Open lem0nify opened 1 year ago
lucacasonato
commented
1 year ago Do outbound connections to https://cloudflare.com work? What version of openssl are you running? Is it possible there is some intermediary that is stripping out SNI headers from the TLS ClientHello packet?
lem0nify
commented
1 year ago lem0nify@freeshell:~$ curl -IL https://cloudflare.com
HTTP/2 301
date: Fri, 10 Feb 2023 22:33:27 GMT
location: https://www.cloudflare.com/
cache-control: max-age=3600
expires: Fri, 10 Feb 2023 23:33:27 GMT
set-cookie: __cf_bm=BRwdQaypP5iDTiJ1fB0UWJeHhWr5YfjIekjXygz66a0-1676068407-0-AbgBqRpF/0V8T4CpudRZth9Y4Ymnnzco93JVUpStv+VNAfejyAACRbV+fAJaoZ8J4XJSMOUFoXa8teyJP87KNH0=; path=/; expires=Fri, 10-Feb-23 23:03:27 GMT; domain=.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ReDzBipQPF9HVXfaLTnqmd00uMuJZGFqCkEnIYtU3Uy5ibdGbsXxw9ViH8Hl4JQZsB7ocWxgwyRMD0thaxOl0sqN%2Fvi%2FTimKfQlLp2DZ8pB0HEimaksIvShW367Berpa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000; includeSubDomains
server: cloudflare
cf-ray: 79784e7bfac0c31e-VIE
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
HTTP/2 200
date: Fri, 10 Feb 2023 22:33:27 GMT
content-type: text/html; charset=utf-8
accept-ranges: bytes
cache-control: max-age=120
expires: Fri, 10 Feb 2023 22:33:42 GMT
last-modified: Fri, 10 Feb 2023 22:29:34 GMT
strict-transport-security: max-age=31536000
cf-cache-status: MISS
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-rm: RDWD
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=6j9a2dUDtb.jcU69FmJcOzk2maspbbcdELcPd8zCpVQ-1676068407-0-ASj2ZYRqu1EF2JCgGdz5OwJKbSYRW1NtEQ6IFFjovar1518KfY5OMZ9GhjEwad0wc2OkrkfqWK+4f5ZZcHnr4dMIzwchwyrbyxXi22Av4Na7; path=/; expires=Fri, 10-Feb-23 23:03:27 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
server-timing: cf-q-config;dur=8.999999408843e-06
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9A1F3mK6Q0b0MrqSEwZJLEgxhLeev8EEOeIYoMy7l9aEGqvVOJv0KVNZnL8sj%2FVY0r7oPZ4BK5w9ymgH%2FLckEymRbjR3nSAIj6ZrIj4B4FzQtTdVBJgN1v0guB5Rtl3uJ1fo9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79784e7c39bc0fa6-VIE
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
lem0nify@freeshell:~$ openssl version
OpenSSL 1.1.1f 31 Mar 2020Is it possible there is some intermediary that is stripping out SNI headers from the TLS ClientHello packet?
I don't know, but Sebastian Krajenski, the tenant of the server, contacted the data center where the server is located at my request, and they said they had no idea why this was happening. So I guess if there's an intermediary doing this, it's outside of the data center.
Is there any way we can check this?
lem0nify
commented
1 year ago @lucacasonato Still no progress here? :disappointed:
I got free shell access to freeshell.de and I'm trying to install Deno there, but any IPv4 SSL connection from there to deno.land is instantly closed by deno.land:443. I could unpack the deno binary manually, but I still need a connection to https://deno.land to access the libraries.
I contacted the owner of freeshell.de, and he contacted the datacenter where the server is located. Together they came to the conclusion that the problem is on the side of deno.land. Maybe there's something wrong with the firewall rules or something.
The IP address of the freeshell.de server is 116.202.128.144.
Output from
openssl s_client -connect deno.land:443: