[u-u] Odds and Ends
Unix Unanimous Webmaster
www-uu at unixunanimous.org
Fri Jul 20 23:51:30 EDT 2018
On Fri, 20 Jul 2018, Dan Astoorian wrote:
|On Fri, 20 Jul 2018 16:19:58 EDT, Unix Unanimous writes:
|| Removal os the "s" is not secure ... we added a new
|| Let's Encrypt cert recently & even tho cert testers
|| seem to like it, browsers often take several clicks
|| on "Try Again" to make it work for some reason
||
|| Perhaps we will replace the cert soon if further
|| debugging doesn't turn up anything, sigh :\
|
|Not sure how recently "recently" is, but I sent mail about this on June
|11 to www-uu at unixunanimous.org; I never received a reply (or even
|acknowlegement that the message was received).
|
|At the time, the certificate on the page had expired on 12/30/2016 (so I
|assume this was before the switch to Let's Encrypt), but
|even ignoring the expiry problem, browsers were intermittently refusing
|to connect, with Firefox reporting
|"SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH" (apparently meaning "SSL
|received an unexpected Server Key Exchange handshake message."), and
|chromium-browser (66.0.3359.170) reporting "ERR_SSL_PROTOCOL_ERROR" with
|the diagnostic "[...:ERROR:ssl_client_socket_impl.cc(1098)] handshake
|failed; returned -1, SSL error code 1, net_error -107".
|
|So I don't think the problem is the certificate; my guess is that the
|server software has some configuration issues. Tweaking the available
|protocols and/or cipher suites (SSLProtocol, SSLCipherSuite,
|SSLHonorCipherOrder) might help--perhaps the server is offering ciphers
|that modern software just consider broken.
|
|Or maybe the NSA's packet sniffer is having trouble interpolating itself
|between the server and its clients transparently :-)
OK, that's *mister* derelict to you, fella ;P
I just read your earlier missive after a long while
of assuming everything is a-ok etc :O
apparently not. if 1 dog year is 7 human years, then
1 software year is mebbe 2-3 times that -
> openssl version
OpenSSL 1.0.1c 10 May 2012
eek
... und zo ... we will be moving this site to something
a bit less long in de toof soon ...
Cheers,
U-U admin
More information about the u-u
mailing list