* What is the proper mailing list for server issues? @ 2017-04-21 11:42 Greywolf 2017-04-21 18:31 ` cyg Simple 2017-04-21 18:38 ` Jon Turney 0 siblings, 2 replies; 11+ messages in thread From: Greywolf @ 2017-04-21 11:42 UTC (permalink / raw) To: cygwin Hello, I am having a server issue that neither I nor my ISP seem to be able to resolve with regards to connecting to Cygwin.com -- namely, only from my house, I get a 403 Forbidden. I've been round with my ISP and they are unable to reproduce the issue; the response I get from here is "contact your ISP". So who do I contact about this? Not being able to automagically fetch the mirror list is annoying, and not being able to reach the site to see about updates and such is similarly so. Regards, --*greywolf; -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: What is the proper mailing list for server issues? 2017-04-21 11:42 What is the proper mailing list for server issues? Greywolf @ 2017-04-21 18:31 ` cyg Simple 2017-04-21 22:12 ` Gluszczak, Glenn 2017-04-21 22:54 ` Erik Soderquist 2017-04-21 18:38 ` Jon Turney 1 sibling, 2 replies; 11+ messages in thread From: cyg Simple @ 2017-04-21 18:31 UTC (permalink / raw) To: cygwin On 4/21/2017 2:35 AM, Greywolf wrote: > Hello, > > I am having a server issue that neither I nor my ISP seem to be able to > resolve with regards to connecting to Cygwin.com -- namely, only from my > house, I get a 403 Forbidden. > This is _your_ problem. Something has caused you to not be able to reach cygwin.com properly. What IP address does cygwin.com resolve to? Does using the IP address directly work for you? $ ping cygwin.com Pinging cygwin.com [209.132.180.131] with 32 bytes of data: > I've been round with my ISP and they are unable to reproduce the issue; > the response I get from here is "contact your ISP". So who do I contact > about this? Not being able to automagically fetch the mirror list is > annoying, and not being able to reach the site to see about updates and > such is similarly so. > Understandable but nothing we can do from here. -- cyg Simple -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: What is the proper mailing list for server issues? 2017-04-21 18:31 ` cyg Simple @ 2017-04-21 22:12 ` Gluszczak, Glenn 2017-04-22 8:59 ` Brian Inglis 2017-04-23 12:59 ` Greywolf 2017-04-21 22:54 ` Erik Soderquist 1 sibling, 2 replies; 11+ messages in thread From: Gluszczak, Glenn @ 2017-04-21 22:12 UTC (permalink / raw) To: cygwin Agree, it's nothing to do with Cygwin.com. Check for a firewall on your local machine. Check your home router to see if it has a firewall with restrictions. Perhaps you're passing through a proxy server or firewall at the ISP? Try traceroute or wget to analyze what site you're really attaching to. On 4/21/2017 2:35 AM, Greywolf wrote: > Hello, > > I am having a server issue that neither I nor my ISP seem to be able > to resolve with regards to connecting to Cygwin.com -- namely, only > from my house, I get a 403 Forbidden. > This is _your_ problem. Something has caused you to not be able to reach cygwin.com properly. What IP address does cygwin.com resolve to? Does using the IP address directly work for you? $ ping cygwin.com Pinging cygwin.com [209.132.180.131] with 32 bytes of data: > I've been round with my ISP and they are unable to reproduce the > issue; the response I get from here is "contact your ISP". So who do > I contact about this? Not being able to automagically fetch the > mirror list is annoying, and not being able to reach the site to see > about updates and such is similarly so. > Understandable but nothing we can do from here. -- cyg Simple -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: What is the proper mailing list for server issues? 2017-04-21 22:12 ` Gluszczak, Glenn @ 2017-04-22 8:59 ` Brian Inglis 2017-04-23 12:59 ` Greywolf 1 sibling, 0 replies; 11+ messages in thread From: Brian Inglis @ 2017-04-22 8:59 UTC (permalink / raw) To: cygwin On 2017-04-21 09:06, Gluszczak, Glenn wrote: > On 4/21/2017 2:35 AM, Greywolf wrote: > Agree, it's nothing to do with Cygwin.com. > Check for a firewall on your local machine. Check your home router to > see if it has a firewall with restrictions. > Perhaps you're passing through a proxy server or firewall at the ISP? > Try traceroute or wget to analyze what site you're really attaching to. >> I am having a server issue that neither I nor my ISP seem to be able >> to resolve with regards to connecting to Cygwin.com -- namely, only >> from my house, I get a 403 Forbidden. Check your and Cygwin.com's IPs locally and from a web site providing DNS lookups and compare with whois lookups. > This is _your_ problem. Something has caused you to not be able to > reach cygwin.com properly. What IP address does cygwin.com resolve > to? > Does using the IP address directly work for you? > $ ping cygwin.com > Pinging cygwin.com [209.132.180.131] with 32 bytes of data: >> I've been round with my ISP and they are unable to reproduce the >> issue; the response I get from here is "contact your ISP". So who do >> I contact about this? Not being able to automagically fetch the >> mirror list is annoying, and not being able to reach the site to see >> about updates and such is similarly so. > Understandable but nothing we can do from here. 403 is a server response e.g. folder without {index,default,home}.htm{,l} or it could maybe result from a net block DNS BL or RBL provider hit, although my checks of eddie.starwolf.com on a few return no hits. Try {wget,curl,lynx} and different browsers against combinations of http{,s}://{,www.