From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: patchwork.ipfire.org => Error: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING Date: Sun, 13 Oct 2019 14:05:25 +0100 Message-ID: <2F8482D6-5E21-493B-8ED3-6D69C59C75B7@ipfire.org> In-Reply-To: <59daa934-17fd-86fd-6533-dd0008ea4ca5@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2764278028973354095==" List-Id: --===============2764278028973354095== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, Thank your for raising this. This was caused by haproxy which could not be reloaded because I played aroun= d with the IPv6 configuration of our main firewall in Hannover. Therefore the= updated OCSP responses were not delivered. It is fixed now and you should change your setting back. Best, -Michael > On 13 Oct 2019, at 00:25, Matthias Fischer = wrote: >=20 > Hi, >=20 > today, suddenly patchwork.ipfire.org stopped working. Reloading the page > several times doesn't help. Firefox 69.0.3 keeps telling me: >=20 > ***SNIP*** > Secure Connection Failed >=20 > An error occurred during a connection to patchwork.ipfire.org. A > required TLS feature is missing. Error code: > MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING >=20 > The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified. > Please contact the website owners to inform them of this problem. > ***SNAP*** >=20 > Setting "security.ssl.enable_ocsp_must_staple" in about:config to > "false" temporarily fixes this, but could it be that there is a problem > with the "Let's Encrypt" certificate!? >=20 > Can anyone confirm? >=20 > Best, > Matthias >=20 > P.S.: Possible solution (german!) > =3D> > https://www.kuketz-blog.de/nginx-aktivierung-von-ocsp-must-staple-ohne-time= out/ --===============2764278028973354095==--