IPv6 issues on *.python.org
Hello,
I'm having IPv6 issues on *.python.org. Is anyone having the same issues or is it just me? Who should I report this to?
$ curl -6 -v -I https://www.python.org/
- Trying 2a04:4e42:9::223...
- Connected to www.python.org (2a04:4e42:9::223) port 443 (#0)
- found 148 certificates in /etc/ssl/certs/ca-certificates.crt
- found 604 certificates in /etc/ssl/certs
- ALPN, offering http/1.1
- gnutls_handshake() failed: Error in the pull function.
- Closing connection 0
curl: (35) gnutls_handshake() failed: Error in the pull function.
Regards
Antoine.
It’s working for me. https://gist.github.com/51689c789a21edc1f9f9cf32fa17431f
On 16 Nov, 2017, at 09:07, Antoine Pitrou <antoine@python.orgmailto:antoine@python.org> wrote:
Hello,
I'm having IPv6 issues on *.python.orghttp://python.org. Is anyone having the same issues or is it just me? Who should I report this to?
$ curl -6 -v -I https://www.python.org/
- Trying 2a04:4e42:9::223...
- Connected to www.python.orghttp://www.python.org (2a04:4e42:9::223) port 443 (#0)
- found 148 certificates in /etc/ssl/certs/ca-certificates.crt
- found 604 certificates in /etc/ssl/certs
- ALPN, offering http/1.1
- gnutls_handshake() failed: Error in the pull function.
- Closing connection 0
curl: (35) gnutls_handshake() failed: Error in the pull function.
Regards
Antoine. _______________________________________________ python-committers mailing list python-committers@python.orgmailto:python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
Hi,
- gnutls_handshake() failed: Error in the pull function.
It looks more like a TLS issue rather than an IPv6 issue. It reminds me a similar TLS issue on blog.python.org:
"blog.python.org in HTTPS doesn't provide a server certificate?" https://github.com/python/psf-infra-meta/issues/3
You may want to try the following command to get more information your TLS issue:
openssl s_client -connect blog.python.org -port 443
Look for "no peer certificate available" or "New, (NONE), Cipher is (NONE)" in the output.
Victor
2017-11-16 15:07 GMT+01:00 Antoine Pitrou antoine@python.org:
Hello,
I'm having IPv6 issues on *.python.org. Is anyone having the same issues or is it just me? Who should I report this to?
$ curl -6 -v -I https://www.python.org/
- Trying 2a04:4e42:9::223...
- Connected to www.python.org (2a04:4e42:9::223) port 443 (#0)
- found 148 certificates in /etc/ssl/certs/ca-certificates.crt
- found 604 certificates in /etc/ssl/certs
- ALPN, offering http/1.1
- gnutls_handshake() failed: Error in the pull function.
- Closing connection 0
curl: (35) gnutls_handshake() failed: Error in the pull function.
Regards
Antoine. _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
Note: I'm living in France and my ISP is Orange. I have IPv6 connectivity.
On the first try, I reproduced the blog.python.org issue:
haypo@selma$ openssl s_client -connect blog.python.org -port 443 </dev/null 2>&1|tee log; grep -E 'Certificate chain|no peer certificate available' log (...) no peer certificate available
But for python.org, it works for me:
haypo@selma$ openssl s_client -connect python.org -port 443 </dev/null 2>&1|tee log; grep -E 'Certificate chain|no peer certificate available' log (...) Certificate chain
The following command also works properly:
$ curl -6 -v -I https://www.python.org/ (...)
- SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- Server certificate:
subject: CN=www.python.org,O=Python Software
Foundation,L=Wolfeboro,ST=New Hampshire,C=US,postalCode=03894-4801,STREET=16 Allen Rd,serialNumber=3359300,incorporationState=Delaware,incorporationCountry=US,businessCategory=Private Organization (...)
