tickets #114583
closedhttps://ftp.kddilabs.jp mirror redirects to http://ftp-srv2.kddilabs.jp (protocol downgrade)
100%
Description
TL;DR:
https://ftp.kddilabs.jp redirects to http://ftp-srv2.kddilabs.jp which is a protocol downgrade.
Please contact the mirror admin to get this fixed.
Long version:
This was originally reported by Andrei Borzenkov on the support mailinglist. The relevant part of the mail is:
It is not zypper, nor is it opensuse infrastructure.
bor@bor-Latitude-E5450:~$ curl -IL
https://mirrorcache-eu.opensuse.org/debug/tumbleweed/repo/oss/repodata/1c92b1536363bed4d5cc8f1d8d54becf1105301e326033601cf10168a300da41-primary.xml.gz
HTTP/2 302
content-length: 0
date: Fri, 22 Jul 2022 19:52:06 GMT
location:
https://ftp.kddilabs.jp/Linux/packages/opensuse/debug/tumbleweed/repo/oss/repodata/1c92b1536363bed4d5cc8f1d8d54becf1105301e326033601cf10168a300da41-primary.xml.gz
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=15768000
HTTP/1.1 302 Found
Date: Fri, 22 Jul 2022 19:52:08 GMT
Server: Apache/2.4.46 (Unix) OpenSSL/1.0.1e-fips
Location:
http://ftp-srv2.kddilabs.jp/Linux/packages/opensuse/debug/tumbleweed/repo/oss/repodata/1c92b1536363bed4d5cc8f1d8d54becf1105301e326033601cf10168a300da41-primary.xml.gz
Content-Type: text/html; charset=iso-8859-1
HTTP/1.1 200 OK
Date: Fri, 22 Jul 2022 19:52:09 GMT
Server: Apache/2.4.46 (Unix) OpenSSL/1.0.1e-fips
Last-Modified: Wed, 20 Jul 2022 00:04:27 GMT
ETag: "977ab4-5e431582678c0"
Accept-Ranges: bytes
Content-Length: 9927348
Content-Type: application/x-gzip
bor@bor-Latitude-E5450:~$
So it is mirror itself that redirects from https to http.
Updated by pjessen over 1 year ago
cboltz wrote:
TL;DR:
https://ftp.kddilabs.jp redirects to http://ftp-srv2.kddilabs.jp which is a protocol downgrade.
Please contact the mirror admin to get this fixed.
Maybe just fix our side by not listing their https version? When they redirect to http, it seems unlikely they have agreed to be accessible over https.
Updated by bmwiedemann over 1 year ago
Found another issue with the mirror: IPv6 timeouts.
> host ftp.kddilabs.jp
ftp.kddilabs.jp has address 192.26.91.193
ftp.kddilabs.jp has IPv6 address 2001:200:601:10:206:5bff:fef0:466c
> curl -6 http://ftp.kddilabs.jp
curl: (7) Failed to connect to ftp.kddilabs.jp port 80: No route to host
Updated by andriinikitin 5 months ago ยท Edited
- Status changed from New to Resolved
- % Done changed from 0 to 100
bmwiedemann wrote in #note-3:
Found another issue with the mirror: IPv6 timeouts.
That should be tracked automatically and the mirror will not be picked for requests over ipv6.
The mirror also is not used for https requests at the moment:
~> curl -Is http://download.opensuse.org/distribution/leap/15.5/iso/openSUSE-Leap-15.5-NET-x86_64-Build491.1-Media.iso?IP=192.26.91.193
location: http://ftp.kddilabs.jp/Linux/packages/opensuse/distribution/leap/15.5/iso/openSUSE-Leap-15.5-NET-x86_64-Build491.1-Media.iso
~> curl -Is https://download.opensuse.org/distribution/leap/15.5/iso/openSUSE-Leap-15.5-NET-x86_64-Build491.1-Media.iso?IP=192.26.91.193
location: https://ftp.jaist.ac.jp/pub/Linux/openSUSE/distribution/leap/15.5/iso/openSUSE-Leap-15.5-NET-x86_64-Build491.1-Media.iso
Thus I am closing the call for now.
Updated by andriinikitin 5 months ago
andriinikitin wrote in #note-4:
That should be tracked automatically and the mirror will not be picked for requests over ipv6.
~> curl -Is http://download.opensuse.org/distribution/leap/15.5/iso/openSUSE-Leap-15.5-NET-x86_64-Build491.1-Media.iso?IP=2001:200:601:10:206:5bff:fef0:466c
location: http://ftp.jaist.ac.jp/pub/Linux/openSUSE/distribution/leap/15.5/iso/openSUSE-Leap-15.5-NET-x86_64-Build491.1-Media.iso