Closed zonyitoo closed 4 years ago
$ curl 'https://dc.services.visualstudio.com/api/profiles/AIF-d9b70cd4-b9f9-4d70-929b-a071c400b217/appId' -v
* Trying 52.231.18.241...
* TCP_NODELAY set
* Connected to dc.services.visualstudio.com (52.231.18.241) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=in.applicationinsights.azure.com
* start date: Apr 30 18:18:23 2020 GMT
* expire date: Apr 30 18:18:23 2022 GMT
* subjectAltName: host "dc.services.visualstudio.com" matched cert's "dc.services.visualstudio.com"
* issuer: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; OU=Microsoft IT; CN=Microsoft IT TLS CA 4
* SSL certificate verify ok.
> GET /api/profiles/AIF-d9b70cd4-b9f9-4d70-929b-a071c400b217/appId HTTP/1.1
> Host: dc.services.visualstudio.com
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: text/plain
< x-ms-session-id: B89B2ACC-F73B-4D3E-BF10-11490B062D91
< Strict-Transport-Security: max-age=31536000
< Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
< Access-Control-Allow-Origin: *
< Access-Control-Max-Age: 3600
< X-Content-Type-Options: nosniff
< Date: Tue, 05 May 2020 15:03:55 GMT
< Content-Length: 17
<
* Connection #0 to host dc.services.visualstudio.com left intact
Profile Not Found* Closing connection 0
The server does not support any modern cipher suites supported by rustls. I suggest you report this problem to M$.
https://www.ssllabs.com/ssltest/analyze.html?d=dc.services.visualstudio.com#tableSubHead
LOL. That's sxxt.
Test code:
This is a minimal test case, which tries to connect
dc.services.visualstudio.com:443
. It will get an error:Remote server aborted connection while handshaking.
Couldn't be reproduced by
tokio-tls
.