I instrumented /usr/sbin/pollinate to display the trace information:
⟫ sudo pollinate -r
<13>Jan 10 16:50:43 pollinate[8877]: system was previously seeded at
[2017-01-10 16:48:43.103906490 +0200]
<13>Jan 10 16:50:43 pollinate[8877]: client sent challenge to
[https://entropy.ubuntu.com/]
<13>Jan 10 16:50:44 pollinate[8877]: client verified challenge/response with
[https://entropy.ubuntu.com/]
<13>Jan 10 16:50:44 pollinate[8877]: client hashed response from
[https://entropy.ubuntu.com/]
<13>Jan 10 16:50:44 pollinate[8877]: client successfully seeded [/dev/urandom]
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:-- --:--:-- --:--:--
016:50:43.176650 * Trying 91.189.94.24...
16:50:43.355617 * Connected to entropy.ubuntu.com (91.189.94.24) port 443 (#0)
16:50:43.355891 * found 2 certificates in /etc/pollinate/entropy.ubuntu.com.pem
16:50:43.355909 * found 0 certificates in /dev/null
16:50:43.355959 * ALPN, offering http/1.1
16:50:43.960703 * SSL connection using TLS1.2 / DHE_RSA_AES_128_GCM_SHA256
16:50:43.961323 *server certificate verification OK
16:50:43.961343 *server certificate status verification SKIPPED
16:50:43.961471 *common name: entropy.ubuntu.com (matched)
16:50:43.961489 *server certificate expiration date OK
16:50:43.961504 *server certificate activation date OK
16:50:43.961527 *certificate public key: RSA
16:50:43.961541 *certificate version: #3
16:50:43.961592 *subject: C=GB,L=London,O=Canonical Group
Ltd,CN=entropy.ubuntu.com
16:50:43.961611 *start date: Fri, 22 Jul 2016 00:00:00 GMT
16:50:43.961638 *expire date: Tue, 05 Sep 2017 12:00:00 GMT
16:50:43.961672 *issuer: C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure
Server CA
16:50:43.961698 *compression: NULL
16:50:43.961712 * ALPN, server did not agree to a protocol
16:50:43.961794 > POST / HTTP/1.1
16:50:43.961794 > Host: entropy.ubuntu.com
16:50:43.961794 > User-Agent: pollinate/4.24-0ubuntu1 curl/7.47.0-1ubuntu2.2
cloud-init/ Ubuntu/16.04.1/LTS GNU/Linux/4.4.0-57-generic/x86_64
Intel(R)/Core(TM)/i7-5600U/CPU/@/2.60GHz uptime/224399.63/367735.05
16:50:43.961794 > Accept: */*
16:50:43.961794 > Content-Length: 138
16:50:43.961794 > Content-Type: application/x-www-form-urlencoded
16:50:43.961794 >
16:50:43.961876 } [138 bytes data]
16:50:43.961900 * upload completely sent off: 138 out of 138 bytes
16:50:44.143388 < HTTP/1.1 200 OK
16:50:44.143424 < Date: Tue, 10 Jan 2017 14:50:46 GMT
16:50:44.143435 < Content-Length: 258
16:50:44.143446 < Content-Type: text/plain; charset=utf-8
16:50:44.143456 < X-Cache: MISS from okra
16:50:44.143465 < X-Cache-Lookup: MISS from okra:3128
16:50:44.143475 < Via: 1.1 okra (squid/3.3.8)
16:50:44.143485 < Connection: keep-alive
16:50:44.143495 <
34 3960 0 100 138 0140 --:--:-- --:--:-- --:--:--
14016:50:44.143570 { [258 bytes data]
100 396 100 258 100 138263140 --:--:-- --:--:-- --:--:-- 263
16:50:44.143628 * Connection #0 to host entropy.ubuntu.com left intact
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to pollen in Ubuntu.
https://bugs.launchpad.net/bugs/1634346
Title:
https://entropy.ubuntu.com lacks Perfect Forward Secrecy (PFS) and has
certificate chain issues
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollen/+bug/1634346/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
