SSL certificate error connecting to some files.pythonhosted.org addresses #6959
Description
My Platform
Debian 11 with ipv4 and ipv6 network with no proxies
$ pip --version
pip 20.3.4 from /tmp/py/venv/lib/python3.9/site-packages/pip (python 3.9)
$ python --version
Python 3.9.2Fastly Debug
ewogICJnZW9pcCI6IHsKICAgICJjaSI6ICJoYW1tZXJzbWl0aCBhbmQgZnVsaGFtIiwKICAgICJzdCI6ICJITUYiLAogICAgImN0IjogInVuaXRlZCBraW5nZG9tIiwKICAgICJjbyI6ICJFVSIsCiAgICAiY19pcCI6ICIyMTIuMjIyLjUzLjE4NiIsCiAgICAiY19hc24iOiAiMzI1NyIsCiAgICAiY19hc25fbmFtZSI6ICJndHQgY29tbXVuaWNhdGlvbnMgaW5jLiIsCiAgICAicl9pcCI6ICIyMDguNjkuMzQuMTQwIiwKICAgICJyX2FzbiI6ICIzNjY5MiIsCiAgICAicl9hc25fbmFtZSI6ICJjaXNjbyBvcGVuZG5zIGxsYyIsCiAgICAicl9jaSI6ICJsb25kb24iLAogICAgInJfc3QiOiAiTE5EIiwKICAgICJyX2N0IjogInVuaXRlZCBraW5nZG9tIiwKICAgICJyX2NvIjogIkVVIgogIH0sCiAgInBvcExhdGVuY3kiOiB7CiAgICAiYW1zIjogMTQsCiAgICAiYnJ1IjogMTQsCiAgICAiY3BoIjogMjcsCiAgICAiZHViIjogMjYsCiAgICAiZWRkZiI6IDI5LAogICAgImVnbGMiOiA5LAogICAgImVnbGwiOiA1LAogICAgImVnbWwiOiA3LAogICAgImVocmQiOiAxNiwKICAgICJlc3NiIjogMzMsCiAgICAiZXRvdSI6IDIzLAogICAgImZjbyI6IDQ1LAogICAgImhlbCI6IDQxLAogICAgImxldG8iOiAyOCwKICAgICJsZnBiIjogMTMsCiAgICAibGZwZyI6IDIxLAogICAgImxpbiI6IDI5LAogICAgImxpcyI6IDU2LAogICAgImxvbiI6IDYsCiAgICAibWFkIjogMjksCiAgICAibWFuIjogMTEsCiAgICAibXJzIjogMjIsCiAgICAibXVjIjogMjQsCiAgICAibXhwIjogMjksCiAgICAib3NsIjogMzYsCiAgICAic29mIjogNDUsCiAgICAidmllIjogMzUsCiAgICAiYW55IjogNgogIH0sCiAgInBvcEFzc2lnbm1lbnRzIjogewogICAgImFjIjogImxociIsCiAgICAiYXMiOiAibGhyIgogIH0sCiAgInJlcXVlc3QiOiB7CiAgICAicmVzb2x2ZXJfaXAiOiAiMjA4LjY5LjM0LjEzOSIsCiAgICAicmVzb2x2ZXJfYXNfbmFtZSI6ICJDSVNDTy1VTUJSRUxMQSwgVVMiLAogICAgInJlc29sdmVyX2FzX251bWJlciI6ICIzNjY5MiIsCiAgICAicmVzb2x2ZXJfY291bnRyeV9jb2RlIjogIlVTIiwKICAgICJjbGllbnRfaXAiOiAiMjEyLjIyMi41My4xODYiLAogICAgImNsaWVudF9hc19uYW1lIjogIkdUVC1CQUNLQk9ORSBHVFQsIFVTIiwKICAgICJjbGllbnRfYXNfbnVtYmVyIjogIjMyNTciLAogICAgInRpbWUiOiAiMjAyNS0wNy0xNVQwOToyMjoxMS4wMDBaIiwKICAgICJob3N0IjogInd3dy5mYXN0bHktZGVidWcuY29tIiwKICAgICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC43IiwKICAgICJ1c2VyYWdlbnQiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwKICAgICJhY2NlcHRsYW5ndWFnZSI6ICJlbi1HQixlbi1VUztxPTAuOSxlbjtxPTAuOCIsCiAgICAiYWNjZXB0ZW5jb2RpbmciOiAiZ3ppcCIsCiAgICAiZmFzdGx5c2VydmVyaXAiOiAiMTUxLjEwMS4xOTIuNjQiLAogICAgInhmZiI6ICIyMTIuMjIyLjUzLjE4NiIsCiAgICAiZGF0YWNlbnRlciI6ICJMSFIiLAogICAgImJhbmR3aWR0aF9tYnBzIjogIjE5My4zOCIsCiAgICAiY3duZCI6IDM4NSwKICAgICJuZXh0aG9wIjogIjE3Mi4yOC4xODAuMSIsCiAgICAicnR0IjogNC45MjQsCiAgICAibWluX3J0dCI6IDQuMjIyLAogICAgImRlbHRhX3JldHJhbnMiOiAwLAogICAgInRvdGFsX3JldHJhbnMiOiAwCiAgfQp9
