subject:"\[Tracker\-discuss\] \[issue649\] Intermittent SSL signature issues"

[Tracker-discuss] [issue649] Intermittent SSL signature issues

2018-04-01 Thread Mark Mangoba


Mark Mangoba  added the comment:

Fastly is uploading our new cert this upcoming Wednesday update; i'll work with 
Fastly to optimize the cache control.

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue649] Intermittent SSL signature issues

2018-03-27 Thread Mark Mangoba


Mark Mangoba  added the comment:

@berker.peksag you bring up a really good point.  I was taking a look at:  
https://docs.fastly.com/guides/tutorials/cache-control-tutorial#backend-http-headers
 we have some cache control here - 
https://docs.fastly.com/guides/tutorials/cache-control-tutorial#do-not-cache.

I think putting bugs behind Fastly too, we will benefit from its security 
features, such as the DDoS mitigation, etc.  I'm going to run a few tests and 
see if this solution fits.

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue649] Intermittent SSL signature issues

2018-03-26 Thread Berker Peksag


Berker Peksag  added the comment:

We may need to set custom rules for caching if we serve bugs.p.o behind Fastly 
since data needs to be fresh all the time. Otherwise, we would need to purge 
cache everytime we touch an issue.

--
nosy: +berker.peksag

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue649] Intermittent SSL signature issues

2018-03-25 Thread Gregory P Smith


Gregory P Smith  added the comment:

I was running into bad signature/hash errors sporadically today on 
bugs.python.org as well.

--
nosy: +gregory.p.smith

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue649] Intermittent SSL signature issues

2018-03-25 Thread Ned Deily


Ned Deily  added the comment:

I added a comment and to this issue on the PSF infrastructure issue tracker.  
There has been a similar open issue for several months there.

https://github.com/python/psf-infra-meta/issues/4

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue649] Intermittent SSL signature issues

2018-03-25 Thread Ned Deily


Ned Deily  added the comment:

Probably the same issue during that time period: a random subset of our GitHub 
webhook requests, triggered by changes to the python/cpython repo on GitHub, 
failed with "SSL connect failure".  Retrying them manually hours later from the 
GitHub admin interface, they all succeeded.  But failures like this caused 
havoc with our bugs.python.org / GitHub integration and overall python-dev 
workflows.  I haven't seen any failures since but there hasn't been a lot of 
activity either.

I did try using an online certificate checking tool 
(https://cryptoreport.websecurity.symantec.com/checker/) on 
https://bugs.python.org and found that the checker failed intermittently with 
"SSL certificate is not installed" error.

I also noticed on the Server Configuration info displayed by the symantec tool 
when it succeeds that apparently bugs.python.org currently has an out-of-date 
and insecure of SSL/TLS libs installed.  The report says that b.p.o only 
support TLS1.0 (and TLS 1.1 or 1.2) and is vulnerable to the BEAST and TLS 
renegotiation attacks.  It also says that the b.p.o server reports itself as 
"BaseHTTP/0.3 Python/2.6.6"!  If the migration of b.p.o to a more modern server 
is not going to happen imminently, perhaps the version of OpenSSL (or whatever) 
should be updated on the old server?

--
nosy: +ned.deily
status: unread -> chatting

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue649] Intermittent SSL signature issues

2018-03-25 Thread Nick Coghlan


New submission from Nick Coghlan :

When accessing the bug tracker, Firefox intermittently reports 
SEC_ERROR_BAD_SIGNATURE. While a refresh usually fixes the problem, this 
suggests to me that something isn't quite right with the current host 
configuration.

(Perhaps this issue will be rendered obsolete by Maciej Szulik's efforts to 
rehost b.p.o on OpenShift?)

--
messages: 3430
nosy: ncoghlan
priority: critical
status: unread
title: Intermittent SSL signature issues

___
PSF Meta Tracker 

___
___
Tracker-discuss mailing list
Tracker-discuss@python.org
https://mail.python.org/mailman/listinfo/tracker-discuss
Code of Conduct: https://www.python.org/psf/codeofconduct/

[Tracker-discuss] [issue649] Intermittent SSL signature issues

[Tracker-discuss] [issue649] Intermittent SSL signature issues

[Tracker-discuss] [issue649] Intermittent SSL signature issues

[Tracker-discuss] [issue649] Intermittent SSL signature issues

[Tracker-discuss] [issue649] Intermittent SSL signature issues

[Tracker-discuss] [issue649] Intermittent SSL signature issues

[Tracker-discuss] [issue649] Intermittent SSL signature issues

7 matches

Site Navigation

Mail list logo

Footer information