On 12/19/2016 11:26 AM, L A Walsh wrote:
Lew Wolfgang wrote:
Since no one else is reporting similar issues, my latest hypothesis is that a deep-packet-inspection intrusion prevention device somewhere on my connection path is finding a false-positive hit in the binary and force-closing the connection. I've checked on our local IPS (Tippingpoint) and don't see any hits, but there might be others farther upstream. This is a very large organization.
So if my hypothesis is correct, a TLS connection to pacman would allow the updates to complete.
Why would you think that? If it is a large corporation, some of them have already been noted to have subordinated root-certs that would allow them to perform MITM inspection. I.e. TLS wouldn't stop inspection.
In this case they don't do MITM inspection, so my hypothesis stands. TLS would enable me to do on-line updates, without it I have to sneaker-net in the rpm. Sure, it's a minor problem now that I understand what's happening, but it happened nevertheless, and it wasted hours of my time. Regards, Lew -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org