Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1r64yH-00H3Vc-C9
	for pgsql-bugs@arkaria.postgresql.org; Thu, 23 Nov 2023 08:22:02 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1r64yF-00GBSe-QE
	for pgsql-bugs@arkaria.postgresql.org; Thu, 23 Nov 2023 08:21:59 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <Frank.Buettner@mdc-berlin.de>)
	id 1r64yF-00GBSW-F3
	for pgsql-bugs@lists.postgresql.org; Thu, 23 Nov 2023 08:21:59 +0000
Received: from a2062.mx.srv.dfn.de ([194.95.232.172])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <Frank.Buettner@mdc-berlin.de>)
	id 1r64yB-007zTH-IX
	for pgsql-bugs@lists.postgresql.org; Thu, 23 Nov 2023 08:21:57 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mdc-berlin.de; h=
	content-type:content-type:subject:subject:from:from
	:content-language:user-agent:mime-version:date:date:message-id
	:received; s=mdc; t=1700727712; x=1702542113; bh=l0S6zn3GU5aEoLt
	4UuLpmYkzKjv1nVgGY4n9SfZjlaA=; b=oXK0Gou4HjC0N8jo29Mk1LBC/mDQ9dG
	FOcVtHrurZIH2Qf9Zxm6RM1K5oP+gwijj+Q3gd7SsiABphHMWyYMik5ql7Qs2gBU
	03ZAMojBJ/4+2aMhkEWURJWva2vVDPPXP1C8I5UFHvVhGTr0g+e/FmvuBliu/0e0
	fmWRVHzReX54=
Received: from SW-IT-P-EX2.mdc-berlin.net (mgw2.mdc-berlin.de [141.80.113.60])
	by a2062.mx.srv.dfn.de (Postfix) with ESMTPS id CE4BDA0150
	for <pgsql-bugs@lists.postgresql.org>; Thu, 23 Nov 2023 09:21:52 +0100 (CET)
Received: from [141.80.121.45] (141.80.121.45) by SW-IT-P-EX2.mdc-berlin.net
 (141.80.113.60) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 23 Nov
 2023 09:21:51 +0100
Message-ID: <618816f6-d07a-4d1b-88ad-ef2113e463af@mdc-berlin.de>
Date: Thu, 23 Nov 2023 09:21:50 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: <pgsql-bugs@lists.postgresql.org>
Content-Language: en-GB
From: =?UTF-8?Q?Frank_B=C3=BCttner?= <frank.buettner@mdc-berlin.de>
Subject: Misconfiguration on SSL for download.postgresql.org ?
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
	micalg=sha-512; boundary="------------ms040300090003070701010707"
X-Originating-IP: [141.80.121.45]
X-ClientProxiedBy: SW-IT-P-EX6.mdc-berlin.net (141.80.113.56) To
 SW-IT-P-EX2.mdc-berlin.net (141.80.113.60)
X-TM-AS-Product-Ver: SMEX-14.0.0.3092-9.0.1002-28014.006
X-TM-AS-Result: No-10--15.693100-5.000000
X-TMASE-MatchedRID: Ab9JWCwdZ7lT/MYFQKXjdxqkhv3OdF4DDqaUR6lw5a96YW2UQ6Wj8rpG
	0lipR3CebA5feVU8NEZMbLGhZsjSyYLHB2Z9/x+ptT4jIeGRd/WagpdUd+Iwz+YE5Cc3MYYj3Zc
	PAM8yrZtZcqf1E6XsDJAynXT9BMhx4acyaNVQ+eNV8scx1YOQqB7Xjr6Qk+LoyzeZ0EF2JhKL2s
	CeHVx5vZeScp9y6ULto4PLBrV7QHiH1wJGpnBZuY7DToOcGk3mHGiexp5wY6YyeoDz+6rLeYkMu
	DBv/UrZnCGS1WQEGtBq7MdGEHoMY6GojiMqgRvCwrbXMGDYqV8CpgETeT0ynA==
X-TM-AS-User-Approved-Sender: Yes
X-TM-AS-User-Blocked-Sender: No
X-TMASE-Result: 10--15.693100-5.000000
X-TMASE-Version: SMEX-14.0.0.3092-9.0.1002-28014.006
X-TM-SNTS-SMTP: 
	C439B63D658121F19A0BF28FDAF27240F05FD7792D504AAECB23BC156C0A91A62000:F
List-Id: <pgsql-bugs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-bugs@lists.postgresql.org>
List-Owner: <mailto:pgsql-bugs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-bugs>
Archived-At: 
 <https://www.postgresql.org/message-id/618816f6-d07a-4d1b-88ad-ef2113e463af%40mdc-berlin.de>
Precedence: bulk

--------------ms040300090003070701010707
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Hi at all,
since some day's all our servers can't download updates for the RPM 
packages of PostgreSQL.