}{cygwin.com,sourceware.org/cygwin}/{,index.html} (echo above to see the 16 urls) and see what results you get. Then contact sourceware.org support sourcemaster at sourceware dot org to see what their server logs say. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: What is the proper mailing list for server issues? 2017-04-21 22:12 ` Gluszczak, Glenn 2017-04-22 8:59 ` Brian Inglis @ 2017-04-23 12:59 ` Greywolf 2017-04-23 15:21 ` Brian Inglis 2017-04-24 20:50 ` Gluszczak, Glenn 1 sibling, 2 replies; 11+ messages in thread From: Greywolf @ 2017-04-23 12:59 UTC (permalink / raw) To: cygwin [-- Attachment #1: Type: text/plain, Size: 2892 bytes --] Greetings, I'm trying from several different machines in the house, some directly connected, as well as any thru the NAT interface. This is the ONLY site I cannot reach normally. I have to use the Tor browser to reach the site, and, even then, once I get a new cygwin setup .exe, the list of mirrors doesn't auto-fill because (surprise, surprise) I cannot connect via any known protocol to either www.cygwin.com or 209.132.180.131. The SSL certificates I get from a successful Tor hit and an unsuccessful 403 from home are identical I am concluding that at least the address range 69.12.250.{40-47} are being blocked; and it probably extends beyond that. Firewall is a Watchguard Firebox running pf_sense. I get the 403 even with a direct (non-firewalled, non-routed connection) I have attached two .txt file with runs from two servers within my house, one running NetBSD, one running Windows [thus the importance of cygwin]. Included are runs from 'host'/'nslookup', 'ping', 'traceroute', 'curl' and 'openssl' This is NOT a local firewall issue, otherwise my other machines on different addresses would not have a problem. smaug is my internal firewall. stupidhead is the default next hop from said firewall. "...it's nothing to do with cygwin.com." Sooooo, why else would I get a refusal from the web server from this address when I can connect from elsewhere ** and the SSL certificate is the same ** ?? What am I missing? "...but there's nothing we can do from here." Where is "here"? If "here" == "cygwin.com", you can't tell me if my IP is on an internal blacklist (and, moreso, why?)?? On 2017-04-21 08:06, Gluszczak, Glenn wrote: > > Agree, it's nothing to do with Cygwin.com. > > Check for a firewall on your local machine. Check your home router to see if it has a firewall with restrictions. > Perhaps you're passing through a proxy server or firewall at the ISP? > Try traceroute or wget to analyze what site you're really attaching to. > > > > On 4/21/2017 2:35 AM, Greywolf wrote: >> Hello, >> >> I am having a server issue that neither I nor my ISP seem to be able >> to resolve with regards to connecting to Cygwin.com -- namely, only >> from my house, I get a 403 Forbidden. >> > > This is _your_ problem. Something has caused you to not be able to reach cygwin.com properly. What IP address does cygwin.com resolve to? > Does using the IP address directly work for you? > > $ ping cygwin.com > > Pinging cygwin.com [209.132.180.131] with 32 bytes of data: > > >> I've been round with my ISP and they are unable to reproduce the >> issue; the response I get from here is "contact your ISP". So who do >> I contact about this? Not being able to automagically fetch the >> mirror list is annoying, and not being able to reach the site to see >> about updates and such is similarly so. >> > > Understandable but nothing we can do from here. [-- Attachment #2: cygwin-403-BSD.txt --] [-- Type: text/plain, Size: 9951 bytes --] --- output from 'nslookup www.cygwin.com', Windows@69.12.250.40 Non-authoritative answer: Server: galadriel.middle-earth.starwolf.com Address: xx.xx.xx.xx Name: www.cygwin.com Address: 209.132.180.131 --- output from 'ping www.cygwin.com', Windows@69.12.250.40 Pinging www.cygwin.com [209.132.180.131] with 32 bytes of data: Reply from 209.132.180.131: bytes=32 time=89ms TTL=49 Reply from 209.132.180.131: bytes=32 time=78ms TTL=49 Reply from 209.132.180.131: bytes=32 time=77ms TTL=49 Reply from 209.132.180.131: bytes=32 time=78ms TTL=49 Ping statistics for 209.132.180.131: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 77ms, Maximum = 89ms, Average = 