DNS Resolution
$ dig files.pythonhosted.org A
; <<>> DiG 9.16.50-Debian <<>> files.pythonhosted.org A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59371
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 3fa2dd4e881699700100000068761f426950d8a462320fda (good)
;; QUESTION SECTION:
;files.pythonhosted.org. IN A
;; ANSWER SECTION:
files.pythonhosted.org. 81137 IN CNAME dualstack.python.map.fastly.net.
dualstack.python.map.fastly.net. 16 IN A 167.82.52.223
;; Query time: 0 msec
;; SERVER: 172.30.1.1#53(172.30.1.1)
;; WHEN: Tue Jul 15 10:28:34 BST 2025
;; MSG SIZE rcvd: 140$ dig files.pythonhosted.org AAAA
; <<>> DiG 9.16.50-Debian <<>> files.pythonhosted.org AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39268
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c59b705a5b1b3e920100000068761f4e9027fd99a9b57b1d (good)
;; QUESTION SECTION:
;files.pythonhosted.org. IN AAAA
;; ANSWER SECTION:
files.pythonhosted.org. 81125 IN CNAME dualstack.python.map.fastly.net.
dualstack.python.map.fastly.net. 4 IN AAAA 2a04:4e42:d000::223
;; Query time: 0 msec
;; SERVER: 172.30.1.1#53(172.30.1.1)
;; WHEN: Tue Jul 15 10:28:46 BST 2025
;; MSG SIZE rcvd: 152Traceroutes / IPv4
$ traceroute files.pythonhosted.org
traceroute to files.pythonhosted.org (167.82.52.223), 30 hops max, 60 byte packets
1 cam-gw-1.brightsign (172.30.1.254) 0.749 ms 0.731 ms 0.719 ms
2 212.222.53.185 (212.222.53.185) 4.793 ms 4.778 ms 4.766 ms
3 ae0.cr12-lon8.ip4.gtt.net (141.136.111.162) 4.753 ms 4.742 ms 4.729 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *Traceroutes / IPv6 (If available)
$ traceroute6 files.pythonhosted.org
traceroute to files.pythonhosted.org (2a04:4e42:4000::223), 30 hops max, 80 byte packets
1 2001:668:10f:3905::1 (2001:668:10f:3905::1) 0.345 ms 0.326 ms 0.313 ms
2 2001:668:10f:3905:ae17:c8ff:fecc:ffcb (2001:668:10f:3905:ae17:c8ff:fecc:ffcb) 0.651 ms 0.640 ms 0.629 ms
3 2001:668:1f:fef8::1 (2001:668:1f:fef8::1) 4.671 ms 4.660 ms 4.649 ms
4 2001:668:0:2:ffff:0:d5c8:7122 (2001:668:0:2:ffff:0:d5c8:7122) 6.709 ms 6.698 ms 6.687 ms
5 lag-14.ear2.lon1.sp.lumen.tech (2001:1900:5:3::48d) 6.957 ms 6.931 ms 6.936 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *HTTPS Requests / IPv4
$ curl -vvv -I --ipv4 https://files.pythonhosted.org/packages/ae/e8/2340d46ecadb1692a1e455f13f75e596d4eab3d11a57446f08259dee8f02/pip-10.0.1.tar.gz
curl -vvv -I --ipv4 https://files.pythonhosted.org/packages/ae/e8/2340d46ecadb1692a1e455f13f75e596d4eab3d11a57446f08259dee8f02/pip-10.0.1.tar.gz
* Trying 167.82.52.223:443...
* Connected to files.pythonhosted.org (167.82.52.223) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.pythonhosted.org
* start date: Feb 4 21:00:11 2025 GMT
* expire date: Mar 8 21:00:10 2026 GMT
* subjectAltName: host "files.pythonhosted.org" matched cert's "*.pythonhosted.org"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x564869abf0c0)
> HEAD /packages/ae/e8/2340d46ecadb1692a1e455f13f75e596d4eab3d11a57446f08259dee8f02/pip-10.0.1.tar.gz HTTP/2
> Host: files.pythonhosted.org
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
HTTP/2 200
< server: nginx
server: nginx
< content-type: binary/octet-stream
content-type: binary/octet-stream
< last-modified: Tue, 11 Apr 2023 02:19:03 GMT
last-modified: Tue, 11 Apr 2023 02:19:03 GMT
< etag: "83a177756e2c801d0b3a6f7b0d4f3f7e"
etag: "83a177756e2c801d0b3a6f7b0d4f3f7e"
< x-amz-meta-btime: 2020-02-26T17:47:37.438Z
x-amz-meta-btime: 2020-02-26T17:47:37.438Z
< x-amz-meta-mtime: 1582739257.438
x-amz-meta-mtime: 1582739257.438
< x-amz-request-id: 2f8f3818924c399f
x-amz-request-id: 2f8f3818924c399f
< x-amz-id-2: aNydjKDHsNnVm6zEeMHxkbGYeYxww4DhW
x-amz-id-2: aNydjKDHsNnVm6zEeMHxkbGYeYxww4DhW
< x-amz-version-id: 4_z179c51e67f11a0ad8f6c0018_f1191cd4ff993bd3d_d20230411_m021903_c005_v0501003_t0041_u01681179543316
x-amz-version-id: 4_z179c51e67f11a0ad8f6c0018_f1191cd4ff993bd3d_d20230411_m021903_c005_v0501003_t0041_u01681179543316
< cache-control: max-age=365000000, immutable, public
cache-control: max-age=365000000, immutable, public
< accept-ranges: bytes
accept-ranges: bytes
< age: 86442
age: 86442
< date: Tue, 15 Jul 2025 09:30:10 GMT
date: Tue, 15 Jul 2025 09:30:10 GMT
< x-served-by: cache-iad-kcgs7200149-IAD, cache-lhr-egll1980033-LHR
x-served-by: cache-iad-kcgs7200149-IAD, cache-lhr-egll1980033-LHR
< x-cache: HIT, HIT
x-cache: HIT, HIT
< x-cache-hits: 4, 0
x-cache-hits: 4, 0
< x-timer: S1752571811.762883,VS0,VE1
x-timer: S1752571811.762883,VS0,VE1
< strict-transport-security: max-age=31536000; includeSubDomains; preload
strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-frame-options: deny
x-frame-options: deny
< x-xss-protection: 1; mode=block
x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
x-content-type-options: nosniff
< x-permitted-cross-domain-policies: none
x-permitted-cross-domain-policies: none
< x-robots-header: noindex
x-robots-header: noindex
< x-pypi-file-python-version: source
x-pypi-file-python-version: source
< x-pypi-file-version: 10.0.1
x-pypi-file-version: 10.0.1
< x-pypi-file-package-type: sdist
x-pypi-file-package-type: sdist
< x-pypi-file-project: pip
x-pypi-file-project: pip
< content-length: 1246072
content-length: 1246072
<
* Connection #0 to host files.pythonhosted.org left intactHTTPS Requests / IPv6 (If available)
$ curl -vvv -I --ipv6 https://pypi.org/pypi/pip/json
$ curl -vvv -I --ipv6 https://files.pythonhosted.org/packages/ae/e8/2340d46ecadb1692a1e455f13f75e596d4eab3d11a57446f08259dee8f02/pip-10.0.1.tar.gz
* Trying 2a04:4e42:d000::223:443...
