My Platform
We upload Python artifacts to pypi.org with Twine as part of our release process. In a significant number of cases, the upload fails with a "connection reset by peer" error. The attached log contains one example of such a failure. twine-log.txt
Platform:
- OS: Debian Bullseye
- Twine:
twine --version
twine version 3.3.0 (pkginfo: 1.4.2, requests: 2.25.1, setuptools: 52.0.0, requests-toolbelt: 0.9.1, tqdm: 4.57.0)
- Network: This is running in CI on GitHub. The network stats below were created by means of a GitHub action.
Fastly Debug
N/A
DNS Resolution
$ dig pypi.org A
; <<>> DiG 9.16.44-Debian <<>> pypi.org A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62418
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1224
;; QUESTION SECTION:
;pypi.org. IN A
;; ANSWER SECTION:
pypi.org. 252 IN A 151.101.64.223
pypi.org. 252 IN A 151.101.192.223
pypi.org. 252 IN A 151.101.128.223
pypi.org. 252 IN A 151.101.0.223
;; Query time: 4 msec
;; SERVER: 168.63.129.16#53(168.63.129.16)
;; WHEN: Mon Oct 02 08:39:33 UTC 2023
;; MSG SIZE rcvd: 101
$ dig pypi.org AAAA
; <<>> DiG 9.16.44-Debian <<>> pypi.org AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6240
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1224
;; QUESTION SECTION:
;pypi.org. IN AAAA
;; ANSWER SECTION:
pypi.org. 1430 IN AAAA 2a04:4e42:600::223
pypi.org. 1430 IN AAAA 2a04:4e42:200::223
pypi.org. 1430 IN AAAA 2a04:4e42::223
pypi.org. 1430 IN AAAA 2a04:4e42:400::223
;; Query time: 0 msec
;; SERVER: 168.63.129.16#53(168.63.129.16)
;; WHEN: Mon Oct 02 08:39:33 UTC 2023
;; MSG SIZE rcvd: 149
$ dig files.pythonhosted.org A
; <<>> DiG 9.16.44-Debian <<>> files.pythonhosted.org A
+ dig files.pythonhosted.org AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38974
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1224
;; QUESTION SECTION:
;files.pythonhosted.org. IN A
;; ANSWER SECTION:
files.pythonhosted.org. 1411 IN CNAME dualstack.m.sni.global.fastly.net.
dualstack.m.sni.global.fastly.net. 28 IN A 146.75.105.55
;; Query time: 0 msec
;; SERVER: 168.63.129.16#53(168.63.129.16)
;; WHEN: Mon Oct 02 08:39:33 UTC 2023
;; MSG SIZE rcvd: 114
$ dig files.pythonhosted.org AAAA
; <<>> DiG 9.16.44-Debian <<>> files.pythonhosted.org AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61800
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1224
;; QUESTION SECTION:
;files.pythonhosted.org. IN AAAA
;; ANSWER SECTION:
files.pythonhosted.org. 1297 IN CNAME dualstack.m.sni.global.fastly.net.
dualstack.m.sni.global.fastly.net. 15 IN AAAA 2a04:4e42:8a::311
;; Query time: 4 msec
;; SERVER: 168.63.129.16#53(168.63.129.16)
;; WHEN: Mon Oct 02 08:39:33 UTC 2023
;; MSG SIZE rcvd: 126
Traceroutes / IPv4
$ traceroute pypi.org
traceroute to pypi.org (151.101.128.223), 30 hops max, 60 byte packets
1 172.17.0.1 (172.17.0.1) 0.078 ms 0.020 ms 0.010 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
$ traceroute files.pythonhosted.org
traceroute to files.pythonhosted.org (146.75.105.55), 30 hops max, 60 byte packets
1 172.17.0.1 (172.17.0.1) 0.040 ms 0.011 ms 0.008 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Traceroutes / IPv6 (If available)
N/A
HTTPS Requests / IPv4
$ curl -vvv -I --ipv4 https://pypi.org/pypi/pip/json
Trying 151.101.192.223:443...
