On Tue, Apr 12, 2022 at 02:16:08PM -0700, James Secan wrote: > It’s a US Gov’t site (NASA): cddis.nasa.gov. I’m accessing data on > their Space Geodesy Data archive, pulling files from directory > archive/gnss/products/ionex. I filed an initial complaint with them > yesterday before I knew in detail what was going on and had a response > asking for more info this morning. I’ve sent them everything I know, > but have heard nothing back. That was just this morning, so it’s too > soon to be getting antsy about a response from them.
Their server does not include a RFC5746 renegotiation_info extension in its ServerHello message. Modern TLS clients such as OpenSSL 3 consider this insecure. See https://datatracker.ietf.org/doc/html/rfc5746 for more details. -- Clemens