80ms --- output from 'tracert www.cygwin.com', Windows@69.12.250.40 Tracing route to www.cygwin.com [209.132.180.131] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms smaug.middle-earth.starwolf.com [172.21.12.1] 2 48 ms 49 ms 51 ms 69-12-250-1.static.dsltransport.net [69.12.250.1] 3 48 ms 49 ms 49 ms 109.at-4-0-0.gw3.200p-sf.sonic.net [208.106.28.117] 4 48 ms 49 ms 49 ms 0.ae2.gw.200p-sf.sonic.net [70.36.211.53] 5 49 ms 49 ms 51 ms as0.gw2.200p-sf.sonic.net [208.106.96.250] 6 50 ms 51 ms 51 ms 303.ae4.gw.pao1.sonic.net [69.12.163.217] 7 53 ms 51 ms 53 ms te0-0-0-15.ccr21.sjc04.atlas.cogentco.com [38.104.141.81] 8 52 ms 53 ms 53 ms be2013.ccr41.sjc03.atlas.cogentco.com [154.54.5.105] 9 53 ms 53 ms 53 ms be3144.ccr22.sjc01.atlas.cogentco.com [154.54.5.101] 10 65 ms 65 ms 65 ms be3177.ccr22.lax01.atlas.cogentco.com [154.54.40.145] 11 77 ms 77 ms 75 ms be2932.ccr22.phx02.atlas.cogentco.com [154.54.45.161] 12 77 ms 77 ms 77 ms be2125.agr12.phx02.atlas.cogentco.com [154.54.1.102] 13 77 ms 79 ms 77 ms 154.24.53.154 14 77 ms 77 ms 77 ms 38.88.238.30 15 89 ms 91 ms 93 ms unused [66.187.228.249] 16 89 ms 91 ms 89 ms transit-21-180-132-209.redhat.com [209.132.180.21] 17 77 ms 79 ms 81 ms server1.sourceware.org [209.132.180.131] Trace complete. --- output from 'curl -vso /dev/null https://www.cygwin.com', --- Windows@69.12.250.40 * STATE: INIT => CONNECT handle 0x6000579c0; line 1413 (connection #-5000) * Rebuilt URL to: https://www.cygwin.com/ * Added connection 0. The cache now contains 1 members * Trying 209.132.180.131... * TCP_NODELAY set * STATE: CONNECT => WAITCONNECT handle 0x6000579c0; line 1466 (connection #0) * Connected to www.cygwin.com (209.132.180.131) port 443 (#0) * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000579c0; line 1583 (connection #0) * Marked for [keep alive]: HTTP default * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x6000579c0; line 1597 (connection #0) { [5 bytes data] * TLSv1.2 (IN), TLS handshake, Server hello (2): { [98 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [2519 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [333 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data] * TLSv1.2 (OUT), TLS change cipher, Client hello (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS change cipher, Client hello (1): { [1 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=cygwin.com * start date: Mar 1 03:04:00 2017 GMT * expire date: May 30 03:04:00 2017 GMT * subjectAltName: host "www.cygwin.com" matched cert's "www.cygwin.com" * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. * STATE: PROTOCONNECT => DO handle 0x6000579c0; line 1618 (connection #0) } [5 bytes data] > GET / HTTP/1.1 > Host: www.cygwin.com > User-Agent: curl/7.52.1 > Accept: */* > * STATE: DO => DO_DONE handle 0x6000579c0; line 1680 (connection #0) * STATE: DO_DONE => WAITPERFORM handle 0x6000579c0; line 1807 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x6000579c0; line 1817 (connection #0) { [5 bytes data] * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 403 Forbidden < Date: Sat, 22 Apr 2017 19:39:30 GMT * Server Apache is not blacklisted < Server: Apache < Vary: Accept-Encoding < Content-Length: 382 < Content-Type: text/html; charset=iso-8859-1 < { [5 bytes data] * STATE: PERFORM => DONE handle 0x6000579c0; line 1981 (connection #0) * multi_done * Curl_http_done: called premature == 0 * Connection #0 to host www.cygwin.com left intact --- output from 'openssl s_client -connect www.cygwin.com:443', Windows@69.12.250.40 --- - [input: HEAD / HTTP/1.1\nHost: defender.starwolf.com\n\n] CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = cygwin.com verify return:1 --- Certificate chain 0 s:/CN=cygwin.com i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIFMDCCBBigAwIBAgISAwwDovAR//+tUdLl4uqOp2efMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMDEwMzA0MDBaFw0x NzA1MzAwMzA0MDBaMBUxEzARBgNVBAMTCmN5Z3dpbi5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDJCwkeLVu0Da5KV3ZJptJrWGwWEkDJni2arI3D jKuKrNodipFu0YWH973s9KGFvrsEy1i5q/pSA6av+LnGJW2VSdOXFdtKYVadfIjG UMoosTGDaMArrjjDprG6hvX9vbdHHPoK4/+9I+hWtCUMAVtHrkW5oyKTI8XDj/oV FVm7o2WZnBz8LZCMScY1X+nU3Of++MwLJdh76pBDtaPi/4d2mgChegsscZ7AWUW3 UyAoOcvCRUoyKqLtF1T06vauLDXa9rpNrd8yf8VFigOn5dHQUvwpqCbo28j9+5U5 bR8yjVEdamSfyh/BVfK2pjFcYFGg/o5tmKuhxZJR+/G71gSVAgMBAAGjggJDMIIC PzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFItTa1Nhu2F1NsYVV3FxTjvZPMwbMB8G A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAv BggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv ME0GA1UdEQRGMESCCmN5Z3dpbi5jb22CCmN5Z3dpbi5uZXSCCmN5Z3dpbi5vcmeC DmZ0cC5jeWd3aW4uY29tgg53d3cuY3lnd2luLmNvbTCB/gYDVR0gBIH2MIHzMAgG BmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j cHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlm aWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVz IGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9s aWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkv MA0GCSqGSIb3DQEBCwUAA4IBAQB1X6TaJfYTWzETbPofnhqS2aF8M1qOSeCr72wN TTJcM2n7DwfRAH6WR1OV9UMAvBYXy0TxbuAlMBbLJmIe09ybvqkDbiixvQxAk8xv 96Ik8Xyyl0cJLubKf8xnO39XQddvXKlhW/X8m3cFoVSf5VkF58HPGMPX60mgoO1c hyg0cBeJsVGDA2RAp+TBPkr4HVTiJsUFDIsU1JIpbMnYqegmGKJD61j6e6FwVxug AIhOV1GIE0XXhHH7dgANEknmKZaLjozhYJoIIokxkTcnzCEavbudpXZ1j9ilg1uz 31NkBdc3FQRfjI0BQMbUWwjEe2ngtVxGaLuSFtQopQiBYfY4 -----END CERTIFICATE----- subject=/CN=cygwin.com issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3200 bytes and written 434 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: E6B555893E514447A292ADA81A59729C74D28EA6675D26FF9E1FEBA011449206 Session-ID-ctx: Master-Key: 396E35A0B888D9727A8D9A173F4FF55C65939F6000CA67AB2D1924EBCA86DE91DC51ADD014528C75F91257A3AEFAE29E Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 4b d7 3d 66 d5 fa 75 69-5d 05 c8 04 4b 88 56 fe K.=f..ui]...K.V. 0010 - b6 77 b6 37 11 4a df 00-31 4d a1 09 72 d1 1b c5 .w.7.J..1M..r... 0020 - 91 d5 1b f7 29 43 88 57-84 f1 a9 4d 66 a2 f5 56 ....)C.W...Mf..V 0030 - fc 1c 5d 60 57 e0 09 00-ae b5 b1 73 2b 81 29 ae ..]`W......s+.). 0040 - d9 19 32 fd 07 d6 e6 81-20 c8 1b f6 42 b6 d3 85 ..2..... ...B... 0050 - d1 95 61 7f 98 d6 bb d0-fe 4c 07 95 c7 c2 a7 7c ..a......L.....| 0060 - f4 8e db b4 72 e6 50 74-f7 b8 a9 5f b4 73 71 5c ....r.Pt..._.sq\ 0070 - 01 ce 93 1d 22 94 66 f2-21 e5 a7 6f c0 ab 50 96 ....".f.!..o..P. 0080 - a6 11 88 78 8f 33 1a 11-11 1a 01 39 a9 ec 51 08 ...x.3.....9..Q. 0090 - af f1 16 93 6b 42 18 5d-ad ea 25 e6 62 be 77 1a ....kB.]..%.b.w. 00a0 - b0 c0 35 0f d9 c2 f2 0b-21 72 2a 3d d0 df 66 07 ..5.....!r*=..f. 00b0 - c5 03 19 70 a5 a7 19 2e-ac 4f b7 42 79 51 80 82 ...p.....O.ByQ.. Start Time: 1492891391 Timeout : 300 (sec) Verify return code: 0 (ok) --- HEAD / HTTP/1.1 Host: defender.starwolf.com HTTP/1.1 403 Forbidden Date: Sat, 22 Apr 2017 20:03:15 GMT Server: Apache Vary: Accept-Encoding Content-Type: text/html; charset=iso-8859-1 DONE [-- Attachment #3: cygwin-403-Windows.txt --] [-- Type: text/plain, Size: 8841 bytes --] --- output from 'host www.cygwin.com', NetBSD@69.12.250.42 --- www.cygwin.com has address 209.132.180.131 --- output from 'ping -c 4 www.cygwin.com', NetBSD@69.12.250.42 --- PING www.cygwin.com (209.132.180.131): 56 data bytes 64 bytes from 209.132.180.131: icmp_seq=0 ttl=49 time=79.846013 ms 64 bytes from 209.132.180.131: icmp_seq=1 ttl=49 time=77.474827 ms 64 bytes from 209.132.180.131: icmp_seq=2 ttl=49 time=79.351679 ms 64 bytes from 209.132.180.131: icmp_seq=3 ttl=49 time=78.905822 ms ----www.cygwin.com PING Statistics---- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 77.474827/78.894585/79.846013/1.021435 ms --- output from 'traceroute www.cygwin.com', NetBSD@69.12.250.42 --- traceroute to www.cygwin.com (209.132.180.131), 64 hops max, 40 byte packets 1 smaug (172.21.12.1) 0.624 ms 0.729 ms 0.742 ms 2 stupidhead (69.12.250.1) 48.060 ms 48.074 ms 48.085 ms 3 109.at-4-0-0.gw3.200p-sf.sonic.net (208.106.28.117) 49.581 ms 49.895 ms 48.096 ms 4 0.ae2.gw.200p-sf.sonic.net (70.36.211.53) 48.048 ms 47.990 ms 47.695 ms 5 as0.gw2.200p-sf.sonic.net (208.106.96.250) 49.986 ms 47.981 ms 48.082 ms 6 303.ae4.gw.pao1.sonic.net (69.12.163.217) 51.906 ms 49.904 ms 51.928 ms 7 te0-0-0-15.ccr21.sjc04.atlas.cogentco.com (38.104.141.81) 51.911 ms 51.831 ms 51.931 ms 8 be2013.ccr41.sjc03.atlas.cogentco.com (154.54.5.105) 53.835 ms 52.215 ms 51.935 ms 9 be3144.ccr22.sjc01.atlas.cogentco.com (154.54.5.101) 53.817 ms 51.847 ms be3142.ccr21.sjc01.atlas.cogentco.com (154.54.1.193) 51.932 ms 10 be3176.ccr21.lax01.atlas.cogentco.com (154.54.31.189) 64.101 ms 65.688 ms be3177.ccr22.lax01.atlas.cogentco.com (154.54.40.145) 65.787 ms 11 be2931.ccr21.phx02.atlas.cogentco.com (154.54.44.85) 76.030 ms 75.695 ms 76.179 ms 12 te0-0-1-0.agr13.phx02.atlas.cogentco.com (154.54.46.190) 75.759 ms be2125.agr12.phx02.atlas.cogentco.com (154.54.1.102) 78.004 ms 75.669 ms 13 154.24.53.154 (154.24.53.154) 78.072 ms 78.042 ms 154.24.53.150 (154.24.53.150) 77.717 ms 14 38.88.238.30 (38.88.238.30) 89.966 ms 75.754 ms 38.122.88.218 (38.122.88.218) 75.790 ms 15 unused (66.187.228.248) 81.882 ms unused (66.187.228.249) 93.647 ms 79.893 ms 16 transit-21-180-132-209.redhat.com (209.132.180.21) 100.019 ms 91.844 ms 93.896 ms 17 server1.sourceware.org (209.132.180.131) 76.150 ms !<10> 75.697 ms !<10> 80.028 ms !