Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating Microsoft (AS8075) as we have started RPKI Filtering #583

Closed
wants to merge 2 commits into from
Closed

Updating Microsoft (AS8075) as we have started RPKI Filtering #583

wants to merge 2 commits into from

Conversation

alkhos
Copy link
Contributor

@alkhos alkhos commented Dec 4, 2021

No description provided.

@jejenone
Copy link
Contributor

jejenone commented Dec 6, 2021
edited
Loading

Hi @alkhos

It seems some invalids are still reachable from Azure:

*   Trying 103.21.244.14...
* TCP_NODELAY set
* Connected to invalid.rpki.cloudflare.com (103.21.244.14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Jul 18 00:00:00 2021 GMT
*  expire date: Jul 17 23:59:59 2022 GMT
*  subjectAltName: host "invalid.rpki.cloudflare.com" matched cert's "invalid.rpki.cloudflare.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5605f5d1bfb0)
> GET / HTTP/2
> Host: invalid.rpki.cloudflare.com
> User-Agent: curl/7.64.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Mon, 06 Dec 2021 17:03:22 GMT
< content-type: text/plain;charset=UTF-8
< content-length: 7
< access-control-allow-origin: *
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 6b9716581a740834-CDG
<
* Connection #0 to host invalid.rpki.cloudflare.com left intact```

Is this expected ?

@digizeph digizeph added verified: filtering AS does RPKI invalid filtering verified: signed AS has signed all their prefixes and removed status: investigating labels Sep 9, 2024
@digizeph
Copy link
Collaborator

digizeph commented Sep 9, 2024

Microsoft AS8075 has already been marked as safe in other PR. Closing this PR now.

@digizeph digizeph closed this Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
verified: filtering AS does RPKI invalid filtering verified: signed AS has signed all their prefixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alkhos @jejenone @digizeph