Page MenuHomePhabricator
Create Task
Maniphest T65435

tools.wmflabs.org rejects SNI with tools.wmflabs.org
Closed, DeclinedPublic
Actions

Description

https://tools.wmflabs.org/ rejects connections where the client indicates an SNI of tools.wmflabs.org. This is apparently important for Java applications in particular (cf. http://bugs.java.com/bugdatabase/view_bug.do?bug_id=7177232).

To reproduce:

openssl s_client -connect tools.wmflabs.org:443

opens a connection just fine, while:

openssl s_client -servername tools.wmflabs.org -connect tools.wmflabs.org:443
openssl s_client -servername tools-webproxy -connect tools.wmflabs.org:443
openssl s_client -servername tools-webproxy.eqiad.wmflabs -connect tools.wmflabs.org:443

all fail. I'm unable to log into tools-webproxy, so I can't debug this further at the moment.

Version: unspecified
Severity: major

Details

Reference
bz63435

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:07 AM
bzimport added a project: Toolforge.
bzimport set Reference to bz63435.
scfc created this task.Apr 2 2014, 6:23 PM
coren added a comment.Aug 28 2014, 2:34 PM

All four work for me. Perhaps this issue was only present during the transition to nginx? (There were proxies to proxies for roughly one month at that time).

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL