What am I missing?
"...but there's nothing we can do from here."
Where is "here"? If "here" == "cygwin.com", you can't tell me if my IP
is on an internal blacklist (and, moreso, why?)??
On 2017-04-21 08:06, Gluszczak, Glenn wrote:
Agree, it's nothing to do with Cygwin.com.
Check for a firewall on your local machine. Check your home router to see if
it has a firewall with restrictions.
Perhaps you're passing through a proxy server or firewall at the ISP?
Try traceroute or wget to analyze what site you're really attaching to.
On 4/21/2017 2:35 AM, Greywolf wrote:
Hello,
I am having a server issue that neither I nor my ISP seem to be able
to resolve with regards to connecting to Cygwin.com -- namely, only
from my house, I get a 403 Forbidden.
This is _your_ problem. Something has caused you to not be able to reach
cygwin.com properly. What IP address does cygwin.com resolve to?
Does using the IP address directly work for you?
$ ping cygwin.com
Pinging cygwin.com [209.132.180.131] with 32 bytes of data:
I've been round with my ISP and they are unable to reproduce the
issue; the response I get from here is "contact your ISP". So who do
I contact about this? Not being able to automagically fetch the
mirror list is annoying, and not being able to reach the site to see
about updates and such is similarly so.
Understandable but nothing we can do from here.
--- output from 'nslookup www.cygwin.com', Windows@69.12.250.40
Non-authoritative answer:
Server: galadriel.middle-earth.starwolf.com
Address: xx.xx.xx.xx
Name: www.cygwin.com
Address: 209.132.180.131
--- output from 'ping www.cygwin.com', Windows@69.12.250.40
Pinging www.cygwin.com [209.132.180.131] with 32 bytes of data:
Reply from 209.132.180.131: bytes=32 time=89ms TTL=49
Reply from 209.132.180.131: bytes=32 time=78ms TTL=49
Reply from 209.132.180.131: bytes=32 time=77ms TTL=49
Reply from 209.132.180.131: bytes=32 time=78ms TTL=49
Ping statistics for 209.132.180.131:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 77ms, Maximum = 89ms, Average = 80ms
--- output from 'tracert www.cygwin.com', Windows@69.12.250.40
Tracing route to www.cygwin.com [209.132.180.131]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms smaug.middle-earth.starwolf.com [172.21.12.1]
2 48 ms 49 ms 51 ms 69-12-250-1.static.dsltransport.net
[69.12.250.1]
3 48 ms 49 ms 49 ms 109.at-4-0-0.gw3.200p-sf.sonic.net
[208.106.28.117]
4 48 ms 49 ms 49 ms 0.ae2.gw.200p-sf.sonic.net [70.36.211.53]
5 49 ms 49 ms 51 ms as0.gw2.200p-sf.sonic.net [208.106.96.250]
6 50 ms 51 ms 51 ms 303.ae4.gw.pao1.sonic.net [69.12.163.217]
7 53 ms 51 ms 53 ms te0-0-0-15.ccr21.sjc04.atlas.cogentco.com
[38.104.141.81]
8 52 ms 53 ms 53 ms be2013.ccr41.sjc03.atlas.cogentco.com
[154.54.5.105]
9 53 ms 53 ms 53 ms be3144.ccr22.sjc01.atlas.cogentco.com
[154.54.5.101]
10 65 ms 65 ms 65 ms be3177.ccr22.lax01.atlas.cogentco.com
[154.54.40.145]
11 77 ms 77 ms 75 ms be2932.ccr22.phx02.atlas.cogentco.com
[154.54.45.161]
12 77 ms 77 ms 77 ms be2125.agr12.phx02.atlas.cogentco.com
[154.54.1.102]
13 77 ms 79 ms 77 ms 154.24.53.154
14 77 ms 77 ms 77 ms 38.88.238.30
15 89 ms 91 ms 93 ms unused [66.187.228.249]
16 89 ms 91 ms 89 ms transit-21-180-132-209.redhat.com
[209.132.180.21]
17 77 ms 79 ms 81 ms server1.sourceware.org [209.132.180.131]
Trace complete.