Error:
Errors during downloading metadata for repository 'pgdg-common':
   - Curl error (35): SSL connect error for 
https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-9-x86_64/repodata/repomd.xml 
[error:0A000410:SSL routines::sslv3 alert handshake failure]
Fehler: Failed to download metadata for repo 'pgdg-common': Cannot 
download repomd.xml: Cannot download repodata/repomd.xml: All mirrors 
were tried

After checking the site via nmap:
nmap -p 443 download.postgresql.org  --script ssl-enum-ciphers
|   TLSv1.3:
|     ciphers:
|       TLS_AKE_WITH_AES_256_GCM_SHA384 (secp384r1) - A
|       TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (secp384r1) - A
|       TLS_AKE_WITH_AES_128_GCM_SHA256 (secp384r1) - A


I found the problem, the "x25519" ciphers are missing.
|   TLSv1.3:
|     ciphers:
|       TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|       TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A


Which are need on systems where the NIST curves are blocked for security 
reasons.


So please re enable the x25519 curve.

Thanks

-- 
*Frank Büttner*
IT

MDC Berlin-Buch
Max-Delbrück-Centrum für Molekulare Medizin in der Helmholtz-Gemeinschaft
Robert-Rössle-Straße 10
13125 Berlin

☎ +49 30 9406 2038
℻ +49 30 9406 2599
✉ frank.buettner@mdc-berlin.de

--------------ms040300090003070701010707
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: Kryptografische S/MIME-Signatur

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC
Dk0wggbmMIIEzqADAgECAhAxAnDUNb6bJJr4VtDh4oVJMA0GCSqGSIb3DQEBDAUAMIGIMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkx
HjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0yMDAyMTgwMDAwMDBaFw0zMzA1MDEyMzU5
NTlaMEYxCzAJBgNVBAYTAk5MMRkwFwYDVQQKExBHRUFOVCBWZXJlbmlnaW5nMRwwGgYDVQQD
ExNHRUFOVCBQZXJzb25hbCBDQSA0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
s0riIl4nW+kEWxQENTIgFK600jFAxs1QwB6hRMqvnkphfy2Q3mKbM2otpELKlgE8/3AQPYBo
7p7yeORuPMnAuA+oMGRb2wbeSaLcZbpwXgfCvnKxmq97/kQkOFX706F9O7/h0yehHhDjUdyM
yT0zMs4AMBDRrAFn/b2vR3j0BSYgoQs16oSqadM3p+d0vvH/YrRMtOhkvGpLuzL8m+LTAQWv
QJ92NwCyKiHspoP4mLPJvVpEpDMnpDbRUQdftSpZzVKTNORvPrGPRLnJ0EEVCHR82LL6oz91
5WkrgeCY9ImuulBn4uVsd9ZpubCgM/EXvVBlViKqusChSsZEn7juIsGIiDyaIhhLsd3amm8B
S3bgK6AxdSMROND6hiHT182Lmf8C+gRHxQG9McvG35uUvRu8v7bPZiJRaT7ZC2f50P4lTlnb
LvWpXv5yv7hheO8bMXltiyLweLB+VNvg+GnfL6TW3Aq1yF1yrZAZzR4MbpjTWdEdSLKvz8+0
wCwscQ81nbDOwDt9vyZ+0eJXbRkWZiqScnwAg5/B1NUD4TrYlrI4n6zFp2pyYUOiuzP+as/A
Znz63GvjFK69WODR2W/TK4D7VikEMhg18vhuRf4hxnWZOy0vhfDR/g3aJbdsGac+diahjEwz
yB+UKJOCyzvecG8bZ/u/U8PsEMZg07iIPi8CAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5
v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRpAKHHIVj44MUbILAK3adRvxPZ5DAOBgNV
HQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
KwYBBQUHAwQwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2Vj
dGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRq
MGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FB
ZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTAN
BgkqhkiG9w0BAQwFAAOCAgEACgVOew2PHxM5AP1v7GLGw+3tF6rjAcx43D9Hl110Q+BABABg
lkrPkES/VyMZsfuds8fcDGvGE3o5UfjSno4sij0xdKut8zMazv8/4VMKPCA3EUS0tDUoL01u
gDdqwlyXuYizeXyH2ICAQfXMtS+raz7mf741CZvO50OxMUMxqljeRfVPDJQJNHOYi2pxuxgj
KDYx4hdZ9G2o+oLlHhu5+anMDkE8g0tffjRKn8I1D1BmrDdWR/IdbBOj6870abYvqys1qYlP
otv5N5dm+XxQ8vlrvY7+kfQaAYeO3rP1DM8BGdpEqyFVa+I0rpJPhaZkeWW7cImDQFerHW9b
KzBrCC815a3WrEhNpxh72ZJZNs1HYJ+29NTB6uu4NJjaMxpk+g2puNSm4b9uVjBbPO9V6sFS
G+IBqE9ckX/1XjzJtY8Grqoo4SiRb6zcHhp3mxj3oqWi8SKNohAOKnUc7RIP6ss1hqIFyv0x
XZor4N9tnzD0Fo0JDIURjDPEgo5WTdti/MdGTmKFQNqxyZuT9uSI2Xvhz8p+4pCYkiZqpahZ
lHqMFxdw9XRZQgrP+cgtOkWEaiNkRBbvtvLdp7MCL2OsQhQEdEbUvDM9slzZXdI7NjJokVBq
3O4pls3VD2z3L/bHVBe0rBERjyM2C/HSIh84rfmAqBgklzIOqXhd+4RzadUwggdfMIIFR6AD
AgECAhBn9oSAKG28dAI6xziFuihSMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNVBAYTAk5MMRkw
FwYDVQQKExBHRUFOVCBWZXJlbmlnaW5nMRwwGgYDVQQDExNHRUFOVCBQZXJzb25hbCBDQSA0
MB4XDTIzMTAwNjAwMDAwMFoXDTI1MTAwNTIzNTk1OVowgdIxCzAJBgNVBAYTAkRFMQ8wDQYD
VQQIEwZCZXJsaW4xNjA0BgNVBAoMLU1heC1EZWxicsO8Y2stQ2VudHJ1bSBmw7xyIE1vbGVr
dWxhcmUgTWVkaXppbjERMA8GA1UEYRMIR09WREUrQkUxKzApBgkqhkiG9w0BCQEWHEZyYW5r
LkJ1ZXR0bmVyQG1kYy1iZXJsaW4uZGUxETAPBgNVBAQMCELDvHR0bmVyMQ4wDAYDVQQqEwVG
cmFuazEXMBUGA1UEAwwORnJhbmsgQsO8dHRuZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDOHMd5049wPrZM/eRHs8mvDr1Yhrt3xBNSxUvh1uYwEnlLKJJBcQPENpqEY2GI
s08yZ01gJeudFncIQh6m4mc0DV6N3UT7bSdkkeR2r6ok0Y0T3hm/fP40gPxRdbgKhFAozw+p
UZTzEXpl3EJomLRYjuaaR5ibdEqGJ5pRy4cC96yWhBvU6o9v/Zv+MFc2eSrhdrCu6U41JgFy
rr8jwWrczDyTCfiOIjcznvItvmxl8tvtfvefuh9mSKaajwFw3KYI+mgC9+gqTyaDJBoPok1b
JW3vCuoCR3LduPxtc2uR+pvj+EfvwocqiQ2i/K7R/p34708FvKcGocvv0dBaR3PuvSGyfvI+
