Closed
Bug 1309201
Opened 8 years ago
Closed 2 years ago
automated hsts update infrastructure can't connect to ipv6-only hosts
Categories
(Release Engineering :: General, defect)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jan, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20161010030204
Steps to reproduce:
Found terrax.net on https://dxr.mozilla.org/comm-central/source/mozilla/security/manager/ssl/nsSTSPreloadList.errors
https://dev.ssllabs.com/ssltest/analyze.html?d=terrax.net&hideResults=on
Actual results:
It is not preloaded in Firefox, but in Chrome.
Expected results:
Domain should have been preloaded.
terrax.net is "IPv6 + Port 443 + ECDHE-RSA-AES256-GCM-SHA384 + secp521r1" only. (Yes, Port 80/HTTP is closed. That's what we all want with preloading.)
Reporter | ||
Updated•8 years ago
|
OS: Unspecified → All
Hardware: Unspecified → All
Comment hidden (obsolete) |
Reporter | ||
Updated•8 years ago
|
Summary: Preload list error [IPv6 + Port 443 + ECDHE-RSA-AES256-GCM-SHA384 + secp521r1] only → HSTS Preload list problems [IPv6 + Port 443 + ECDHE-RSA-AES256-GCM-SHA384 + secp521r1] only
From what I can tell, the infrastructure the update script runs on can't connect to ipv6-only hosts. I'll move this to a more appropriate component, but my understanding is we basically can't fix this until ec2 instances support ipv6-only hosts.
Component: Security: PSM → General Automation
Product: Core → Release Engineering
QA Contact: catlee
Summary: HSTS Preload list problems [IPv6 + Port 443 + ECDHE-RSA-AES256-GCM-SHA384 + secp521r1] only → automated hsts update infrastructure can't connect to ipv6-only hosts
Comment 3•8 years ago
|
||
Yeah, right now none of our infra is ipv6 aware. We'd have to make use of some kind of ipv6 gateway.
Comment 4•8 years ago
|
||
EC2 now supports ipv6 in some regions:
https://aws.amazon.com/blogs/aws/new-ipv6-support-for-ec2-instances-in-virtual-private-clouds/
Reporter | ||
Comment 5•8 years ago
|
||
"Today I am happy to share the news that IPv6 support for EC2 instances in VPCs is now available in a total of fifteen regions, along with Application Load Balancer support for IPv6 in nine of those regions."
https://aws.amazon.com/de/blogs/aws/aws-ipv6-update-global-support-spanning-15-regions-multiple-aws-services/
Reporter | ||
Updated•7 years ago
|
Assignee | ||
Updated•7 years ago
|
Component: General Automation → General
Comment 6•2 years ago
|
||
I believe this is long fixed, and I see terrax.net in the preload list (https://searchfox.org/mozilla-central/source/security/manager/ssl/nsSTSPreloadList.inc) now.
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•