ewr1.gateway.6pn.dev not serving valid TLS - breaks fly redis connect

eshan · January 14, 2026, 4:12pm

fly redis connect broke in the past week.

Gateway returns invalid TLS: $ openssl s_client -connect ewr1.gateway.6pn.dev:443 error: packet length too long SSL handshake has read 5 bytes

macOS Tahoe, flyctl 0.4.3

lillian · January 14, 2026, 4:42pm

it is working for me:

nixie:~$ openssl s_client -connect ewr1.gateway.6pn.dev:443
Connecting to 66.225.222.113
CONNECTED(00000005)
depth=0 O=fly.dev
verify error:num=18:self-signed certificate
verify return:1
depth=0 O=fly.dev
verify return:1
---
Certificate chain
 0 s:O=fly.dev
   i:O=fly.dev
   a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA256
   v:NotBefore: Nov 27 14:19:50 2025 GMT; NotAfter: Nov  3 14:19:50 2125 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBbzCCARWgAwIBAgIQaEfW61inR30Ko9/ioFtu7DAKBggqhkjOPQQDAjASMRAw
DgYDVQQKEwdmbHkuZGV2MCAXDTI1MTEyNzE0MTk1MFoYDzIxMjUxMTAzMTQxOTUw
WjASMRAwDgYDVQQKEwdmbHkuZGV2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
wzCSkH0wPDsZTzc++6NykZbx06+z82RlIEntj+biKQSH4IczHpgOIXQ/ZANo5i/o
ABrOYccQod7BolW/XoamXKNLMEkwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAoG
CCqGSM49BAMCA0gAMEUCIQDKjZg0RtbHyx5UsZAO6pg0PPgpJbIIpZPteXaqTMAt
WwIgYxAYqzlECDRq63WIJgO1g/W6ZjhvasJHkjPdiynVo4w=
-----END CERTIFICATE-----
subject=O=fly.dev
issuer=O=fly.dev
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ecdsa_secp256r1_sha256
Negotiated TLS1.3 group: X25519MLKEM768
---
SSL handshake has read 1814 bytes and written 1615 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Protocol: TLSv1.3
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_128_GCM_SHA256
    Session-ID: E2DF73C46CEC7060CA5E6F74F7E88875B4351288A4BEAC6730F20CF74AB7FD70
    Session-ID-ctx:
    Resumption PSK: C305157316F7391A8242F534AC13F1D4A9B94B9DDEF231ABDF88290C243FCF1E
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 604800 (seconds)
    TLS session ticket:
    0000 - 6d fe ee 2c 7d e8 f1 c8-39 97 0f 85 ce a6 60 da   m..,}...9.....`.
    0010 - 85 66 47 62 fc 03 e3 ea-16 80 92 b5 40 bb 14 0d   .fGb........@...
    0020 - 0c cb a5 25 37 35 48 a8-73 21 00 29 d5 90 3a 16   ...%75H.s!.)..:.
    0030 - d0 b3 66 aa a7 36 6a 83-aa f5 f4 a9 50 79 d7 52   ..f..6j.....Py.R
    0040 - a5 f4 2e 69 de 84 16 81-b5 1c a7 60 a6 d9 2b a7   ...i.......`..+.
    0050 - af 07 49 79 68 42 20 fe-1b 2a 71 00 16 32 c3 ff   ..IyhB ..*q..2..
    0060 - 55 ed ee c0 c8 51 d1 d9-a1                        U....Q...

    Start Time: 1768408929
    Timeout   : 7200 (sec)
    Verify return code: 18 (self-signed certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
^C