* Connected to files.pythonhosted.org (2a04:4e42:d000::223) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Fastly, Inc.; CN=default.ssl.fastly.net
* start date: May 1 16:26:08 2025 GMT
* expire date: Jun 2 16:26:07 2026 GMT
* subjectAltName does not match files.pythonhosted.org
* SSL: no alternative certificate subject name matches target host name 'files.pythonhosted.org'
* Closing connection 0
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'files.pythonhosted.org'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.TLS Debug / IPv4
$ echo -n | openssl s_client -4 -connect files.pythonhosted.org:443
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2025 Q1
verify return:1
depth=0 CN = *.pythonhosted.org
verify return:1
---
Certificate chain
0 s:CN = *.pythonhosted.org
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2025 Q1
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2025 Q1
i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGZTCCBU2gAwIBAgIQAZWmoYELhLCwam79gGhrAjANBgkqhkiG9w0BAQsFADBY
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEuMCwGA1UE
AxMlR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyNSBRMTAeFw0yNTAy
MDQyMTAwMTFaFw0yNjAzMDgyMTAwMTBaMB0xGzAZBgNVBAMMEioucHl0aG9uaG9z
dGVkLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALh8O1cEJR4y
hBt3aYpn5Rl3pY2BZi8QFySZoVMs5/5GxGQo1FqG/zdGR3v96h10lT9JKZgfn8sJ
9qOeRRHU9Gcu84Ux0oHeP2yKjTCN27e3WdDRdvrFyy2JOAYS62q4wp0VKpUriENt
8PstZZkZVWWr4RtZ8VJ//JJQtlRpXTpTE0qfjfD2EW3tFOpMEFlom3ZpPtTFgJke
kUfhMQ+C23U09gsMILx8DCivveESiBgT0xEYIt2pQt86D9wFW+5fME+PV2Ya4mdO
8kOEHWM3n1BMbP+RX65c+TB9cobfeTwWKdpknJaAs4LoON8MAyDdGiwZ8QeL8PZM
WSglN9Tl03UCAwEAAaOCA2QwggNgMB0GA1UdEQQWMBSCEioucHl0aG9uaG9zdGVk
Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMB0GA1UdDgQWBBR0Q+gR3+KHZwrsAUrfjBFEMmnTzzBXBgNVHSAEUDBOMAgG
BmeBDAECATBCBgorBgEEAaAyCgEDMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3
Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAwGA1UdEwEB/wQCMAAwgZ4GCCsG
AQUFBwEBBIGRMIGOMEAGCCsGAQUFBzABhjRodHRwOi8vb2NzcC5nbG9iYWxzaWdu
LmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAyNXExMEoGCCsGAQUFBzAChj5odHRw
Oi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2Nh
MjAyNXExLmNydDAfBgNVHSMEGDAWgBQlxCgR4n2eMrEhT/t9/+g4UvGS6DBIBgNV
HR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRs
YXNyM2R2dGxzY2EyMDI1cTEuY3JsMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYA
dQAOV5S8866pPjMbLJkHs/eQ35vCPXEyJd0hqSWsYcVOIQAAAZTSw3IWAAAEAwBG
MEQCIE5gv4a6DYAFa3iwhDkKdbYr5XbWBBPHeu51Fq+VuS4ZAiAO3GGnURwAx5rb
Zkb7dDZDoO5pli0+QS+771bXZYe6YAB2AGQRxGykEuyniRyiAi4AvKtPKAfUHjUn
q+r+1QPJfc3wAAABlNLDcvgAAAQDAEcwRQIhAI+XosHnsYQvgrrr5gAb82vuJYVs
mbYPrSgacsxZFDwjAiBQcZxWclAeGtJ/quYFzYs9oR9rdcR+yAH8f5+kCeOGhgB1
AJaXZL9VWJet90OHaDcIQnfp8DrV9qTzNm5GpD8PyqnGAAABlNLDdXYAAAQDAEYw
RAIgZYONM/wTZb19aHfjtdl7hC2N2pBBY1arpv19y1yXwcQCIHugL7/z4EniWP70
BdyhJ0LKQajpDDQKDwo/RYU3UsbsMA0GCSqGSIb3DQEBCwUAA4IBAQCQ5FKyUIH5
r8O3xfFAYV4auKCrLdnZYV4s4oWgRsDku3jBpvBVoyNXomjnNQQuZACrZTU1Ax1c
pHiVRDO9WZRxJ03ZRVsL0GG/7b6c7ae7n//G32RKkh6k/fcLgaI4uDnBWCewRnTA
AqZUvxvVpM8vPHqYhItiRh6RUDNY72nyQsGoguHSAX3SxgCMj2JcXROjWJVZ2NNu
azkFf7pH19FghK452zbsJ3OCozj44SyvAFYvNtB9oOZMOGnCvvIj9rZKVFWjRhRf
3p9PtUZtbQ372Pn0ZSg5x09df2AjlgysH1JtoZsVMipX35izgXphraOCRwc4ilit
AF/eNo+Tt3yt
-----END CERTIFICATE-----
subject=CN = *.pythonhosted.org
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2025 Q1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3362 bytes and written 378 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 9ADA05CF499265E94483FC0E71967FD29DA9F41D88D3E99C204D816236149174
Session-ID-ctx:
Resumption PSK: 48AC9ADE9941C1E3D6E07078A16273BEF295D88776666501A472A3AE1822AE39
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 96 bc 90 21 11 ee fe 22-c5 c1 2e 3e e8 29 73 a2 ...!..."...>.)s.