<10> --- output from 'curl -vsko /dev/null https://www.cygwin.com', --- NetBSD@69.12.250.42 [ -k because for some reason I don't have any SSL certs on the box [ other than the ssh host key. * Rebuilt URL to: https://www.cygwin.com/ * Trying 209.132.180.131... * Connected to www.cygwin.com (209.132.180.131) port 443 (#0) * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: none CApath: /etc/openssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.2 (IN), TLS handshake, Server hello (2): { [98 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [2519 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [333 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data] * TLSv1.2 (OUT), TLS change cipher, Client hello (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS change cipher, Client hello (1): { [1 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * Server certificate: * subject: CN=cygwin.com * start date: Mar 1 03:04:00 2017 GMT * expire date: May 30 03:04:00 2017 GMT * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. > GET / HTTP/1.1 > Host: www.cygwin.com > User-Agent: curl/7.45.0 > Accept: */* > < HTTP/1.1 403 Forbidden < Date: Sat, 22 Apr 2017 19:54:49 GMT < Server: Apache < Vary: Accept-Encoding < Content-Length: 382 < Content-Type: text/html; charset=iso-8859-1 < { [382 bytes data] * Connection #0 to host www.cygwin.com left intact --- output from 'openssl s_client -connect www.cygwin.com:443', NetBSD@69.12.250.42 -- Input: "HEAD / HTTP/1.0\nHost: eddie.starwolf.com\n\n" : eddie; openssl s_client -connect www.cygwin.com:443 CONNECTED(00000004) depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/CN=cygwin.com i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIFMDCCBBigAwIBAgISAwwDovAR//+tUdLl4uqOp2efMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMDEwMzA0MDBaFw0x NzA1MzAwMzA0MDBaMBUxEzARBgNVBAMTCmN5Z3dpbi5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDJCwkeLVu0Da5KV3ZJptJrWGwWEkDJni2arI3D jKuKrNodipFu0YWH973s9KGFvrsEy1i5q/pSA6av+LnGJW2VSdOXFdtKYVadfIjG UMoosTGDaMArrjjDprG6hvX9vbdHHPoK4/+9I+hWtCUMAVtHrkW5oyKTI8XDj/oV FVm7o2WZnBz8LZCMScY1X+nU3Of++MwLJdh76pBDtaPi/4d2mgChegsscZ7AWUW3 UyAoOcvCRUoyKqLtF1T06vauLDXa9rpNrd8yf8VFigOn5dHQUvwpqCbo28j9+5U5 bR8yjVEdamSfyh/BVfK2pjFcYFGg/o5tmKuhxZJR+/G71gSVAgMBAAGjggJDMIIC PzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFItTa1Nhu2F1NsYVV3FxTjvZPMwbMB8G A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAv BggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv ME0GA1UdEQRGMESCCmN5Z3dpbi5jb22CCmN5Z3dpbi5uZXSCCmN5Z3dpbi5vcmeC DmZ0cC5jeWd3aW4uY29tgg53d3cuY3lnd2luLmNvbTCB/gYDVR0gBIH2MIHzMAgG BmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j cHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlm aWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVz IGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9s aWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkv MA0GCSqGSIb3DQEBCwUAA4IBAQB1X6TaJfYTWzETbPofnhqS2aF8M1qOSeCr72wN TTJcM2n7DwfRAH6WR1OV9UMAvBYXy0TxbuAlMBbLJmIe09ybvqkDbiixvQxAk8xv 96Ik8Xyyl0cJLubKf8xnO39XQddvXKlhW/X8m3cFoVSf5VkF58HPGMPX60mgoO1c hyg0cBeJsVGDA2RAp+TBPkr4HVTiJsUFDIsU1JIpbMnYqegmGKJD61j6e6FwVxug AIhOV1GIE0XXhHH7dgANEknmKZaLjozhYJoIIokxkTcnzCEavbudpXZ1j9ilg1uz 31NkBdc3FQRfjI0BQMbUWwjEe2ngtVxGaLuSFtQopQiBYfY4 -----END CERTIFICATE----- subject=/CN=cygwin.com issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 --- No client certificate CA names sent --- SSL handshake has read 3200 bytes and written 423 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 630FE678D129F49799C155C4858C3D78529545B0F16A0D910627AFD8082E4EBC Session-ID-ctx: Master-Key: 5B9F5F86A167EB804A43D0A25608655FA1C09B7D454A886154861A57F7CC507F539A8F0B2F91BA3F0C7FF33D08651068 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 4b d7 3d 66 d5 fa 75 69-5d 05 c8 04 4b 88 56 fe K.=f..ui]...K.V. 0010 - ea 1b 31 8a 0f 6e a9 ad-f7 c3 78 40 49 26 b9 16 ..1..n....x@I&.. 0020 - 25 d4 35 55 4f 49 cf 11-bd a8 38 1e f6 4d e6 a2 %.5UOI....8..M.. 0030 - 38 ae b5 b4 29 18 38 f0-b9 2b 9c bf c8 68 18 7a 8...).8..+...h.z 0040 - 2a 34 b7 40 52 8e f5 65-d2 4b b6 d0 67 7f 34 69 *4.@R..e.K..g.4i 0050 - 63 a1 6d eb 2c c9 cd fe-4d 21 e4 85 4a 70 be 59 c.m.,...M!..Jp.Y 0060 - f6 84 5c ba 2a ad a8 1e-cb f8 7d 8c 7d 14 f1 c1 ..\.*.....}.}... 0070 - 03 45 7f e0 24 ca 58 12-99 d8 c0 9e d9 03 ab d3 .E..$.X......... 0080 - 5c 36 64 30 b0 7f da 95-2d 3a 83 94 61 8d 8f 70 \6d0....-:..a..p 0090 - 5c 9e 0e 1d 28 bb ef 80-2b 93 3c 20 89 19 e0 a5 \...(...+.< .... 00a0 - d6 e0 a0 c7 ec 28 0a 9c-d5 3c f7 8b 0e 02 b5 63 .....(...<.....c 00b0 - 5d 60 d8 56 1d e5 b7 fd-6a ae 19 d7 07 3d 08 bc ]`.V....j....=.. Start Time: 1492891084 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- HEAD / HTTP/1.1 Host: eddie.starwolf.com HTTP/1.1 403 Forbidden Date: Sat, 22 Apr 2017 19:58:12 GMT Server: Apache Vary: Accept-Encoding Content-Type: text/html; charset=iso-8859-1 DONE [-- Attachment #4: Type: text/plain, Size: 219 bytes --] -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: What is the proper mailing list for server issues? 