misconfigured redirections on https://lists.gnupg.org
Werner Koch
wk at gnupg.org
Tue Aug 11 10:22:34 CEST 2015
On Tue, 11 Aug 2015 06:07, dkg at fifthhorseman.net said:
> X should get redirected to Y, but instead it gets redirected to a
> service on a non-active port entirely:
>
> http://lists.gnupg.org:8002/pipermail/gnupg-devel/2015-August/
I know that is an annoying bug.
> This transitions from https to http, even, which means that the response
> could be forged by a network attacker, which would be strange (and in
> contradiction to the HSTS header provided).
Nope, port 8002 is only listening on localhost. We round pound as
frontend with two instaces of boa as backend (listening at
localhost:800n)
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list