From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
Date: Tue, 25 Dec 2018 22:54:10 +0100
Message-ID: <D8353877-3936-4ABA-B9BD-6DB1506192BF@ipfire.org>
In-Reply-To:
 <trinity-83bfad9c-f974-4fce-b107-d52315ed74b1-1545767081597@3c-app-gmx-bs23>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1199345198217840243=="
List-Id: <development.lists.ipfire.org>

--===============1199345198217840243==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello,

> On 25 Dec 2018, at 20:44, Bernhard Bitsch <Bernhard.Bitsch(a)gmx.de> wrote:
>=20
> Hi,
>=20
> problem is fixed. I changed 'security.ssl.enable_ocsp_must_staple' in about=
:config for Firefox.
> forum.ipfire.org was reachable. Resetting to default now did change the rea=
chability.

I absolutely cannot recommend to disable inspection of the certificate attrib=
utes.

Are there still any issues with the default configuration?

Best,
-Michael

> Merry Christmas!
>=20
> Bernhard
>=20
>> Gesendet: Dienstag, 25. Dezember 2018 um 10:18 Uhr
>> Von: "Matthias Fischer" <matthias.fischer(a)ipfire.org>
>> An: "Michael Tremer" <michael.tremer(a)ipfire.org>
>> Cc: "IPFire: Development-List" <development(a)lists.ipfire.org>
>> Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org =3D> TLS =
error
>>=20
>> Hi,
>>=20
>> On 25.12.2018 09:35, Michael Tremer wrote:
>>> Thanks for letting me know=E2=80=A6
>>=20
>> No problem...
>>=20
>>> Haproxy lost its configuration file and therefore could not be reloaded t=
o read the latest OCSP responses.
>>>=20
>>> Fixed that now. Let me know if there are any other problems.
>>>=20
>>> Merry Christmas!
>>=20
>> Thanks for fixing - merry christmas to you too - and to all on the
>> list... ;-)
>>=20
>> Best,
>> Matthias
>>=20
>>> -Michael
>>>=20
>>>> On 25 Dec 2018, at 09:11, Matthias Fischer <matthias.fischer(a)ipfire.or=
g> wrote:
>>>>=20
>>>> Hi,
>>>>=20
>>>> FYI, today the above three websites refused to load with the following
>>>> error message:
>>>>=20
>>>> "Secure Connection Failed
>>>>=20
>>>> An error occurred during a connection to forum.ipfire.org. A required
>>>> TLS feature is missing. Error code:
>>>> MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
>>>>=20
>>>>   The page you are trying to view cannot be shown because the
>>>> authenticity of the received data could not be verified.
>>>>   Please contact the website owners to inform them of this problem."
>>>>=20
>>>> Can anyone confirm?
>>>>=20
>>>> Best,
>>>> Matthias
>>>=20
>>>=20
>>=20
>>=20


--===============1199345198217840243==--