<feed xmlns='http://www.w3.org/2005/Atom'>
<title>apt/test/integration/test-apt-https-transient, branch main</title>
<subtitle>Debians commandline package manager</subtitle>
<id>https://git.kalnischkies.de/apt/atom?h=main</id>
<link rel='self' href='https://git.kalnischkies.de/apt/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/'/>
<updated>2026-06-10T13:07:30Z</updated>
<entry>
<title>aptwebserver: Refuse client immediately on TLS handshake</title>
<updated>2026-06-10T13:07:30Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2026-02-05T21:18:40Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=49e91b96d9faeca50ab0b212174744938d446132'/>
<id>urn:sha1:49e91b96d9faeca50ab0b212174744938d446132</id>
<content type='text'>
We implement a HTTP-only server here (that is wrapped by stunnel for
HTTPS support), so if a TLS handshake reaches us it is always wrong
and we can just close the connection immediately instead of accepting
it and letting the client run into a timeout as we will never receive
the message(s) we expect.

This happens e.g. with browsers like Firefox that opportunistically
try https first (even if you ask for http and specify a port).
</content>
</entry>
<entry>
<title>Turn TLS handshake issues into transient errors</title>
<updated>2021-05-12T11:06:11Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2021-05-11T14:04:10Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=2129ffecc084ca772af75418225c5551631e6278'/>
<id>urn:sha1:2129ffecc084ca772af75418225c5551631e6278</id>
<content type='text'>
This makes them retriable, and brings them more into line with
TCP, where handshake is also a transient error.

LP: #1928100
</content>
</entry>
</feed>
