www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
@ 2018-12-25  8:11 Matthias Fischer
  2018-12-25  8:35 ` Michael Tremer
  0 siblings, 1 reply; 6+ messages in thread
From: Matthias Fischer @ 2018-12-25  8:11 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 503 bytes --]

Hi,

FYI, today the above three websites refused to load with the following
error message:

"Secure Connection Failed

An error occurred during a connection to forum.ipfire.org. A required
TLS feature is missing. Error code:
MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

    The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem."

Can anyone confirm?

Best,
Matthias

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
  2018-12-25  8:11 www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error Matthias Fischer
@ 2018-12-25  8:35 ` Michael Tremer
  2018-12-25  9:18   ` Matthias Fischer
  0 siblings, 1 reply; 6+ messages in thread
From: Michael Tremer @ 2018-12-25  8:35 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 888 bytes --]

Thanks for letting me know…

Haproxy lost its configuration file and therefore could not be reloaded to read the latest OCSP responses.

Fixed that now. Let me know if there are any other problems.

Merry Christmas!

-Michael

> On 25 Dec 2018, at 09:11, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> Hi,
> 
> FYI, today the above three websites refused to load with the following
> error message:
> 
> "Secure Connection Failed
> 
> An error occurred during a connection to forum.ipfire.org. A required
> TLS feature is missing. Error code:
> MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
> 
>    The page you are trying to view cannot be shown because the
> authenticity of the received data could not be verified.
>    Please contact the website owners to inform them of this problem."
> 
> Can anyone confirm?
> 
> Best,
> Matthias


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
  2018-12-25  8:35 ` Michael Tremer
@ 2018-12-25  9:18   ` Matthias Fischer
  2018-12-25 19:44     ` Aw: " Bernhard Bitsch
  0 siblings, 1 reply; 6+ messages in thread
From: Matthias Fischer @ 2018-12-25  9:18 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1103 bytes --]

Hi,

On 25.12.2018 09:35, Michael Tremer wrote:
> Thanks for letting me know…

No problem...

> Haproxy lost its configuration file and therefore could not be reloaded to read the latest OCSP responses.
> 
> Fixed that now. Let me know if there are any other problems.
> 
> Merry Christmas!

Thanks for fixing - merry christmas to you too - and to all on the
list... ;-)

Best,
Matthias

> -Michael
> 
>> On 25 Dec 2018, at 09:11, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>> 
>> Hi,
>> 
>> FYI, today the above three websites refused to load with the following
>> error message:
>> 
>> "Secure Connection Failed
>> 
>> An error occurred during a connection to forum.ipfire.org. A required
>> TLS feature is missing. Error code:
>> MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
>> 
>>    The page you are trying to view cannot be shown because the
>> authenticity of the received data could not be verified.
>>    Please contact the website owners to inform them of this problem."
>> 
>> Can anyone confirm?
>> 
>> Best,
>> Matthias
> 
> 


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Aw: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
  2018-12-25  9:18   ` Matthias Fischer
@ 2018-12-25 19:44     ` Bernhard Bitsch
  2018-12-25 21:54       ` Michael Tremer
  0 siblings, 1 reply; 6+ messages in thread
From: Bernhard Bitsch @ 2018-12-25 19:44 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1739 bytes --]

Hi,

problem is fixed. I changed 'security.ssl.enable_ocsp_must_staple' in about:config for Firefox.
forum.ipfire.org was reachable. Resetting to default now did change the reachability.

Merry Christmas!

Bernhard

> Gesendet: Dienstag, 25. Dezember 2018 um 10:18 Uhr
> Von: "Matthias Fischer" <matthias.fischer(a)ipfire.org>
> An: "Michael Tremer" <michael.tremer(a)ipfire.org>
> Cc: "IPFire: Development-List" <development(a)lists.ipfire.org>
> Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
>
> Hi,
> 
> On 25.12.2018 09:35, Michael Tremer wrote:
> > Thanks for letting me know…
> 
> No problem...
> 
> > Haproxy lost its configuration file and therefore could not be reloaded to read the latest OCSP responses.
> > 
> > Fixed that now. Let me know if there are any other problems.
> > 
> > Merry Christmas!
> 
> Thanks for fixing - merry christmas to you too - and to all on the
> list... ;-)
> 
> Best,
> Matthias
> 
> > -Michael
> > 
> >> On 25 Dec 2018, at 09:11, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> >> 
> >> Hi,
> >> 
> >> FYI, today the above three websites refused to load with the following
> >> error message:
> >> 
> >> "Secure Connection Failed
> >> 
> >> An error occurred during a connection to forum.ipfire.org. A required
> >> TLS feature is missing. Error code:
> >> MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
> >> 
> >>    The page you are trying to view cannot be shown because the
> >> authenticity of the received data could not be verified.
> >>    Please contact the website owners to inform them of this problem."
> >> 
> >> Can anyone confirm?
> >> 
> >> Best,
> >> Matthias
> > 
> > 
> 
>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
  2018-12-25 19:44     ` Aw: " Bernhard Bitsch
@ 2018-12-25 21:54       ` Michael Tremer
  2018-12-25 22:23         ` Aw: " Bernhard Bitsch
  0 siblings, 1 reply; 6+ messages in thread
From: Michael Tremer @ 2018-12-25 21:54 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 2038 bytes --]

Hello,

> On 25 Dec 2018, at 20:44, Bernhard Bitsch <Bernhard.Bitsch(a)gmx.de> wrote:
> 
> Hi,
> 
> problem is fixed. I changed 'security.ssl.enable_ocsp_must_staple' in about:config for Firefox.
> forum.ipfire.org was reachable. Resetting to default now did change the reachability.