IPv6 traceroute to python.org:
haypo@selma$ traceroute6 python.org traceroute to python.org (2001:4802:7901:0:e60a:1375:0:6), 30 hops max, 80 byte packets 1 2a01:cb1c:4af:5600:b2b2:8fff:fe9b:a9f0 (2a01:cb1c:4af:5600:b2b2:8fff:fe9b:a9f0) 6.061 ms 6.027 ms 6.017 ms 2 2a01cb08a004020d0193025300750016.ipv6.abo.wanadoo.fr (2a01:cb08:a004:20d:193:253:75:16) 17.206 ms 17.203 ms 17.196 ms 3 2a01:cfc4:0:1f00::a (2a01:cfc4:0:1f00::a) 19.962 ms 19.996 ms 19.989 ms 4 ae106-0.pastr3.paris03.opentransit.net (2a01:cfc4:0:2100::3) 29.762 ms 34.047 ms 34.048 ms 5 ae-26.r04.parsfr01.fr.bb.gin.ntt.net (2001:728:0:4000::6d) 37.070 ms 37.065 ms 37.055 ms 6 ae-2.r25.londen12.uk.bb.gin.ntt.net (2001:728:0:2000::181) 56.603 ms 35.463 ms 37.785 ms 7 ae-1.r24.londen12.uk.bb.gin.ntt.net (2001:728:0:2000::151) 37.780 ms 36.336 ms 36.339 ms 8 ae-5.r24.nycmny01.us.bb.gin.ntt.net (2001:418:0:2000::24d) 103.634 ms 103.594 ms 107.559 ms 9 ae-1.r25.nycmny01.us.bb.gin.ntt.net (2001:418:0:2000::27e) 107.512 ms 103.466 ms 103.459 ms 10 ae-9.r22.asbnva02.us.bb.gin.ntt.net (2001:418:0:2000::1fe) 114.485 ms 114.471 ms 114.457 ms 11 ae-1.r05.asbnva02.us.bb.gin.ntt.net (2001:418:0:2000::19) 120.910 ms 114.392 ms 102.718 ms 12 ae-0.a01.asbnva02.us.bb.gin.ntt.net (2001:418:0:2000::2cd) 108.669 ms ae-1.a01.asbnva02.us.bb.gin.ntt.net (2001:418:0:2000::2d1) 105.013 ms 103.748 ms 13 2001:418:0:5000::8ed (2001:418:0:5000::8ed) 103.643 ms 103.579 ms 103.567 ms 14 2001:4802:800:dc1:ca:: (2001:4802:800:dc1:ca::) 109.676 ms 109.709 ms 2001:4802:800:dc2:cb:: (2001:4802:800:dc2:cb::) 116.053 ms 15 2001:4802:800:dc2:ca::1 (2001:4802:800:dc2:ca::1) 112.816 ms 2001:4802:800:dc1:ca::1 (2001:4802:800:dc1:ca::1) 124.222 ms 2001:4802:800:dc2:ca::1 (2001:4802:800:dc2:ca::1) 120.993 ms 16 corea-core7.iad3.rackspace.net (2001:4802:800:ca:c7::1) 124.154 ms coreb-core7.iad3.rackspace.net (2001:4802:800:cb:c7::1) 118.295 ms corea-core7.iad3.rackspace.net (2001:4802:800:ca:c7::1) 120.946 ms 17 2001:4802:800:5000::403a:6 (2001:4802:800:5000::403a:6) 102.160 ms 102.134 ms 109.862 ms 18 2001:4802:7901:0:e60a:1375:0:6 (2001:4802:7901:0:e60a:1375:0:6) 105.901 ms 109.252 ms 105.737 ms
IPv6 traceroute to blog.python.org:
haypo@selma$ traceroute6 blog.python.org traceroute to blog.python.org (2a00:1450:4001:814::2013), 30 hops max, 80 byte packets 1 2a01:cb1c:4af:5600:b2b2:8fff:fe9b:a9f0 (2a01:cb1c:4af:5600:b2b2:8fff:fe9b:a9f0) 5.688 ms 5.575 ms 5.427 ms 2 2a01cb08a004020d0193025300750016.ipv6.abo.wanadoo.fr (2a01:cb08:a004:20d:193:253:75:16) 15.191 ms 15.223 ms 15.201 ms 3 2a01:cfc4:0:1f00::a (2a01:cfc4:0:1f00::a) 19.354 ms 19.375 ms 21.667 ms 4 ae102-0.marcr6.marseille03.opentransit.net (2a01:cfc4:0:2100::9) 21.655 ms 23.945 ms 23.974 ms 5 2001:4860:1:1::a4 (2001:4860:1:1::a4) 28.128 ms 2001:4860:1:1:0:1587:0:c (2001:4860:1:1:0:1587:0:c) 28.160 ms 2001:4860:1:1::a4 (2001:4860:1:1::a4) 28.137 ms 6 2001:4860::9:4001:c34 (2001:4860::9:4001:c34) 33.138 ms 15.627 ms 15.592 ms 7 2001:4860::9:4000:e392 (2001:4860::9:4000:e392) 32.223 ms 29.887 ms 2001:4860::9:4001:7bc (2001:4860::9:4001:7bc) 23.638 ms 8 2001:4860::8:0:cb95 (2001:4860::8:0:cb95) 32.209 ms 2001:4860::8:0:cb93 (2001:4860::8:0:cb93) 32.203 ms 34.571 ms 9 2001:4860::1:0:d0d8 (2001:4860::1:0:d0d8) 34.576 ms 2001:4860::1:0:d0d9 (2001:4860::1:0:d0d9) 34.567 ms 2001:4860::1:0:d0d8 (2001:4860::1:0:d0d8) 38.061 ms 10 2001:4860:0:11df::1 (2001:4860:0:11df::1) 38.049 ms * 2001:4860:0:1::1aad (2001:4860:0:1::1aad) 41.809 ms 11 fra15s11-in-x13.1e100.net (2a00:1450:4001:814::2013) 41.802 ms 44.339 ms 29.161 ms
Victor
2017-11-16 15:26 GMT+01:00 Victor Stinner victor.stinner@gmail.com:
Hi,
- gnutls_handshake() failed: Error in the pull function.
It looks more like a TLS issue rather than an IPv6 issue. It reminds me a similar TLS issue on blog.python.org:
"blog.python.org in HTTPS doesn't provide a server certificate?" https://github.com/python/psf-infra-meta/issues/3
You may want to try the following command to get more information your TLS issue:
openssl s_client -connect blog.python.org -port 443
Look for "no peer certificate available" or "New, (NONE), Cipher is (NONE)" in the output.
Victor
2017-11-16 15:07 GMT+01:00 Antoine Pitrou antoine@python.org:
Hello,
I'm having IPv6 issues on *.python.org. Is anyone having the same issues or is it just me? Who should I report this to?
$ curl -6 -v -I https://www.python.org/
- Trying 2a04:4e42:9::223...
- Connected to www.python.org (2a04:4e42:9::223) port 443 (#0)
- found 148 certificates in /etc/ssl/certs/ca-certificates.crt
- found 604 certificates in /etc/ssl/certs
- ALPN, offering http/1.1
- gnutls_handshake() failed: Error in the pull function.
- Closing connection 0
curl: (35) gnutls_handshake() failed: Error in the pull function.
Regards
Antoine. _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
Le 16/11/2017 à 15:26, Victor Stinner a écrit :
Hi,
- gnutls_handshake() failed: Error in the pull function.
It looks more like a TLS issue rather than an IPv6 issue. It reminds me a similar TLS issue on blog.python.org:
"blog.python.org in HTTPS doesn't provide a server certificate?" https://github.com/python/psf-infra-meta/issues/3
You may want to try the following command to get more information your TLS issue:
openssl s_client -connect blog.python.org -port 443
Unfortunately, "openssl s_client" doesn't seem to support IPv6 here (Ubuntu 16.04).
Regards
Antoine.
participants (3)
-
Antoine Pitrou -
Jason R. Coombs -
Victor Stinner