Your connection is not private

by | Jul 1, 2017 | Persönliches | 0 comments

Why I do not trust free Wifi and always try to access my site prior to any valuable access from abroad.
This is what I got last time in a hotel in London from the Hilton group. They are using a SSL sniffing man in the middle attack on my https connection. Beware to use it! Luckily my certificate pinning did undermine their effort.

Your connection is not private

Your connection is not private

A bit more in detail: curl -Iv https://www.linuxpinguin.de
* Rebuilt URL to: https://www.linuxpinguin.de/
* Trying 5.1.87.101...
* TCP_NODELAY set
* Connected to www.linuxpinguin.de (5.1.87.101) port 443 (#0)
* SSL certificate problem: Invalid certificate chain
* Curl_http_done: called premature == 1
* Closing connection 0
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

curl -Ivk https://www.linuxpinguin.de
* Rebuilt URL to: https://www.linuxpinguin.de/
* Trying 5.1.87.101...
* TCP_NODELAY set
* Connected to www.linuxpinguin.de (5.1.87.101) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: login.globalsuite.net
* Server certificate: COMODO RSA Domain Validation Secure Server CA
* Server certificate: COMODO RSA Certification Authority
> HEAD / HTTP/1.1
> Host: www.linuxpinguin.de
> User-Agent: curl/7.51.0
> Accept: */*
>
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host www.linuxpinguin.de left intact
curl: (52) Empty reply from server

Submit a Comment

Your email address will not be published. Required fields are marked *

I accept that my given data and my IP address is sent to a server in the USA only for the purpose of spam prevention through the Akismet program.More information on Akismet and GDPR.

This site uses Akismet to reduce spam. Learn how your comment data is processed.