* Connected to pypi.org (151.101.192.223) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2856 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=pypi.org
* start date: Apr 29 19:53:38 2023 GMT
* expire date: May 30 19:53:37 2024 GMT
* subjectAltName: host "pypi.org" matched cert's "pypi.org"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x5649f84912e0)
} [5 bytes data]
> HEAD /pypi/pip/json HTTP/2
> Host: pypi.org
> user-agent: curl/7.74.0
> accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [209 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
} [5 bytes data]
< HTTP/2 200
HTTP/2 200
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since
access-control-allow-methods: GET
access-control-max-age: 86400
access-control-expose-headers: X-PyPI-Last-Serial
x-pypi-last-serial: 18994017
cache-control: max-age=900, public
etag: "ewK3r9bIDWlyhuLy5JmdTQ"
content-security-policy: base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ https://api.github.com/search/issues https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com fastly-insights.com *.fastly-insights.com *.ethicalads.io https://api.pwnedpasswords.com/ https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/sre/mathmaps/ https://2p66nmmycsj3.statuspage.io;/ default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://checkout.stripe.com;/ frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://pypi-camo.global.ssl.fastly.net/ https://*.google-analytics.com https://*.googletagmanager.com *.fastly-insights.com *.ethicalads.io; script-src 'self' https://*.googletagmanager.com https://www.google-analytics.com/ https://ssl.google-analytics.com/ *.fastly-insights.com *.ethicalads.io 'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0=' https://cdn.jsdelivr.net/npm/mathjax@3.2.2/ 'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII=' 'sha256-0POaN8stWYQxhzjKS+/eOfbbJ/u4YHO5ZagJvLpMypo='; style-src 'self' fonts.googleapis.com *.ethicalads.io 'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE=' 'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE=' 'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA=' 'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY='; worker-src *.fastly-insights.com
referrer-policy: origin-when-cross-origin
accept-ranges: bytes
date: Mon, 02 Oct 2023 08:40:33 GMT
x-served-by: cache-iad-kcgs7200098-IAD, cache-dfw-kdfw8210131-DFW
x-cache: HIT, HIT
x-cache-hits: 633621, 1
x-timer: S1696236034.599010,VS0,VE1
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: deny
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
permissions-policy: publickey-credentials-create=(self),publickey-credentials-get=(self),accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),execution-while-not-rendered=(),execution-while-out-of-viewport=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=(),local-fonts=(),magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),speaker-selection=(),storage-access=(),usb=(),web-share=(),xr-spatial-tracking=()
content-length: 177007
< content-type: application/json
< access-control-allow-origin: *
< access-control-allow-headers: Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since
< access-control-allow-methods: GET
< access-control-max-age: 86400
< access-control-expose-headers: X-PyPI-Last-Serial
< x-pypi-last-serial: 18994017
< cache-control: max-age=900, public
< etag: "ewK3r9bIDWlyhuLy5JmdTQ"
< content-security-policy: base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ https://api.github.com/search/issues https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com fastly-insights.com *.fastly-insights.com *.ethicalads.io https://api.pwnedpasswords.com/ https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/sre/mathmaps/ https://2p66nmmycsj3.statuspage.io;/ default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://checkout.stripe.com;/ frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://pypi-camo.global.ssl.fastly.net/ https://*.google-analytics.com https://*.googletagmanager.com *.fastly-insights.com *.ethicalads.io; script-src 'self' https://*.googletagmanager.com https://www.google-analytics.com/ https://ssl.google-analytics.com/ *.fastly-insights.com *.ethicalads.io 'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0=' https://cdn.jsdelivr.net/npm/mathjax@3.2.2/ 'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII=' 'sha256-0POaN8stWYQxhzjKS+/eOfbbJ/u4YHO5ZagJvLpMypo='; style-src 'self' fonts.googleapis.com *.ethicalads.io 'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE=' 'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE=' 'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA=' 'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY='; worker-src *.fastly-insights.com
< referrer-policy: origin-when-cross-origin
< accept-ranges: bytes
< date: Mon, 02 Oct 2023 08:40:33 GMT
< x-served-by: cache-iad-kcgs7200098-IAD, cache-dfw-kdfw8210131-DFW
< x-cache: HIT, HIT
< x-cache-hits: 633621, 1
< x-timer: S1696236034.599010,VS0,VE1
< vary: Accept-Encoding
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-frame-options: deny
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< x-permitted-cross-domain-policies: none
< permissions-policy: publickey-credentials-create=(self),publickey-credentials-get=(self),accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),execution-while-not-rendered=(),execution-while-out-of-viewport=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=(),local-fonts=(),magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),speaker-selection=(),storage-access=(),usb=(),web-share=(),xr-spatial-tracking=()
< content-length: 177007
<$ curl -vvv -I --ipv4 https://files.pythonhosted.org/packages/ae/e8/2340d46ecadb1692a1e455f13f75e596d4eab3d11a57446f08259dee8f02/pip-10.0.1.tar.gz
Trying 146.75.105.55:443...
