On 12/18/2016 05:52 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2016-12-19 02:14, Lew Wolfgang wrote:
On 12/18/2016 05:09 PM, Lew Wolfgang wrote:
Since no one else is reporting similar issues, my latest hypothesis is that a deep-packet-inspection intrusion prevention device somewhere on my connection path is finding a false-positive hit in the binary and force-closing the connection. I've checked on our local IPS (Tippingpoint) and don't see any hits, but there might be others farther upstream. This is a very large organization.
So if my hypothesis is correct, a TLS connection to pacman would allow the updates to complete. BTW, I should have mentioned that I haven't had a chance to confirm my hypothesis with tcpdump yet, maybe I can get to that tomorrow. Try download the file manually with a browser.
Good suggestion Carlos. I tried it with wget and got the same "connection closed by peer" disconnect at 99%. I then tried wget from my home system and it worked, of course. So I used scp to move the rpm to the hosts in question. Proves my point: maybe repo access should be via TLS, if caching proxies aren't an issue. Could both 80 and 443 be supported? Regards, Lew -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org