--- output from 'curl -vso /dev/null https://www.cygwin.com',
--- Windows@69.12.250.40
* STATE: INIT => CONNECT handle 0x6000579c0; line 1413 (connection #-5000)
* Rebuilt URL to: https://www.cygwin.com/
* Added connection 0. The cache now contains 1 members
* Trying 209.132.180.131...
* TCP_NODELAY set
* STATE: CONNECT => WAITCONNECT handle 0x6000579c0; line 1466 (connection #0)
* Connected to www.cygwin.com (209.132.180.131) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000579c0; line 1583
(connection #0)
* Marked for [keep alive]: HTTP default
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x6000579c0; line 1597
(connection #0)
{ [5 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [98 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2519 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=cygwin.com
* start date: Mar 1 03:04:00 2017 GMT
* expire date: May 30 03:04:00 2017 GMT
* subjectAltName: host "www.cygwin.com" matched cert's "www.cygwin.com"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* STATE: PROTOCONNECT => DO handle 0x6000579c0; line 1618 (connection #0)
} [5 bytes data]
> GET / HTTP/1.1
> Host: www.cygwin.com
> User-Agent: curl/7.52.1
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x6000579c0; line 1680 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x6000579c0; line 1807 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x6000579c0; line 1817 (connection #0)
{ [5 bytes data]
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 403 Forbidden
< Date: Sat, 22 Apr 2017 19:39:30 GMT
* Server Apache is not blacklisted
< Server: Apache
< Vary: Accept-Encoding
< Content-Length: 382
< Content-Type: text/html; charset=iso-8859-1
<
{ [5 bytes data]
* STATE: PERFORM => DONE handle 0x6000579c0; line 1981 (connection #0)
* multi_done
* Curl_http_done: called premature == 0
* Connection #0 to host www.cygwin.com left intact
--- output from 'openssl s_client -connect www.cygwin.com:443',
Windows@69.12.250.40 ---
- [input: HEAD / HTTP/1.1\nHost: defender.starwolf.com\n\n]
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = cygwin.com
verify return:1
---
Certificate chain
0 s:/CN=cygwin.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAwwDovAR//+tUdLl4uqOp2efMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMDEwMzA0MDBaFw0x
NzA1MzAwMzA0MDBaMBUxEzARBgNVBAMTCmN5Z3dpbi5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDJCwkeLVu0Da5KV3ZJptJrWGwWEkDJni2arI3D
jKuKrNodipFu0YWH973s9KGFvrsEy1i5q/pSA6av+LnGJW2VSdOXFdtKYVadfIjG
UMoosTGDaMArrjjDprG6hvX9vbdHHPoK4/+9I+hWtCUMAVtHrkW5oyKTI8XDj/oV
FVm7o2WZnBz8LZCMScY1X+nU3Of++MwLJdh76pBDtaPi/4d2mgChegsscZ7AWUW3
UyAoOcvCRUoyKqLtF1T06vauLDXa9rpNrd8yf8VFigOn5dHQUvwpqCbo28j9+5U5
bR8yjVEdamSfyh/BVfK2pjFcYFGg/o5tmKuhxZJR+/G71gSVAgMBAAGjggJDMIIC
PzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFItTa1Nhu2F1NsYVV3FxTjvZPMwbMB8G
A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAv
BggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w
LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv
ME0GA1UdEQRGMESCCmN5Z3dpbi5jb22CCmN5Z3dpbi5uZXSCCmN5Z3dpbi5vcmeC
DmZ0cC5jeWd3aW4uY29tgg53d3cuY3lnd2luLmNvbTCB/gYDVR0gBIH2MIHzMAgG
BmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlm
aWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVz
IGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9s
aWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBCwUAA4IBAQB1X6TaJfYTWzETbPofnhqS2aF8M1qOSeCr72wN
TTJcM2n7DwfRAH6WR1OV9UMAvBYXy0TxbuAlMBbLJmIe09ybvqkDbiixvQxAk8xv
96Ik8Xyyl0cJLubKf8xnO39XQddvXKlhW/X8m3cFoVSf5VkF58HPGMPX60mgoO1c
hyg0cBeJsVGDA2RAp+TBPkr4HVTiJsUFDIsU1JIpbMnYqegmGKJD61j6e6FwVxug
AIhOV1GIE0XXhHH7dgANEknmKZaLjozhYJoIIokxkTcnzCEavbudpXZ1j9ilg1uz
31NkBdc3FQRfjI0BQMbUWwjEe2ngtVxGaLuSFtQopQiBYfY4
-----END CERTIFICATE-----
subject=/CN=cygwin.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3200 bytes and written 434 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: E6B555893E514447A292ADA81A59729C74D28EA6675D26FF9E1FEBA011449206
Session-ID-ctx:
Master-Key:
396E35A0B888D9727A8D9A173F4FF55C65939F6000CA67AB2D1924EBCA86DE91DC51ADD014528C75F91257A3AEFAE29E
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 4b d7 3d 66 d5 fa 75 69-5d 05 c8 04 4b 88 56 fe K.=f..ui]...K.V.
