https – cURL error, read SSL: errno -5961

I'm trying to curl or wince at, but after 5 minutes I get an error:

* About to connect() to port 443 (#0)
*   Trying
* Connected to ( port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=*,OU=IT,O=Shenzhen Globalegrow E-Commerce Co. Limited,L=Shenzhen,ST=GuangDong,C=CN
*       start date: Feb 09 00:00:00 2019 GMT
*       expire date: May 10 12:00:00 2020 GMT
*       common name: *
*       issuer: CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US
> GET /flash-sale-56.html HTTP/1.1
Accept: */*

* SSL read: errno -5961
* Closing connection #0
curl: (56) SSL read: errno -5961

I tried to increase MTU to 9000, but the same error occurs.
Other https sites work well.

any idea?

Thank you very much

centos7 – Nginx could not be provisioned as a YUM cache mirror proxy if the repository uses https

I'm trying to deploy a nginx as a Lazy Yum cache proxy.

It does not work with ssl yum repo but not with ssl repos.

In the following example, I try to cache elasticsearch repo. The name of my YUM cache server is proxy_cache (https: // proxy_cache / elasticsearch ->

my yum conf file rubber search :

baseurl = https://proxy_cache/elasticsearch/packages/oss-7.x/yum
enabled = 1
gpgcheck = 1
gpgkey = https://proxy_cache/elasticsearch/GPG-KEY-elasticsearch
name = Elasticsearch repository for 7.x packages
repo_gpgcheck = 0

my nginx conf file:

upstream elasticsearch {

proxy_cache_path /var/repo_mirror

server {
  listen              443 ssl;
  server_name         proxy_cache;
  ssl_certificate     /etc/nginx/nginx.pem;
  ssl_certificate_key /etc/nginx/nginx-key.pem;

  location /elasticsearch {
    root /var/repo_mirror/index_data;
    try_files $uri @elasticsearch;
  location @elasticsearch {
    proxy_ssl_verify              off;
    proxy_ssl_verify_depth        2;
    proxy_ssl_session_reuse       on;
    proxy_cache_valid 200 90d;
    proxy_cache repository_cache;
    proxy_cache_use_stale error timeout invalid_header updating;
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

I have disabled the SSL verification in yum conf.

Any advice?

amazon web services – HTTPS wildcard redirection in AWS

What's the easiest way to implement an HTTPS wildcard redirection in AWS?

That said, I want (and all other such variations) to be redirected to, but not to

It seems that the AWS method for this is the use of a Route53 wildcard record and an ALB. What is ~ $ 150 / year for that?

There must be an easier way to do redirects?

https – Automatically redirects the output of the developer tools console of a browser in the background

Basically, using the computer algebra software I use to analyze data I collect in other programs requires that the data be collected in a text or CSV file format.

Of course, this is not a problem for all command-line based applications. For example, I simply collect data in one of my computer's DNS caches from a .bat file, which redirects the output of a command in cmd.exe to a .txt file, and open my CAS program, which loads a database and these TXT file reads, adds its data to the already collected data and updates the statistics I have specified.

However, I always wanted to do this for the Developer Tools interface for any browser. Is this possible?

I am familiar with a Linux operating system and would be happy to receive suggestions for each operating system.

tls – How does a country block / censor an encrypted website (HTTPS)?

TL; DR: TLS only saves the content of a message. Not the metadata.

When communicating over the clear network, it should be noted that some parts of a particular communication with standard technologies can not be secured. Unless you use TOR, your ISP can tell who you are talking to, even if you use TLS.

To use an analogy, imagine you send an envelope through the post office. The contents of the envelope are completely inaccessible to anyone other than the recipient. Even if a postman somehow saw the content, he would not be able to understand it (maybe you first drew it through a Caesar cipher? Hehe).

However, in order for the post office to send them to the correct address, the outside of the envelope must be marked with a legible representation of the destination address. If the postal service did not want someone to send letters to "Joe Schmoe, 123 Fake Street," he simply could not deliver letters with that address.

Since the postal service can not read the content of the message, he can not identify the intention of the letter. The only information they have is the fact that the intended recipient is Joe Schmoe. Not only can you check the letters that they think are malicious. All or nothing.

Similarly, in the IP protocol (the routing protocol that TCP is running on), the sender and recipient fields are clearly marked. TLS can not encrypt this for two reasons:

  • TLS runs over TCP / IP and therefore can not change any parts of the packages that belong to those protocols.
  • If the IP section were encrypted, the carrier service (ISP router) might not know where to go.

The firewall that forces your ISP or your country to handle all traffic can not validate TLS traffic. You only know the metadata provided by the TCP / IP protocol. They also believe that the website you are trying to access is rather bad than good, so they manage all traffic from and to the website, regardless of content.

There is a way to secure even the metadata of online communication, but this is slow and not very scalable. TOR Hidden Services are an attempt to implement this. Of course, hidden services only work within the TOR network, which can only be accessed when connecting to a machine through the Clear network first. This means that the ISP or the firewall will continue to know that you are forwarding your data via the onion. No matter how you try, you will always leak something Metadata. If they wish, they can reset all connections to TOR nodes in addition to the site they are currently blocking.

When you try to connect directly to a specific IP address through a firewall, and the firewall has explicit rules to block traffic to or from that particular IP address, a direct connection to that IP address is always unsuccessful. You must establish an indirect connection, either via TOR, a VPN, or another proxy service.

Can DNS over HTTPS be interrupted by reverse DNS lookups? [duplicate]

This question already has an answer here:

  • How DoH protects against ISP tracking?

    1 answer

  • Why use DNS over TLS / HTTPS if ISP could otherwise discover the target domain?

    2 answers

If the recipient's IP address appears in an HTTPS request, the ISP can no longer parse the packet, perform DNS lookup, and block access to the domain that the client wants to reach. Is that possible and if so, how much would it slow traffic?

This is a follow-up question about Will HTTPS disclose the IP address of the recipient?

FINAL … https: //rugbyworld–
https: // / …

FINAL … https: //rugbyworld–

ssl – Change the default Apache configuration to provide HTTPS on two ports.

I start Apache2 on Devuan Beowulf (~ = Debian Buster) with the default configuration. In this configuration I have:

in the sites-available/default-ssl.conf:

        # etc etc.

in the sites-available/default-000.conf:

        # etc etc.

and in sites-available/default-000.conf:

Listen 80

        Listen 443

        Listen 443

How can I make sure that Apache on port 80 is listening for HTTP traffic and ports 443 and z. B. 1234 listening for HTTPS connections?

How do I activate full https on my blog with a custom domain in Blogger?

put on hold as unclear what you ask of John Conde yesterday

Please clarify your specific problem or add additional details to mark exactly what you need. As it is currently written, it is difficult to say exactly what you are asking. For more information about this question, visit the Questions and Answers page. If this question can be reformulated to match the rules in the Help, edit the question.