* Connected to files.pythonhosted.org (146.75.105.55) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2831 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.pythonhosted.org
* start date: Jul 1 20:50:25 2023 GMT
* expire date: Aug 1 20:50:24 2024 GMT
* subjectAltName: host "files.pythonhosted.org" matched cert's "*.pythonhosted.org"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x55ef834de2e0)
} [5 bytes data]
> HEAD /packages/ae/e8/2340d46ecadb1692a1e455f13f75e596d4eab3d11a57446f08259dee8f02/pip-10.0.1.tar.gz HTTP/2
> Host: files.pythonhosted.org
> user-agent: curl/7.74.0
> accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [209 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
} [5 bytes data]
< HTTP/2 200
< last-modified: Tue, 11 Apr 2023 02:19:03 GMT
< etag: "83a177756e2c801d0b3a6f7b0d4f3f7e"
< x-amz-meta-btime: 2020-02-26T17:47:37.438Z
< x-amz-meta-mtime: 1582739257.438
< x-amz-request-id: b08f82242304904a
< x-amz-id-2: aNwhj+TF2NuhmjzHNMG1kimZ2Y7swHTiN
< x-amz-version-id: 4_z179c51e67f11a0ad8f6c0018_f1191cd4ff993bd3d_d20230411_m021903_c005_v0501003_t0041_u01681179543316
< content-type: binary/octet-stream
< cache-control: max-age=365000000, immutable, public
< accept-ranges: bytes
< date: Mon, 02 Oct 2023 08:40:33 GMT
< age: 715986
< x-served-by: cache-iad-kcgs7200149-IAD, cache-dfw-kdfw8210099-DFW
< x-cache: HIT, MISS
< x-cache-hits: 124, 0
HTTP/2 200
< x-timer: S1696236034.655513,VS0,VE36
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-frame-options: deny
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< x-permitted-cross-domain-policies: none
< x-robots-header: noindex
< x-pypi-file-python-version: source
< x-pypi-file-version: 10.0.1
< x-pypi-file-package-type: sdist
< x-pypi-file-project: pip
< content-length: 1246072
<
0 1216k 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Connection #0 to host files.pythonhosted.org left intact
last-modified: Tue, 11 Apr 2023 02:19:03 GMT
etag: "83a177756e2c801d0b3a6f7b0d4f3f7e"
x-amz-meta-btime: 2020-02-26T17:47:37.438Z
x-amz-meta-mtime: 1582739257.438
x-amz-request-id: b08f82242304904a
x-amz-id-2: aNwhj+TF2NuhmjzHNMG1kimZ2Y7swHTiN
x-amz-version-id: 4_z179c51e67f11a0ad8f6c0018_f1191cd4ff993bd3d_d20230411_m021903_c005_v0501003_t0041_u01681179543316
content-type: binary/octet-stream
cache-control: max-age=365000000, immutable, public
accept-ranges: bytes
date: Mon, 02 Oct 2023 08:40:33 GMT
age: 715986
x-served-by: cache-iad-kcgs7200149-IAD, cache-dfw-kdfw8210099-DFW
x-cache: HIT, MISS
x-cache-hits: 124, 0
x-timer: S1696236034.655513,VS0,VE36
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: deny
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-robots-header: noindex
x-pypi-file-python-version: source
x-pypi-file-version: 10.0.1
x-pypi-file-package-type: sdist
x-pypi-file-project: pip
content-length: 1246072HTTPS Requests / IPv6 (If available)
N/A
TLS Debug / IPv4
$ echo -n | openssl s_client -4 -connect pypi.org:443
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2023 Q2
verify return:1
depth=0 CN = pypi.org
verify return:1
DONE
