[u-u] Odds and Ends

Unix Unanimous Webmaster www-uu at unixunanimous.org
Fri Jul 20 23:51:30 EDT 2018


On Fri, 20 Jul 2018, Dan Astoorian wrote:
|On Fri, 20 Jul 2018 16:19:58 EDT, Unix Unanimous writes:
||	Removal os the "s" is not secure ... we added a new
||	Let's Encrypt cert recently & even tho cert testers
||	seem to like it, browsers often take several clicks
||	on "Try Again" to make it work for some reason
||
||	Perhaps we will replace the cert soon if further
||	debugging doesn't turn up anything, sigh :\
|
|Not sure how recently "recently" is, but I sent mail about this on June
|11 to www-uu at unixunanimous.org; I never received a reply (or even
|acknowlegement that the message was received).
|
|At the time, the certificate on the page had expired on 12/30/2016 (so I
|assume this was before the switch to Let's Encrypt), but
|even ignoring the expiry problem, browsers were intermittently refusing
|to connect, with Firefox reporting
|"SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH" (apparently meaning "SSL
|received an unexpected Server Key Exchange handshake message."), and
|chromium-browser (66.0.3359.170) reporting "ERR_SSL_PROTOCOL_ERROR" with
|the diagnostic "[...:ERROR:ssl_client_socket_impl.cc(1098)] handshake
|failed; returned -1, SSL error code 1, net_error -107".
|
|So I don't think the problem is the certificate; my guess is that the
|server software has some configuration issues.  Tweaking the available
|protocols and/or cipher suites (SSLProtocol, SSLCipherSuite,
|SSLHonorCipherOrder) might help--perhaps the server is offering ciphers
|that modern software just consider broken.
|
|Or maybe the NSA's packet sniffer is having trouble interpolating itself
|between the server and its clients transparently :-)


	OK, that's *mister* derelict to you, fella ;P

	I just read your earlier missive after a long while
	of assuming everything is a-ok etc :O

	apparently not.  if 1 dog year is 7 human years, then
	1 software year is mebbe 2-3 times that -

	> openssl version
	OpenSSL 1.0.1c 10 May 2012

	eek

	... und zo ... we will be moving this site to something
	a bit less long in de toof soon ...


Cheers,
U-U admin 


More information about the u-u mailing list