2017-04-23 12:59 ` Greywolf @ 2017-04-23 15:21 ` Brian Inglis 2017-04-24 20:50 ` Gluszczak, Glenn 1 sibling, 0 replies; 11+ messages in thread From: Brian Inglis @ 2017-04-23 15:21 UTC (permalink / raw) To: cygwin On 2017-04-22 21:04, Greywolf wrote: > I'm trying from several different machines in the house, some > directly connected, as well as any thru the NAT interface. This is > the ONLY site I cannot reach normally. I have to use the Tor browser > to reach the site, and, even then, once I get a new cygwin setup > .exe, the list of mirrors doesn't auto-fill because (surprise, > surprise) I cannot connect via any known protocol to either > www.cygwin.com or 209.132.180.131. > The SSL certificates I get from a successful Tor hit and an > unsuccessful 403 from home are identical > I am concluding that at least the address range 69.12.250.{40-47} are > being blocked; and it probably extends beyond that. > Firewall is a Watchguard Firebox running pf_sense. I get the 403 even > with a direct (non-firewalled, non-routed connection) > I have attached two .txt file with runs from two servers within my > house, one running NetBSD, one running Windows [thus the importance > of cygwin]. > Included are runs from 'host'/'nslookup', 'ping', 'traceroute', > 'curl' and 'openssl' > This is NOT a local firewall issue, otherwise my other machines on > different addresses would not have a problem. > smaug is my internal firewall. > stupidhead is the default next hop from said firewall. > "...it's nothing to do with cygwin.com." > Sooooo, why else would I get a refusal from the web server from this > address when I can connect from elsewhere ** and the SSL certificate > is the same ** ?? > What am I missing? > "...but there's nothing we can do from here." > Where is "here"? If "here" == "cygwin.com", you can't tell me if my > IP is on an internal blacklist (and, moreso, why?)?? Sourceware runs the servers. Contact sourceware.org support sourcemaster at sourceware dot org to see what their server logs say, or what their BLs are blocking. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: What is the proper mailing list for server issues? 2017-04-23 12:59 ` Greywolf 2017-04-23 15:21 ` Brian Inglis @ 2017-04-24 20:50 ` Gluszczak, Glenn 2017-04-25 13:09 ` Brian Inglis 1 sibling, 1 reply; 11+ messages in thread From: Gluszczak, Glenn @ 2017-04-24 20:50 UTC (permalink / raw) To: cygwin [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: Type: text/plain; charset="utf-8", Size: 3775 bytes --] Ok, I spoke too hastily. It's possible a webserver blocks sites or the ISP blocks. Also, perhaps cygwin.com can't resolve starwolf.com as Brian suggested. Looking at your curl and openssl output I see this oddity "No ALPN negotiated" "ALPN, server did not agree to a protocol" According to this site cygwin.com does not support HTTP/2. Must be using 1.1. https://tools.keycdn.com/http2-test Does this get you a web page? curl -v --http1.0 https://www.cygwin.com You're not doing any port forwarding of 443? Glenn ============================================================ Greetings, I'm trying from several different machines in the house, some directly connected, as well as any thru the NAT interface. This is the ONLY site I cannot reach normally. I have to use the Tor browser to reach the site, and, even then, once I get a new cygwin setup .exe, the list of mirrors doesn't auto-fill because (surprise, surprise) I cannot connect via any known protocol to either www.cygwin.com or 209.132.180.131. The SSL certificates I get from a successful Tor hit and an unsuccessful 403 from home are identical I am concluding that at least the address range 69.12.250.{40-47} are being blocked; and it probably extends beyond that. Firewall is a Watchguard Firebox running pf_sense. I get the 403 even with a direct (non-firewalled, non-routed connection) I have attached two .txt file with runs from two servers within my house, one running NetBSD, one running Windows [thus the importance of cygwin]. Included are runs from 'host'/'nslookup', 'ping', 'traceroute', 'curl' and 'openssl' This is NOT a local firewall issue, otherwise my other machines on different addresses would not have a problem. smaug is my internal firewall. stupidhead is the default next hop from said firewall. "...it's nothing to do with cygwin.com." Sooooo, why else would I get a refusal from the web server from this address when I can connect from elsewhere ** and the SSL certificate is the same ** ?? What am I missing? "...but there's nothing we can do from here." Where is "here"? If "here" == "cygwin.com", you can't tell me if my IP is on an internal blacklist (and, moreso, why?)