0010 - b6 77 b6 37 11 4a df 00-31 4d a1 09 72 d1 1b c5 .w.7.J..1M..r...
0020 - 91 d5 1b f7 29 43 88 57-84 f1 a9 4d 66 a2 f5 56 ....)C.W...Mf..V
0030 - fc 1c 5d 60 57 e0 09 00-ae b5 b1 73 2b 81 29 ae ..]`W......s+.).
0040 - d9 19 32 fd 07 d6 e6 81-20 c8 1b f6 42 b6 d3 85 ..2..... ...B...
0050 - d1 95 61 7f 98 d6 bb d0-fe 4c 07 95 c7 c2 a7 7c ..a......L.....|
0060 - f4 8e db b4 72 e6 50 74-f7 b8 a9 5f b4 73 71 5c ....r.Pt..._.sq\
0070 - 01 ce 93 1d 22 94 66 f2-21 e5 a7 6f c0 ab 50 96 ....".f.!..o..P.
0080 - a6 11 88 78 8f 33 1a 11-11 1a 01 39 a9 ec 51 08 ...x.3.....9..Q.
0090 - af f1 16 93 6b 42 18 5d-ad ea 25 e6 62 be 77 1a ....kB.]..%.b.w.
00a0 - b0 c0 35 0f d9 c2 f2 0b-21 72 2a 3d d0 df 66 07 ..5.....!r*=..f.
00b0 - c5 03 19 70 a5 a7 19 2e-ac 4f b7 42 79 51 80 82 ...p.....O.ByQ..
Start Time: 1492891391
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
HEAD / HTTP/1.1
Host: defender.starwolf.com
HTTP/1.1 403 Forbidden
Date: Sat, 22 Apr 2017 20:03:15 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
DONE
--- output from 'host www.cygwin.com', NetBSD@69.12.250.42 ---
www.cygwin.com has address 209.132.180.131
--- output from 'ping -c 4 www.cygwin.com', NetBSD@69.12.250.42 ---
PING www.cygwin.com (209.132.180.131): 56 data bytes
64 bytes from 209.132.180.131: icmp_seq=0 ttl=49 time=79.846013 ms
64 bytes from 209.132.180.131: icmp_seq=1 ttl=49 time=77.474827 ms
64 bytes from 209.132.180.131: icmp_seq=2 ttl=49 time=79.351679 ms
64 bytes from 209.132.180.131: icmp_seq=3 ttl=49 time=78.905822 ms
----www.cygwin.com PING Statistics----
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 77.474827/78.894585/79.846013/1.021435 ms
--- output from 'traceroute www.cygwin.com', NetBSD@69.12.250.42 ---
traceroute to www.cygwin.com (209.132.180.131), 64 hops max, 40 byte packets
1 smaug (172.21.12.1) 0.624 ms 0.729 ms 0.742 ms
2 stupidhead (69.12.250.1) 48.060 ms 48.074 ms 48.085 ms
3 109.at-4-0-0.gw3.200p-sf.sonic.net (208.106.28.117) 49.581 ms 49.895 ms
48.096 ms
4 0.ae2.gw.200p-sf.sonic.net (70.36.211.53) 48.048 ms 47.990 ms 47.695 ms
5 as0.gw2.200p-sf.sonic.net (208.106.96.250) 49.986 ms 47.981 ms 48.082 ms
6 303.ae4.gw.pao1.sonic.net (69.12.163.217) 51.906 ms 49.904 ms 51.928 ms
7 te0-0-0-15.ccr21.sjc04.atlas.cogentco.com (38.104.141.81) 51.911 ms
51.831 ms 51.931 ms
8 be2013.ccr41.sjc03.atlas.cogentco.com (154.54.5.105) 53.835 ms 52.215 ms
51.935 ms
9 be3144.ccr22.sjc01.atlas.cogentco.com (154.54.5.101) 53.817 ms 51.847 ms
be3142.ccr21.sjc01.atlas.cogentco.com (154.54.1.193) 51.932 ms
10 be3176.ccr21.lax01.atlas.cogentco.com (154.54.31.189) 64.101 ms 65.688 ms