0010 - f9 b8 59 8d 25 26 b8 b5-68 2d 29 62 24 db e5 3c ..Y.%&..h-)b$..<
0020 - c9 e7 45 66 b8 82 77 80-4d b1 e8 0e 0a e7 02 de ..Ef..w.M.......
0030 - 74 1f ea 2f fc 23 5c f1-74 35 86 39 1c c0 06 2c t../.#\.t5.9...,
0040 - 60 5d 85 f0 4d ca fc 3a-46 77 3d fa 7d 03 53 11 `]..M..:Fw=.}.S.
0050 - a0 af 87 08 1d 60 91 6a-bf eb 7c 97 09 d5 ea 1a .....`.j..|.....
0060 - 1c 01 2b 4c 8b f4 7c af-42 a1 2f 33 6f 3e 94 72 ..+L..|.B./3o>.r
0070 - 48 f4 37 db ef de bc 11-73 15 c5 70 eb 98 13 73 H.7.....s..p...s
0080 - 38 70 a9 06 06 51 fe af-ce 80 73 8d 5a 93 2b 37 8p...Q....s.Z.+7
0090 - 99 1c 1a 22 9f 9b 0b 9f-47 b4 4a 64 a5 6a d8 26 ..."....G.Jd.j.&
Start Time: 1752571884
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
DONETLS Debug / IPv6 (If available)
$ echo -n | openssl s_client -6 -connect files.pythonhosted.org:443
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Fastly, Inc.", CN = default.ssl.fastly.net
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = San Francisco, O = "Fastly, Inc.", CN = default.ssl.fastly.net
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGvTCCBaWgAwIBAgIMd09EvXDMOQx/ji/kMA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yNTA1MDExNjI2MDhaFw0y
NjA2MDIxNjI2MDdaMHIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxGYXN0bHksIEluYy4x
HzAdBgNVBAMTFmRlZmF1bHQuc3NsLmZhc3RseS5uZXQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDH8Jwi3G6LDp5A27g9xWWXIvWCFOMN8Fk7gIgn9YeQ
S/MXUy9dsL3RyrvG25loyxgumAX2+u7uqSGqfc2MnsOelLEPyyrjin6+cPn7EjL9
lKhMmPQeD5N47WA8RBVW6yN3g2dHYkK/ahEKjKVe4/slhSR/uvhyCkShLV+vM6FQ
xQbdu8YnDTX/wxWA2kv5o/yNBeb5WQQLXUF1hhuXJZXI7pd2cX+i57YETWis8pas
edoYk8sryTt2lLcdtFfsbL7k5EqKrM5cTdvp/LPXUTc8Et7dxcFFGr6JyP6lqU+T
Tg50InwD91nFwdS2zIK3XLnYRSE211BpwwSXVjpjapB1AgMBAAGjggNzMIIDbzAO
BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADCBjgYIKwYBBQUHAQEEgYEwfzBE
BggrBgEFBQcwAoY4aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQv
Z3Nyc2FvdnNzbGNhMjAxOC5jcnQwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmds
b2JhbHNpZ24uY29tL2dzcnNhb3Zzc2xjYTIwMTgwVgYDVR0gBE8wTTBBBgkrBgEE
AaAyARQwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20v
cmVwb3NpdG9yeS8wCAYGZ4EMAQICMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9j
cmwuZ2xvYmFsc2lnbi5jb20vZ3Nyc2FvdnNzbGNhMjAxOC5jcmwwQwYDVR0RBDww
OoIWZGVmYXVsdC5zc2wuZmFzdGx5Lm5ldIISKi5ob3N0cy5mYXN0bHkubmV0ggwq