?? On 2017-04-21 08:06, Gluszczak, Glenn wrote: > > Agree, it's nothing to do with Cygwin.com. > > Check for a firewall on your local machine. Check your home router to see if it has a firewall with restrictions. > Perhaps you're passing through a proxy server or firewall at the ISP? > Try traceroute or wget to analyze what site you're really attaching to. > > > > On 4/21/2017 2:35 AM, Greywolf wrote: >> Hello, >> >> I am having a server issue that neither I nor my ISP seem to be able >> to resolve with regards to connecting to Cygwin.com -- namely, only >> from my house, I get a 403 Forbidden. >> > > This is _your_ problem. Something has caused you to not be able to reach cygwin.com properly. What IP address does cygwin.com resolve to? > Does using the IP address directly work for you? > > $ ping cygwin.com > > Pinging cygwin.com [209.132.180.131] with 32 bytes of data: > > >> I've been round with my ISP and they are unable to reproduce the >> issue; the response I get from here is "contact your ISP". So who do >> I contact about this? Not being able to automagically fetch the >> mirror list is annoying, and not being able to reach the site to see >> about updates and such is similarly so. >> > > Understandable but nothing we can do from here. \0ТÒÐÐ¥\a&ö&ÆVÒ\a&W\x06÷'G3¢\x02\x02\x02\x02\x02\x02\x06GG\x03¢òö7wvâæ6öÒ÷\a&ö&ÆV×2æFÖÀФd\x15\x13¢\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x06GG\x03¢òö7wvâæ6öÒöf\x17\x12ðФFö7VÖVçF\x17Föã¢\x02\x02\x02\x02\x02\x02\x02\x02\x06GG\x03¢òö7wvâæ6öÒöFö72æFÖÀÐ¥Vç7V'67&&R\x06æfó¢\x02\x02\x02\x02\x02\x06GG\x03¢òö7wvâæ6öÒöÖÂò7Vç7V'67&&R×6×\x06ÆPÐ Ð ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: What is the proper mailing list for server issues? 2017-04-24 20:50 ` Gluszczak, Glenn @ 2017-04-25 13:09 ` Brian Inglis 0 siblings, 0 replies; 11+ messages in thread From: Brian Inglis @ 2017-04-25 13:09 UTC (permalink / raw) To: cygwin On 2017-04-24 08:59, Gluszczak, Glenn wrote: > On 2017-04-21 08:06, Gluszczak, Glenn wrote: >> On 4/21/2017 2:35 AM, Greywolf wrote: >>> I am having a server issue that neither I nor my ISP seem to be able >>> to resolve with regards to connecting to Cygwin.com -- namely, only >>> from my house, I get a 403 Forbidden. >> This is _your_ problem. Something has caused you to not be able to >> reach cygwin.com properly. What IP address does cygwin.com resolve >> to? >> Does using the IP address directly work for you? >> $ ping cygwin.com >> Pinging cygwin.com [209.132.180.131] with 32 bytes of data: >>> I've been round with my ISP and they are unable to reproduce the >>> issue; the response I get from here is "contact your ISP". So who >>> do I contact about this? Not being able to automagically fetch >>> the mirror list is annoying, and not being able to reach the site >>> to see about updates and such is similarly so. >> Understandable but nothing we can do from here. >>> I'm trying from several different machines in the house, some >>> directly connected, as well as any thru the NAT interface. This >>> is the ONLY site I cannot reach normally. I have to use the Tor >>> browser to reach the site, and, even then, once I get a new >>> cygwin setup .exe, the list of mirrors doesn't auto-fill because >>> (surprise, surprise) I cannot connect via any known protocol to >>> either www.cygwin.com or 209.132.180.131. >>> The SSL certificates I get from a successful Tor hit and an >>> unsuccessful 403 from home are identical >>> I am concluding that at least the address range >>> 69.12.250.{40-47} are being blocked; and it probably extends >>> beyond that. >>> Firewall is a Watchguard Firebox running pf_sense. I get the 403 >>> even with a direct (non-firewalled, non-routed connection) >>> I have attached two .txt file with runs from two servers within >>> my house, one running NetBSD, one running Windows [thus the >>> importance of cygwin]. >>> Included are runs from 'host'/'nslookup', 'ping', 'traceroute', >>> 'curl' and 'openssl' >>> This is NOT a local firewall issue, otherwise my other machines >>> on different addresses would not have a problem. >>> smaug is my internal firewall. >>> stupidhead is the default next hop from said firewall. >>> "...it's nothing to do with cygwin.com." >>> Sooooo, why else would I get a refusal from the web server from >>> this address when I can connect from elsewhere ** and the SSL >>> certificate is the same ** ?? >>> What am I missing? >>> "...but there's nothing we can do from here." >>> Where is "here"? If "here" == "cygwin.com", you can't tell me if >>> my IP is on an internal blacklist (and, moreso, why?)?? >>>> Agree, it's nothing to do with Cygwin.com. >>>> Check for a firewall on your local machine. Check your home >>>> router to see if it has a firewall with restrictions. >>>> Perhaps you're passing through a proxy server or firewall at >>>> the ISP? >>>> Try traceroute or wget to analyze what site you're really >>>> attaching to. > Ok, I spoke too hastily. It's possible a webserver blocks sites or > the ISP blocks. > Also, perhaps cygwin.com can't resolve starwolf.com as Brian > suggested. > Looking at your curl and openssl output I see this oddity > "No ALPN negotiated" > "ALPN, server did not agree to a protocol" > According to this site cygwin.com does not support HTTP/2. Must be > using 1.1. > https://tools.keycdn.com/http2-test > Does this get you a web page? > curl -v --http1.0 https://www.cygwin.com > You're not doing any port forwarding of 443? I recall some issue in the past with http2 sites, TLS, http2/ALPN, spdy/NPN, and I remember having to run curl --no-alpn --no-npn to get it to work, but I can't find any email or script with it, so may have been an adhoc throwaway command, and/or something improperly set up on a web server or with curl that did not negotiate properly during connection setup. Download testssl.sh from https://testssl.sh/ or clone it from the linked github repo and try it from your problem system with .../testssl.sh cygwin.com - takes a while - run it with a black background so you can see the yellow messages. Many local problems highlighted in magenta are just warnings that your SSL installation disables insecure ciphers. Something may be highlighted with your system or their server that you can discuss with sourcemaster at sourceware dot org. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: What is the proper mailing list for server issues? 2017-04-21 18:31 ` cyg Simple 2017-04-21 22:12 ` Gluszczak, Glenn @ 2017-04-21 22:54 ` Erik Soderquist 1 sibling, 0 replies; 11+ messages in thread From: Erik Soderquist @ 2017-04-21 22:54 UTC (permalink / raw) To: cygwin On Fri, Apr 21, 2017 at 9:46 AM, cyg Simple <cygsimple@gmail.com> wrote: > On 4/21/2017 2:35 AM, Greywolf wrote: >> I am having a server issue that neither I nor my ISP seem to be able to >> resolve with regards to connecting to Cygwin.com -- namely, only from my >> house, I get a 403 Forbidden. if you try https rather than http, you should get a flag about a wrong certificate if it is connecting to the wrong host (this sounds highly likely). perhaps the certificate information you get will show who you are actually connecting to...? >> > > This is _your_ problem. Something has caused you to not be able to > reach cygwin.com properly. What IP address does cygwin.com resolve to? > Does using the IP address directly work for you? > > $ ping cygwin.com > > Pinging cygwin.com [209.132.180.131] with 32 bytes of data: I had similar problems and on watching packets with Wireshark, found that _someone_ was hijacking DNS requests... I switched to dnscrypt and have not had that problem since. -- Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: What is the proper mailing list for server issues? 2017-04-21 11:42 What is the proper mailing list for server issues? Greywolf 2017-04-21 18:31 ` cyg Simple @ 2017-04-21 18:38 ` Jon Turney 2017-04-23 11:55 ` Brian Inglis 1 sibling, 1 reply; 11+ messages in thread From: Jon Turney @ 2017-04-21 18:38 UTC (permalink / raw) To: The Cygwin Mailing List; +Cc: Greywolf On 21/04/2017 07:35, Greywolf wrote: > Hello, > > I am having a server issue that neither I nor my ISP seem to be able to > resolve with regards to connecting to Cygwin.com -- namely, only from my > house, I get a 403 Forbidden. > > I've been round with my ISP and they are unable to reproduce the issue; > the response I get from here is "contact your ISP". So who do I contact > about this? Not being able to automagically fetch the mirror list is > annoying, and not being able to reach the site to see about updates and > such is similarly so. You might try contacting the overseers list to ask if this is a problem similar to [1]. [1] https://www.sourceware.org/ml/overseers/2016-q2/msg00019.html -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: What is the proper mailing list for server issues? 2017-04-21 18:38 ` Jon Turney @ 2017-04-23 11:55 ` Brian Inglis 0 siblings, 0 replies; 11+ messages in thread From: Brian Inglis @ 2017-04-23 11:55 UTC (permalink / raw) To: cygwin On 2017-04-21 08:06, Jon Turney wrote: > On 21/04/2017 07:35, Greywolf wrote: >> Hello, >> >> I am having a server issue that neither I nor my ISP seem to be >> able to resolve with regards to connecting to Cygwin.com -- namely, >> only from my house, I get a 403 Forbidden. >> >> I've been round with my ISP and they are unable to reproduce the >> issue; the response I get from here is "contact your ISP". So who >> do I contact about this? Not being able to automagically fetch the >> mirror list is annoying, and not being able to reach the site to >> see about updates and such is similarly so. > > You might try contacting the overseers list to ask if this is a > problem similar to [1]. > > [1] https://www.sourceware.org/ml/overseers/2016-q2/msg00019.html A proxy server could also possibly cause the same symptoms. Are you accessing the web directly or via any type of proxy e.g at your ISP, or over a VPN? -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-04-24 20:58 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-04-21 11:42 What is the proper mailing list for server issues? Greywolf 2017-04-21 18:31 ` cyg Simple 2017-04-21 22:12 ` Gluszczak, Glenn 2017-04-22 8:59 ` Brian Inglis 2017-04-23 12:59 ` Greywolf 2017-04-23 15:21 ` Brian Inglis 2017-04-24 20:50 ` Gluszczak, Glenn 2017-04-25 13:09 ` Brian Inglis 2017-04-21 22:54 ` Erik Soderquist 2017-04-21 18:38 ` Jon Turney 2017-04-23 11:55 ` Brian Inglis
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).