I absolutely cannot recommend to disable inspection of the certificate attributes.

Are there still any issues with the default configuration?

Best,
-Michael

> Merry Christmas!
> 
> Bernhard
> 
>> Gesendet: Dienstag, 25. Dezember 2018 um 10:18 Uhr
>> Von: "Matthias Fischer" <matthias.fischer(a)ipfire.org>
>> An: "Michael Tremer" <michael.tremer(a)ipfire.org>
>> Cc: "IPFire: Development-List" <development(a)lists.ipfire.org>
>> Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
>> 
>> Hi,
>> 
>> On 25.12.2018 09:35, Michael Tremer wrote:
>>> Thanks for letting me know…
>> 
>> No problem...
>> 
>>> Haproxy lost its configuration file and therefore could not be reloaded to read the latest OCSP responses.
>>> 
>>> Fixed that now. Let me know if there are any other problems.
>>> 
>>> Merry Christmas!
>> 
>> Thanks for fixing - merry christmas to you too - and to all on the
>> list... ;-)
>> 
>> Best,
>> Matthias
>> 
>>> -Michael
>>> 
>>>> On 25 Dec 2018, at 09:11, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> FYI, today the above three websites refused to load with the following
>>>> error message:
>>>> 
>>>> "Secure Connection Failed
>>>> 
>>>> An error occurred during a connection to forum.ipfire.org. A required
>>>> TLS feature is missing. Error code:
>>>> MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
>>>> 
>>>>   The page you are trying to view cannot be shown because the
>>>> authenticity of the received data could not be verified.
>>>>   Please contact the website owners to inform them of this problem."
>>>> 
>>>> Can anyone confirm?
>>>> 
>>>> Best,
>>>> Matthias
>>> 
>>> 
>> 
>> 


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Aw: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
  2018-12-25 21:54       ` Michael Tremer
@ 2018-12-25 22:23         ` Bernhard Bitsch
  0 siblings, 0 replies; 6+ messages in thread
From: Bernhard Bitsch @ 2018-12-25 22:23 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 2719 bytes --]



> Gesendet: Dienstag, 25. Dezember 2018 um 22:54 Uhr
> Von: "Michael Tremer" <michael.tremer(a)ipfire.org>
> An: "Bernhard Bitsch" <Bernhard.Bitsch(a)gmx.de>
> Cc: "IPFire: Development-List" <development(a)lists.ipfire.org>
> Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
>
> Hello,
> 
> > On 25 Dec 2018, at 20:44, Bernhard Bitsch <Bernhard.Bitsch(a)gmx.de> wrote:
> > 
> > Hi,
> > 
> > problem is fixed. I changed 'security.ssl.enable_ocsp_must_staple' in about:config for Firefox.
> > forum.ipfire.org was reachable. Resetting to default now did change the reachability.
> 
> I absolutely cannot recommend to disable inspection of the certificate attributes.
> 

That's right. I just tested this, had found some posts about that problem in several sites.
Reverted to the default. No problems with the inspection of the attributes.
Thank you for the quick fix.

- Bernhard
> Are there still any issues with the default configuration?
> 
> Best,
> -Michael
> 
> > Merry Christmas!
> > 
> > Bernhard
> > 
> >> Gesendet: Dienstag, 25. Dezember 2018 um 10:18 Uhr
> >> Von: "Matthias Fischer" <matthias.fischer(a)ipfire.org>
> >> An: "Michael Tremer" <michael.tremer(a)ipfire.org>
> >> Cc: "IPFire: Development-List" <development(a)lists.ipfire.org>
> >> Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
> >> 
> >> Hi,
> >> 
> >> On 25.12.2018 09:35, Michael Tremer wrote:
> >>> Thanks for letting me know…
> >> 
> >> No problem...
> >> 
> >>> Haproxy lost its configuration file and therefore could not be reloaded to read the latest OCSP responses.
> >>> 
> >>> Fixed that now. Let me know if there are any other problems.
> >>> 
> >>> Merry Christmas!
> >> 
> >> Thanks for fixing - merry christmas to you too - and to all on the
> >> list... ;-)
> >> 
> >> Best,
> >> Matthias
> >> 
> >>> -Michael
> >>> 
> >>>> On 25 Dec 2018, at 09:11, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> >>>> 
> >>>> Hi,
> >>>> 
> >>>> FYI, today the above three websites refused to load with the following
> >>>> error message:
> >>>> 
> >>>> "Secure Connection Failed
> >>>> 
> >>>> An error occurred during a connection to forum.ipfire.org. A required
> >>>> TLS feature is missing. Error code:
> >>>> MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
> >>>> 
> >>>>   The page you are trying to view cannot be shown because the
> >>>> authenticity of the received data could not be verified.
> >>>>   Please contact the website owners to inform them of this problem."
> >>>> 
> >>>> Can anyone confirm?
> >>>> 
> >>>> Best,
> >>>> Matthias
> >>> 
> >>> 
> >> 
> >> 
> 
>

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2018-12-25 22:23 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-25  8:11 www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error Matthias Fischer
2018-12-25  8:35 ` Michael Tremer
2018-12-25  9:18   ` Matthias Fischer
2018-12-25 19:44     ` Aw: " Bernhard Bitsch
2018-12-25 21:54       ` Michael Tremer
2018-12-25 22:23         ` Aw: " Bernhard Bitsch

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox