=> home
I've been working on upgrading TLS code for TLGS. One of the improvments is that besides OpenSSL, Botan can also be used as the underlying TLS library. In the process I discovered one thing. According to RFC, a TLS 1.3 server must send X509 v3 certificates unless explicitly negotiated.
RFC 8446 4.4.2.2
The certificate type MUST be X.509v3 [RFC5280], unless explicitly
negotiated otherwise (e.g., [RFC7250]).
=> Link to RFC 8446 section 4.4.2.2
And Botan cares about this. It will not allow v1 certificates to pass the handshake.
During a test run of TLGS with Botan. I constantly get Botan complaining about not getting a v3 certificate. Please upgrade your capsule to be compliant with the RFC. TLGS will still be running with OpenSSL in the future, so it's probably not a big deal. But it's still, please comply with the RFC.
=> =
Also, who is abusing TLGS' search API? I keep no logs but I still keep erros. I'm getting a lot of these:
=> Someone sending a heck of a lot of requests with weird query strings.
I don't know who is doing this or where it's coming from. But please stop. I'll start sending 44 Slow Down responses if you keep sending requests like this.
text/geminiThis content has been proxied by September (ba2dc).