be3177.ccr22.lax01.atlas.cogentco.com (154.54.40.145) 65.787 ms
11 be2931.ccr21.phx02.atlas.cogentco.com (154.54.44.85) 76.030 ms 75.695 ms
76.179 ms
12 te0-0-1-0.agr13.phx02.atlas.cogentco.com (154.54.46.190) 75.759 ms
be2125.agr12.phx02.atlas.cogentco.com (154.54.1.102) 78.004 ms 75.669 ms
13 154.24.53.154 (154.24.53.154) 78.072 ms 78.042 ms
154.24.53.150 (154.24.53.150) 77.717 ms
14 38.88.238.30 (38.88.238.30) 89.966 ms 75.754 ms
38.122.88.218 (38.122.88.218) 75.790 ms
15 unused (66.187.228.248) 81.882 ms
unused (66.187.228.249) 93.647 ms 79.893 ms
16 transit-21-180-132-209.redhat.com (209.132.180.21) 100.019 ms 91.844 ms
93.896 ms
17 server1.sourceware.org (209.132.180.131) 76.150 ms !<10> 75.697 ms !<10>
80.028 ms !<10>
--- output from 'curl -vsko /dev/null https://www.cygwin.com',
--- NetBSD@69.12.250.42
[ -k because for some reason I don't have any SSL certs on the box
[ other than the ssh host key.
* Rebuilt URL to: https://www.cygwin.com/
* Trying 209.132.180.131...
* Connected to www.cygwin.com (209.132.180.131) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/openssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [98 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2519 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: CN=cygwin.com
* start date: Mar 1 03:04:00 2017 GMT
* expire date: May 30 03:04:00 2017 GMT
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify result: unable to get local issuer certificate
(20), continuing anyway.
> GET / HTTP/1.1
> Host: www.cygwin.com
> User-Agent: curl/7.45.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Date: Sat, 22 Apr 2017 19:54:49 GMT
< Server: Apache
< Vary: Accept-Encoding
< Content-Length: 382
< Content-Type: text/html; charset=iso-8859-1
<
{ [382 bytes data]
* Connection #0 to host www.cygwin.com left intact
--- output from 'openssl s_client -connect www.cygwin.com:443',
NetBSD@69.12.250.42
-- Input: "HEAD / HTTP/1.0\nHost: eddie.starwolf.com\n\n"
: eddie; openssl s_client -connect www.cygwin.com:443
CONNECTED(00000004)
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/CN=cygwin.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAwwDovAR//+tUdLl4uqOp2efMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMDEwMzA0MDBaFw0x
NzA1MzAwMzA0MDBaMBUxEzARBgNVBAMTCmN5Z3dpbi5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDJCwkeLVu0Da5KV3ZJptJrWGwWEkDJni2arI3D
jKuKrNodipFu0YWH973s9KGFvrsEy1i5q/pSA6av+LnGJW2VSdOXFdtKYVadfIjG
UMoosTGDaMArrjjDprG6hvX9vbdHHPoK4/+9I+hWtCUMAVtHrkW5oyKTI8XDj/oV
FVm7o2WZnBz8LZCMScY1X+nU3Of++MwLJdh76pBDtaPi/4d2mgChegsscZ7AWUW3
UyAoOcvCRUoyKqLtF1T06vauLDXa9rpNrd8yf8VFigOn5dHQUvwpqCbo28j9+5U5