CONNECTED(00000003)
---
Certificate chain
0 s:CN = pypi.org
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2023 Q2
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2023 Q2
i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGfzCCBWegAwIBAgIQATphpUBWfreAY2OTrbDywTANBgkqhkiG9w0BAQsFADBY
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEuMCwGA1UE
AxMlR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMyBRMjAeFw0yMzA0
MjkxOTUzMzhaFw0yNDA1MzAxOTUzMzdaMBMxETAPBgNVBAMMCHB5cGkub3JnMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVzK0dZ2ALTL74lfSb8xvcqO
eEP1opP9RNEQXhsEAs5sI8hYBP/j8IJO4cBZN/585CTJ8SAMxXon7IC0FvXnhefc
bE0kyHQf1cchLuqi2cArNUCZd7kIwYCpIpDvYLTlcJP1ClwwlUdDfobcMMLlot14
NBY11KT1iuNdujm83xF4LvHZu1dNTNMkU0Qnzl26tVKzewC29nEELWwz0Navusc/
5RVUI8bWrY2ZEJyeJvbs6aHcNbPdhfb8JP8pzheLNDL0VjWnxJnIDWttprck5FJM
lueKFjrx4vGB8kWfFpLkOSoq4/VW75FvR78Zx2Bj8BroMnbUiQ/NLhlBFHCscQID
AQABo4IDiDCCA4QwPgYDVR0RBDcwNYIIcHlwaS5vcmeCCioucHlwaS5vcmeCDHd3
dy5weXBpLm9yZ4IPZG9uYXRlLnB5cGkub3JnMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFH5KpEjjaz1tMuya
qyjnyKenhRycMFcGA1UdIARQME4wCAYGZ4EMAQIBMEIGCisGAQQBoDIKAQMwNDAy
BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9y
eS8wDAYDVR0TAQH/BAIwADCBngYIKwYBBQUHAQEEgZEwgY4wQAYIKwYBBQUHMAGG
NGh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyM2R2dGxzY2Ey
MDIzcTIwSgYIKwYBBQUHMAKGPmh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20v
Y2FjZXJ0L2dzYXRsYXNyM2R2dGxzY2EyMDIzcTIuY3J0MB8GA1UdIwQYMBaAFMai
YRNFFcyQj7rBrLzMOw0O0N4GMEgGA1UdHwRBMD8wPaA7oDmGN2h0dHA6Ly9jcmwu
Z2xvYmFsc2lnbi5jb20vY2EvZ3NhdGxhc3IzZHZ0bHNjYTIwMjNxMi5jcmwwggF/
BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AHb/iD8KtvuVUcJhzPWHujS0pM27Kdxo
Qgqf5mdMWjp0AAABh86UAM4AAAQDAEcwRQIhAMEeNv9F3vkrUFb8UDUnBgcJ2ed2
u0Y2h4qXuv4SyBcCAiAdoR3AfpZboQtcbZ4F5kfLAIaEZ48avbJTJGrTg0Z0dwB2
ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABh86UAXkAAAQDAEcw
RQIhAL+PCGdwFgr/6mjPltxIkO2pSZ6eDY2sv8n+cW5hXCmzAiAL3XKCZqwJGJXE
kvt1ZJkMoqLzAy5CM2ANzSIXQni6wgB3AHPZnokbTJZ4oCB9R53mssYc0FFecRkq
jGuAEHrBd3K1AAABh86UAcgAAAQDAEgwRgIhALbbX2nIHt3iNRL+nMyqN0CUwxDz
BaSjdQhfBDPciwKbAiEAov0IJaslITt1Mxtyh4Ped9ZOkST5A0K0/Fdbk64zI+sw
DQYJKoZIhvcNAQELBQADggEBAGodVH7XXcayedVPuAMF5agiOBVJp7evMWz2R8xK
ON0jovv1oItNrXvt3tVWvPUl4Dm/AIbCrAHw/d1cz1loot8Nv2tRI8vRpBZ6bnnQ
wWKVlJmz3BRr42wV5HMiLjk0cUFgL+BDcoqpcEKUXsuNgTaevvLkx38Oo8b4Y9PT
CBkcuiqBfqViBAHB9mUcJCtpXW5waX+DwvbkkTULNTdYq5CZLENSPa2H22r/V0SI
gu08iGpOOdMJaaFBQp35ECW+UTdYSa+9tMx+B3GzpgxXVcW/P/ZCKcThequGVDbr
7hy8HRcXVP/+ejef0co8/E9MR5/EYrICq5M7JWJunSDgFP8=
-----END CERTIFICATE-----
subject=CN = pypi.org
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2023 Q2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3403 bytes and written 380 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: A15BE94A903D52B5FCFDFD0B3BB914329ED3A12FC309094A488D1C9AAEA1951F
Session-ID-ctx:
Resumption PSK: B7AF99C867BCA2B12BCFDCD8AA16495543C1F742FE77B3FE8941170FE716F7A9E652E1768DD05072DD9974138E23C21C
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 1a 3d 0b a0 7a 11 5a 93-19 e6 c4 b0 c1 64 be 10 .=..z.Z......d..
