isbgpsafeyet.com icon indicating copy to clipboard operation
isbgpsafeyet.com copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Updating Microsoft (AS8075) as we have started RPKI Filtering

Open alkhos opened this issue 3 years ago • 1 comments

alkhos avatar Dec 04 '21 00:12 alkhos

Hi @alkhos

It seems some invalids are still reachable from Azure:

*   Trying 103.21.244.14...
* TCP_NODELAY set
* Connected to invalid.rpki.cloudflare.com (103.21.244.14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Jul 18 00:00:00 2021 GMT
*  expire date: Jul 17 23:59:59 2022 GMT
*  subjectAltName: host "invalid.rpki.cloudflare.com" matched cert's "invalid.rpki.cloudflare.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5605f5d1bfb0)
> GET / HTTP/2
> Host: invalid.rpki.cloudflare.com
> User-Agent: curl/7.64.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Mon, 06 Dec 2021 17:03:22 GMT
< content-type: text/plain;charset=UTF-8
< content-length: 7
< access-control-allow-origin: *
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 6b9716581a740834-CDG
<
* Connection #0 to host invalid.rpki.cloudflare.com left intact```

Is this expected ?

jejenone avatar Dec 06 '21 17:12 jejenone