FreeBSD forum certificates wrong somehow.
Michael B. Eichorn
ike at michaeleichorn.com
Wed Nov 18 02:07:08 UTC 2015
On Tue, 2015-11-17 at 16:28 -0900, Royce Williams wrote:
> On Tue, Nov 17, 2015 at 4:05 PM, Zaphod Beeblebrox <zbeeble at gmail.com
> > wrote:
> > I realize that I have no idea who is in the wrong --- the error is
> > rather
> > opaque, but please follow:
> >
> > One of google or https everywhere (or both) directs my google
> > searches to
> > https when forums.freebsd.org comes up. For some reason, I can't
> > seem to
> > add an exception, but https is generally good...
The forum does not serve http, there is a 301 redirect to https.
> >
> > ... but firefox doesn't want to talk to https://forums.freebsd.org.
> > So
> > much so, in fact, it doesn't even provide the usual "add exception
> > for
> > https self-signed" ... it's just a dialog to report this nasty
> > violation.
> >
> > ... now I realize that chrome seems to read the site just
> > fine...but I
> > maintain that I'd rather not use chrome ... and really someone
> > needs to
> > look at the problem...
> >
> > ... and since I don't know how to effectively complain to mozilla,
> > I'm
> > starting by posting here.
>
> Firefox on what platform? I'm unable to replicate here, on Windows 7
> or Linux (all I can reach at the moment).
More importantly which version. TLSv1.1 and 1.2 were disabled by
default until version 27 (Released 20140204)[1]. And a noted below the
forum requires at least 1.1
>
> Qualys SSL Labs comes up clean for both IPv4 and IPv6:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org&s=1
> 49.20.54.209&latest
>
> https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org&s=2
> 001%3A4f8%3A3%3A36%3A0%3A0%3A0%3A209
>
> Only unusual (not bad) thing that stands out from the results is that
> TLS 1.0 is not supported, which most sites haven't had the guts to do
> yet that I have seen.
>
> Do the forums have any load-balancing or DNS anycast stuff going on,
> or is forums.freebsd.org always 149.20.54.209 regardless of network
> standpoint?
>
> Firefox usually supplies an error code (of the form
> "err_ssl_version_or_cipher_mismatch" or similar). Anything like that
> showing up on your end?
>
> Royce
[1] http://website-archive.mozilla.org/www.mozilla.org/firefox_releasen
otes/en-US/firefox/27.0/releasenotes/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5729 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20151117/e315dbfa/attachment.bin>
More information about the freebsd-hackers
mailing list