0010 - d7 43 66 81 5c f9 b1 74-87 09 cd a8 72 90 ae 67 .Cf.\..t....r..g
0020 - b4 0f d0 cd 3f 6c bb d7-dd 08 98 a0 76 03 51 b5 ....?l......v.Q.
0030 - 1c 21 dd bf 1d bf fc c3-6e f1 9b 02 26 b9 1f 0a .!......n...&...
0040 - c8 2c 77 af 07 65 1c 28-69 f3 58 a2 60 39 de 49 .,w..e.(i.X.`9.I
0050 - dc 23 a8 44 48 7d 23 fa-95 14 7c f5 6f 1a 1e ef .#.DH}#...|.o...
0060 - a8 84 f3 36 d3 58 48 6c-c9 99 e1 5c f1 60 14 da ...6.XHl...\.`..
0070 - 04 c2 09 98 80 e9 ec 94-72 c1 df 08 cf 44 42 7e ........r....DB~
0080 - e8 8e 1c f9 94 f5 5c 16-0d 21 ae 76 dc 9b 45 95 ......\..!.v..E.
0090 - a4 4e b8 35 fb fe 0a 71-18 66 ec ff e3 a8 a9 1e .N.5...q.f......
00a0 - 28 02 cf 9d c5 e8 21 0b-e2 bd e3 a3 e9 e7 0b 35 (.....!........5
Start Time: 1696236033
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK$ echo -n | openssl s_client -4 -connect files.pythonhosted.org:443
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2023 Q2
verify return:1
depth=0 CN = *.pythonhosted.org
verify return:1
DONE
CONNECTED(00000003)
---
Certificate chain
0 s:CN = *.pythonhosted.org
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2023 Q2
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2023 Q2
i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGZjCCBU6gAwIBAgIQAQXnUK6h/QwFsLAnYL7NBDANBgkqhkiG9w0BAQsFADBY
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEuMCwGA1UE
AxMlR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMyBRMjAeFw0yMzA3
MDEyMDUwMjVaFw0yNDA4MDEyMDUwMjRaMB0xGzAZBgNVBAMMEioucHl0aG9uaG9z
dGVkLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMeAyhtK20j
ump8M2NOR/Wb5tTwfuySip+TkYnHzllwNqKPua+oTpPsMqDZ9JpqfFe+PMw02ajH
eaeJJTgoD8YEb4syAPMDoqz/0Ue7xRX1it9hTtHHB9UP9m0loa5t3Juaz+nxC4he
noQ2iAvZFFvT4dX47cg+qeNqiMgY1rMOJHcq1i0UXvpzdS6AFHgW6MGnyYvavAbV
Uv09ocno/X7KBED7eoL2HbfwIPgnq/L6bbbt/japig2tEmqyjbhW+vBvADyx55Y6
FirzZHkZ0HF3k2g65BvmTb22p0x+0XqLFjyXgYT0KwcEbKKYq8jJh0grpQH+GWZQ
0LyVmVegPK8CAwEAAaOCA2UwggNhMB0GA1UdEQQWMBSCEioucHl0aG9uaG9zdGVk
Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMB0GA1UdDgQWBBRUjFwvnzsiKLolC2rxupen1gbfCzBXBgNVHSAEUDBOMAgG
BmeBDAECATBCBgorBgEEAaAyCgEDMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3
Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAwGA1UdEwEB/wQCMAAwgZ4GCCsG
AQUFBwEBBIGRMIGOMEAGCCsGAQUFBzABhjRodHRwOi8vb2NzcC5nbG9iYWxzaWdu
LmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAyM3EyMEoGCCsGAQUFBzAChj5odHRw
Oi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2Nh
MjAyM3EyLmNydDAfBgNVHSMEGDAWgBTGomETRRXMkI+6way8zDsNDtDeBjBIBgNV
HR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRs
YXNyM2R2dGxzY2EyMDIzcTIuY3JsMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcA
dgB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYkTOJ7lAAAEAwBH