bR8yjVEdamSfyh/BVfK2pjFcYFGg/o5tmKuhxZJR+/G71gSVAgMBAAGjggJDMIIC
PzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFItTa1Nhu2F1NsYVV3FxTjvZPMwbMB8G
A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAv
BggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w
LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv
ME0GA1UdEQRGMESCCmN5Z3dpbi5jb22CCmN5Z3dpbi5uZXSCCmN5Z3dpbi5vcmeC
DmZ0cC5jeWd3aW4uY29tgg53d3cuY3lnd2luLmNvbTCB/gYDVR0gBIH2MIHzMAgG
BmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlm
aWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVz
IGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9s
aWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBCwUAA4IBAQB1X6TaJfYTWzETbPofnhqS2aF8M1qOSeCr72wN
TTJcM2n7DwfRAH6WR1OV9UMAvBYXy0TxbuAlMBbLJmIe09ybvqkDbiixvQxAk8xv
96Ik8Xyyl0cJLubKf8xnO39XQddvXKlhW/X8m3cFoVSf5VkF58HPGMPX60mgoO1c
hyg0cBeJsVGDA2RAp+TBPkr4HVTiJsUFDIsU1JIpbMnYqegmGKJD61j6e6FwVxug
AIhOV1GIE0XXhHH7dgANEknmKZaLjozhYJoIIokxkTcnzCEavbudpXZ1j9ilg1uz
31NkBdc3FQRfjI0BQMbUWwjEe2ngtVxGaLuSFtQopQiBYfY4
-----END CERTIFICATE-----
subject=/CN=cygwin.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
---
SSL handshake has read 3200 bytes and written 423 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 630FE678D129F49799C155C4858C3D78529545B0F16A0D910627AFD8082E4EBC
Session-ID-ctx:
Master-Key:
5B9F5F86A167EB804A43D0A25608655FA1C09B7D454A886154861A57F7CC507F539A8F0B2F91BA3F0C7FF33D08651068
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 4b d7 3d 66 d5 fa 75 69-5d 05 c8 04 4b 88 56 fe K.=f..ui]...K.V.
0010 - ea 1b 31 8a 0f 6e a9 ad-f7 c3 78 40 49 26 b9 16 ..1..n....x@I&..
0020 - 25 d4 35 55 4f 49 cf 11-bd a8 38 1e f6 4d e6 a2 %.5UOI....8..M..
0030 - 38 ae b5 b4 29 18 38 f0-b9 2b 9c bf c8 68 18 7a 8...).8..+...h.z
0040 - 2a 34 b7 40 52 8e f5 65-d2 4b b6 d0 67 7f 34 69 *4.@R..e.K..g.4i
0050 - 63 a1 6d eb 2c c9 cd fe-4d 21 e4 85 4a 70 be 59 c.m.,...M!..Jp.Y
0060 - f6 84 5c ba 2a ad a8 1e-cb f8 7d 8c 7d 14 f1 c1 ..\.*.....}.}...
0070 - 03 45 7f e0 24 ca 58 12-99 d8 c0 9e d9 03 ab d3 .E..$.X.........
0080 - 5c 36 64 30 b0 7f da 95-2d 3a 83 94 61 8d 8f 70 \6d0....-:..a..p
0090 - 5c 9e 0e 1d 28 bb ef 80-2b 93 3c 20 89 19 e0 a5 \...(...+.< ....
00a0 - d6 e0 a0 c7 ec 28 0a 9c-d5 3c f7 8b 0e 02 b5 63 .....(...<.....c
00b0 - 5d 60 d8 56 1d e5 b7 fd-6a ae 19 d7 07 3d 08 bc ]`.V....j....=..
Start Time: 1492891084
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
HEAD / HTTP/1.1
Host: eddie.starwolf.com
HTTP/1.1 403 Forbidden
Date: Sat, 22 Apr 2017 19:58:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
DONE
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
