On 23 Mar 2026, at 10:57, Lukas Tribus lukas@ltri.eu wrote:
On Mon, 23 Mar 2026 at 10:44, Jeroen Massar via swinog swinog@lists.swinog.ch wrote:
IPv4/SBB is responding, but not doing SSL on 443:
% openssl s_client --connect 194.150.245.142:443 Connecting to 194.150.245.142 CONNECTED(00000003) 0031130402000000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:918:SSL alert number 40
No, it just requires SNI, which you did not provide.
Good catch. I'll be getting another coffee [at least the sun is out to enjoy that with]
Indeed the redirect on IPv4/SBB + the SSL are fine.
And IPv6/SBB is just completely b0rked. Happened years ago also.
Fortunately due to happy eyeballs most of the time users will not notice as IPv4 will be tried and the IPv6 address marked as broken... and then the 301 remembered and thus not retried quickly.
Regards, Jeroen