MEUCIEpQN30bEORtGcI9cAkltlMBASSqJg9XBV2Mw0hno9Q/AiEAhrz1aIZxsAaq
x9LG5bvuUl9ZgfYMKH30+xjVevYM1nkAdgDuzdBk1dsazsVct520zROiModGfLzs
3sNRSFlGcR+1mwAAAYkTOJ8ZAAAEAwBHMEUCIQC9FUgUvNwRg49MrpBIX/RuGTry
5jpX5GmEzhxJJlioNwIgUga+LUjRh3BZNQirUf1p9KlEwlL0LdM/bie8hZZgSVwA
dQDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYkTOJ9XAAAEAwBG
MEQCIFWZBBBn2EOIY817GLCzzPbUgQzlxK6o0pUUvOSPdOMXAiBZaHEpJD05NCR7
oXsou1bqeES14vqUy53w4UNPopnNPzANBgkqhkiG9w0BAQsFAAOCAQEAlKhJpTZs
kkG/bBEoMrKclENg+jE3iCTEASTOWZ8ISodLG2TudAPK0XjL12Qt08kHz36aXjRo
uzjt1GEoLKmqfyThMKhDH657M+H2uokLxvvjHkru2BK8iibtqGHfHF1EgglcLrDG
UV6LxGTpQwxmSQRYNZ6tT+aSaMsWHinU/9lOQaHUz0nINMh7kcZJuZvjiw1I33tS
jEFayLbNtbDKiSzVsZ85VT7s9yfO4s4HOfUA2F1AFyWtaTRPYm+W2eU6foOR32yu
ZZxbMIp/VDJRw7k+wTGxPv8JUzDs6Rgh//qc7+NdCxsdlK+8tGUxWISJS7Ypgxtg
cRfB92MnObNElw==
-----END CERTIFICATE-----
subject=CN = *.pythonhosted.org
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2023 Q2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3378 bytes and written 394 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: A3CDB1493CEBEC1905D18C49F1E197B91E2E0A20AA8735D124CE48D7034046EC
Session-ID-ctx:
Resumption PSK: E2BF38C9A6C508B6A770E902B190E7A8097BB1FAAD1CEB82AD8E2BECE5F8C6CC8AEC4BDDB3FFA116EAC764F6D0AE43F7
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 1a 3d 0b a0 7a 11 5a 93-19 e6 c4 b0 c1 64 be 10 .=..z.Z......d..
0010 - 90 26 54 60 c4 d2 c9 68-fc 60 9d 6a 41 55 f7 6d .&T`...h.`.jAU.m
0020 - 2b b1 9a 41 7f 30 32 02-49 2f b9 c9 a0 0f c6 b8 +..A.02.I/......
0030 - 20 9c 38 28 4d 12 a6 2f-58 16 ba 1a 21 a1 28 97 .8(M../X...!.(.
0040 - b6 20 70 85 23 f0 08 c4-e5 5a f7 c8 d8 7e 18 d2 . p.#....Z...~..
0050 - 8c 05 a1 d6 ad 41 01 53-f6 c3 8f 0e 4e 80 07 fc .....A.S....N...
0060 - 63 de b5 0b 4b 1a 0e 0f-1e e1 78 58 2c 4a da 51 c...K.....xX,J.Q
0070 - f5 30 4e 55 7d 7d d9 d2-30 5d 43 0b e3 c2 2b a9 .0NU}}..0]C...+.
0080 - 10 11 4b f5 9d d4 ba cf-36 51 a1 3d 10 9e bf 4f ..K.....6Q.=...O
0090 - 12 3c 9b 59 c7 c1 09 49-b0 49 c1 87 8e b4 ca 36 .<.Y...I.I.....6
00a0 - 01 57 8b a9 2c 59 88 50-ec 93 e3 80 f2 bc 96 6b .W..,Y.P.......k
Start Time: 1696236033
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCKTLS Debug / IPv6 (If available)
N/A
Code of Conduct
My Platform
We upload Python artifacts to pypi.org with Twine as part of our release process. In a significant number of cases, the upload fails with a "connection reset by peer" error. The attached log contains one example of such a failure. twine-log.txt
Platform:
Fastly Debug
N/A
DNS Resolution
Traceroutes / IPv4
Traceroutes / IPv6 (If available)
N/A
HTTPS Requests / IPv4
HTTPS Requests / IPv6 (If available)
N/A
TLS Debug / IPv4
TLS Debug / IPv6 (If available)
N/A
Code of Conduct