wGBmiIwaSekPq91qaCzMFETaj4BQJgz/GxiP8uzBEHFo7kJRWc+Rlk/LldyajW/TxEzIMj0P
Cq1sATKP2rT6QBVkkTIbKhaab7Axmu2oyHWCSL0I/iHto5r1vM8OnHAvq8MgXxCwauRezWLV
T5DFOD5c1p87bq1pwoCWmtesW+cKAOS6aBvUHCEXhZfiGb9+FPMGTin4ggQKl8b7Q6dOl7PP
09fewDU8XsW5c9wsPWluzzjoq3CjoD4iIUrPWZYP+uuhe3+5Op3psRbFvaFiNOcTfep+HKbm
ySpnFcJa3LV3yhymaNdGoHr4ws1G8WpLmtrD6Gm5YQ2JuwIDAQABo4IBujCCAbYwHwYDVR0j
BBgwFoAUaQChxyFY+ODFGyCwCt2nUb8T2eQwHQYDVR0OBBYEFBW3RmGTEI2zh1UCb1bQ7Y4/
KzCmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwME
BggrBgEFBQcDAjBQBgNVHSAESTBHMDoGDCsGAQQBsjEBAgEKBDAqMCgGCCsGAQUFBwIBFhxo
dHRwczovL3NlY3RpZ28uY29tL1NNSU1FQ1BTMAkGB2eBDAEFAwIwQgYDVR0fBDswOTA3oDWg
M4YxaHR0cDovL0dFQU5ULmNybC5zZWN0aWdvLmNvbS9HRUFOVFBlcnNvbmFsQ0E0LmNybDB4
BggrBgEFBQcBAQRsMGowPQYIKwYBBQUHMAKGMWh0dHA6Ly9HRUFOVC5jcnQuc2VjdGlnby5j
b20vR0VBTlRQZXJzb25hbENBNC5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9HRUFOVC5vY3Nw
LnNlY3RpZ28uY29tMCcGA1UdEQQgMB6BHEZyYW5rLkJ1ZXR0bmVyQG1kYy1iZXJsaW4uZGUw
DQYJKoZIhvcNAQEMBQADggIBAIu3GijbDMfugPbRhRQSUcDUH0d3r1ey6VLThGMRrnSLffw2
2oKbeswk90NHZ8cNOF7F6NG/t98kf+H5mHLpQdC79v707fIMDjcJ0lVYHIHn6H9A3gWSSdmF
uc7I8MOYc4SKDkU/5OlHZVkH12MNxztH4/cKFn27ly7hxegL50VcOryafNsRmEbIBeyQhSKw
FstRrzZEqSA5IfA4lpjlCQZ5VQSZ3jfQ37qBcdLZigOKPY+2gAxOPoQmnwU97bnqr7OEh3Is
AmCE/U31N1UcrLQpDlw1pZJsMuYk15le9HdjB0DvcotLj8TbIbQIRi2xwaGowLUQggRZYB69
SYdUA8+lsNUuUJgPt4QKus5G//DrqUw3soWK29vyC5/gR2bRgF27cUe+7eq8eKcIrDrOS9pY
eBkX7Ws8mZOXXYe0NYXTZtKmbY9LdW5iWScDDLSA2Z1AcXFQla3r2AVpaLSdT5vPJCf0MCpA
1n4+z+kfuvpS7Hf//h8uNRGvKX2tsSWXu2XknqXbIOupfZ6Vnn3U+SHgdrjLFmPRR8soCXwQ
WfZUeYePiVLI4CHtl+ipTxCEAmaeXzMtgp9T6kJmBGytFAzA4qtX2i86/0p7hpvcxEf476yw
nuI5Yxr9qX96f7tb166mkbMTkaD7petcLIKuwZBA+cE90GsaaqLBAnY0qAsuMYIEWDCCBFQC
AQEwWjBGMQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEcMBoGA1UE
AxMTR0VBTlQgUGVyc29uYWwgQ0EgNAIQZ/aEgChtvHQCOsc4hbooUjANBglghkgBZQMEAgMF
AKCCAc8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjMxMTIz
MDgyMTUxWjBPBgkqhkiG9w0BCQQxQgRADMso8bPa40BOvLYce5VRaXmg4a6T5DLoIFSoeiuw
XhMSpFZetYo1Zab7vJf37eH9qWyGCWXWHP48vqBR+V0J8DBpBgkrBgEEAYI3EAQxXDBaMEYx
CzAJBgNVBAYTAk5MMRkwFwYDVQQKExBHRUFOVCBWZXJlbmlnaW5nMRwwGgYDVQQDExNHRUFO
VCBQZXJzb25hbCBDQSA0AhBn9oSAKG28dAI6xziFuihSMGsGCyqGSIb3DQEJEAILMVygWjBG
MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEcMBoGA1UEAxMTR0VB
TlQgUGVyc29uYWwgQ0EgNAIQZ/aEgChtvHQCOsc4hbooUjBsBgkqhkiG9w0BCQ8xXzBdMAsG
CWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0G
CCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIC
ABde8eViCcsZZqAfohGxdtEvjy49RLYP1JsF5Q61SDhqAdxiCajOaRitPRnQg3m/y/m3+HhG
wfkGJh4dLHsg4T6KybHCFFscvAGxxDoCn1YbAwSJElJy+PtlcgjGrls0kJi0F5JN6vapJPDb
AVFNpXPAZ/THyaQ35/nYzqdePiIHx9+wqHXONpqPxLtTchurRx3PHwTZlq9abUzC9EjR7sjk
9CJjDvMn2Go/mLTXIHvzo7mPJFCVXKJlMwgtC6u92xyG20ZQ07dVAz+YpvLgfRmm56i48k9K
PDJa7qAsBd6hl5T1sXm3ujdk89QMqcubzURf9NFoi3e1YlYkqtik2Nltm9wIbMx4fTgLLq1l
u63fh9yfg+dsCAWIP7tQSbLY9wQxJNTzLcWgMAzsb8iH7eSsQHwQWzHor6xurBWSvr2jK1nN
zCBDzYpdzP6J4j/JB6T+fhx/at8QD6Jax6/QdI0JR/tWAdEkOk3saI/HFIJJapgJZamFN6r7
M+WkATukB/+Roi3R6LpkSXafxvorjTr0iUvMcyuoz7f5p4++BPBAuFgbkCxoZITIQbuoCBFJ
dKTVg5QWhGLkztO0J/QITK7xUU6Z6GuO0p8xQplxqd/aVpvgSOmjE3p9c9NjFSSZAnbaU6Sl
yFf6+ybAU1iUfu7f5PiiKVfsabskfNVE2KcwAAAAAAAA
--------------ms040300090003070701010707--