[cp-global] cryptoparty.in and SSL

Kai Engert kaie at kuix.de
Mon Mar 10 22:33:38 GMT 2014


On Mo, 2014-03-10 at 23:09 +0100, Kai Engert wrote: 
> I noticed an additional problem with IPv6.
> Those of you who see issues, do you use an IPv6 enabled network?
> 
> cryptoparty.in resolves to 2a02:180:a:25:5::1 but the certificate
> returned by https://[2a02:180:a:25:5::1] isn't valid for cryptoparty.in

I take this back, because I cannot yet confirm it. If I access the site
using the IP address as in this example, obviously no SNI information is
sent to the server, and the server returns the default certificate.

I need to find a TLS debugging tool that supports IPv6 and allows to
dump the certificate received...

Kai




More information about the global mailing list