Open Bug 1309201 Opened 5 years ago Updated 3 years ago

automated hsts update infrastructure can't connect to ipv6-only hosts

Categories

(Release Engineering :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: jan, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20161010030204

Steps to reproduce:

Found terrax.net on https://dxr.mozilla.org/comm-central/source/mozilla/security/manager/ssl/nsSTSPreloadList.errors

https://dev.ssllabs.com/ssltest/analyze.html?d=terrax.net&hideResults=on


Actual results:

It is not preloaded in Firefox, but in Chrome.


Expected results:

Domain should have been preloaded.
terrax.net is "IPv6 + Port 443 + ECDHE-RSA-AES256-GCM-SHA384 + secp521r1" only. (Yes, Port 80/HTTP is closed. That's what we all want with preloading.)
OS: Unspecified → All
Hardware: Unspecified → All
Summary: Preload list error [IPv6 + Port 443 + ECDHE-RSA-AES256-GCM-SHA384 + secp521r1] only → HSTS Preload list problems [IPv6 + Port 443 + ECDHE-RSA-AES256-GCM-SHA384 + secp521r1] only
From what I can tell, the infrastructure the update script runs on can't connect to ipv6-only hosts. I'll move this to a more appropriate component, but my understanding is we basically can't fix this until ec2 instances support ipv6-only hosts.
Component: Security: PSM → General Automation
Product: Core → Release Engineering
QA Contact: catlee
Summary: HSTS Preload list problems [IPv6 + Port 443 + ECDHE-RSA-AES256-GCM-SHA384 + secp521r1] only → automated hsts update infrastructure can't connect to ipv6-only hosts
Yeah, right now none of our infra is ipv6 aware. We'd have to make use of some kind of ipv6 gateway.
Blocks: IPv6
"Today I am happy to share the news that IPv6 support for EC2 instances in VPCs is now available in a total of fifteen regions, along with Application Load Balancer support for IPv6 in nine of those regions."
https://aws.amazon.com/de/blogs/aws/aws-ipv6-update-global-support-spanning-15-regions-multiple-aws-services/
See Also: → 1401796
Component: General Automation → General
You need to log in before you can comment on or make changes to this bug.