On Wed, 04 Dec 2024 18:33:48 +0100, Chris Narkiewicz <he...@ezaquarii.com> wrote: > > https://cloudflare.cdn.openbsd.org/pub/OpenBSD/ mirror no longer works for me. > > Tested on OpenBSD 7.6 using curl: > > # curl -vv https://cloudflare.cdn.openbsd.org/ > 17:30:21.229941 [0-0] * Host cloudflare.cdn.openbsd.org:443 was resolved. > 17:30:21.230249 [0-0] * IPv6: 2606:4700::6811:f95c, 2606:4700::6811:f85c > 17:30:21.230354 [0-0] * IPv4: 104.17.248.92, 104.17.249.92 > 17:30:21.230426 [0-0] * [HTTPS-CONNECT] added > 17:30:21.230472 [0-0] * [HTTPS-CONNECT] connect, init > 17:30:21.230523 [0-0] * [HTTPS-CONNECT] connect, check h21 > 17:30:21.230602 [0-0] * Trying [2606:4700::6811:f95c]:443... > 17:30:21.230742 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0 > 17:30:21.230791 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks > 17:30:21.230841 [0-0] * [HTTPS-CONNECT] connect, check h21 > 17:30:21.230888 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0 > 17:30:21.230935 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks > 17:30:21.440084 [0-0] * [HTTPS-CONNECT] connect, check h21 > 17:30:21.440186 [0-0] * Trying 104.17.248.92:443... > 17:30:21.440254 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0 > 17:30:21.440291 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 2 socks > 17:30:21.444389 [0-0] * [HTTPS-CONNECT] connect, check h21 > 17:30:21.445216 [0-0] * ALPN: curl offers h2,http/1.1 > 17:30:21.445758 [0-0] * TLSv1.3 (OUT), TLS handshake, Client hello (1): > 17:30:21.461056 [0-0] * CAfile: /etc/ssl/cert.pem > 17:30:21.461138 [0-0] * CApath: none > 17:30:21.461332 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0 > 17:30:21.461382 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks > 17:30:21.461419 [0-0] * [HTTPS-CONNECT] connect, check h21 > 17:30:21.462316 [0-0] * TLSv1.3 (IN), TLS alert, handshake failure (552): > 17:30:21.462714 [0-0] * LibreSSL/4.0.0: error:14004410:SSL > routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure > 17:30:21.462833 [0-0] * [HTTPS-CONNECT] connect, all failed > 17:30:21.462992 [0-0] * [HTTPS-CONNECT] connect -> 35, done=0 > 17:30:21.463216 [0-0] * closing connection #0 > 17:30:21.463343 [0-0] * [HTTPS-CONNECT] close > 17:30:21.463378 [0-0] * [SETUP] close > 17:30:21.463595 [0-0] * [SETUP] destroy > 17:30:21.463652 [0-0] * [HTTPS-CONNECT] destroy > curl: (35) LibreSSL/4.0.0: error:14004410:SSL > routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure > > cdn.openbsd.org seems to be ok. > > Is it just me? >
I have no idea why, but I guess that this is limitation of Cloudflare TLS certificate which is used for the mirror: https://developers.cloudflare.com/ssl/edge-certificates/universal-ssl/limitations/ -- wbr, Kirill