LmZhc3RseS5jb20wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1Ud
IwQYMBaAFPjvf/LNeGeo3m+PJI2I8YcDArPrMB0GA1UdDgQWBBTsZ+yYN4exZu4+
6s+MfSQ1eBsaSTCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYAZBHEbKQS7KeJ
HKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGWjKt/4QAABAMARzBFAiBJF5CYHzDy
wv8fy159pL0GjGOtMUCQQBL8/Q7WpS951QIhAKXTYH2XztRq7njg5Iw5US4Q/cR8
r9g99fGMrTMd0X/lAHYAyzj3FYl8hKFEX1vB3fvJbvKaWc1HCmkFhbDLFMMUWOcA
AAGWjKt/MAAABAMARzBFAiEA7GuZbLGpvtthN+KwFJasc8iWvpwh7bXtWHADUY6X
7DkCIB3O7uoUb9wbh4ygr+ArTZMIwin5QL75qGAfbesTvgNNAHcASZybad4dfOz8
Nt7Nh2SmuFuvCoeAGdFVUvvp6ynd+MMAAAGWjKuACQAABAMASDBGAiEAjfjRmRNZ
V6jI0og4xNuB0njwoyP6jwAblATK1CK0IfUCIQCK4zOtn9U74Z9zaS7se6DJqhEo
xG2oF72axCZRZ3w3EjANBgkqhkiG9w0BAQsFAAOCAQEABrhZzyORjly0OcaxIQqG
FFL1Ftg361cEoe6zIcUVbS1wSdk6MfZBQ8Hp230Qt9BybjKyC0PJ32z7XOR6ej1k
w41DKd2tjKc3SERaiIJZudY7rUOolayH4+k0uoeINv6e9deLxhTYVjqf+/ob7c9h
JYUG3ZWe5RXki95CS+bwKk80RIUaqnTRn78X1M5s71Xe10HPf1XJFfvBMXiSowdt
9/klL8ZdW0ygbTE68m3evgeliu67UH2fWzfOh2jJV7LGNPRofXZCK4ZSftBA3qe9
1/EbihcIQX6wZaCBcsK9NlpoMMKpYVrbYuNkkJKQj8DwooefUYcrOW5Q7v7SprqQ
rg==
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = "Fastly, Inc.", CN = default.ssl.fastly.net
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3384 bytes and written 378 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: B988C9242073576DBAAB3DB8308DDAEE70665B1021E701A021EFB33E00B9B8F8
Session-ID-ctx:
Resumption PSK: E33F44856FCFFF04E80C86C86735470B48B1B1266CFD8F3EF925D2FFEBFD341F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 96 bc 90 21 11 ee fe 22-c5 c1 2e 3e e8 29 73 a2 ...!..."...>.)s.
0010 - bf da ae 25 d3 ce 44 b7-5f 2d 48 44 79 1f c5 cb ...%..D._-HDy...
0020 - b4 0f 5c fa 5a fc 32 37-fc 3f 19 80 a5 dd 3a dd ..\.Z.27.?....:.
0030 - 81 14 56 9b 6a 5b d6 b3-5c 8b ee 1d 0b d2 fa 77 ..V.j[..\......w
0040 - 20 b5 ba e4 3e d8 33 f4-f9 91 f5 10 c5 61 b3 1c ...>.3......a..
0050 - 3d 31 36 46 4e d7 e8 bb-cb 09 0e 02 12 be 16 3a =16FN..........:
0060 - 1f 6c a6 68 70 05 85 a6-53 44 3f ec 7d ef 89 e6 .l.hp...SD?.}...
0070 - 23 19 1f 9f 26 7c 2c 27-41 99 84 4c f2 95 cc 86 #...&|,'A..L....
0080 - e5 56 1e 70 ec 78 60 32-f7 be f3 b3 55 b3 d3 67 .V.p.x`2....U..g
0090 - 5d 2d 74 f8 b9 d4 fc 51-bf 90 4e 0c 53 82 1e 31 ]-t....Q..N.S..1
Start Time: 1752571914
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
DONECode of Conduct
- I agree to follow the PSF Code of Conduct