From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: Re: patchwork.ipfire.org => Error: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING Date: Sun, 13 Oct 2019 17:58:28 +0200 Message-ID: In-Reply-To: <2F8482D6-5E21-493B-8ED3-6D69C59C75B7@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8507764839629355268==" List-Id: --===============8507764839629355268== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thanks for fixing! ;-) On 13.10.2019 15:05, Michael Tremer wrote: > Hi, >=20 > Thank your for raising this. >=20 > This was caused by haproxy which could not be reloaded because I played aro= und with the IPv6 configuration of our main firewall in Hannover. Therefore t= he updated OCSP responses were not delivered. >=20 > It is fixed now and you should change your setting back. >=20 > Best, > -Michael >=20 >> On 13 Oct 2019, at 00:25, Matthias Fischer = wrote: >>=20 >> Hi, >>=20 >> today, suddenly patchwork.ipfire.org stopped working. Reloading the page >> several times doesn't help. Firefox 69.0.3 keeps telling me: >>=20 >> ***SNIP*** >> Secure Connection Failed >>=20 >> An error occurred during a connection to patchwork.ipfire.org. A >> required TLS feature is missing. Error code: >> MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING >>=20 >> The page you are trying to view cannot be shown because the >> authenticity of the received data could not be verified. >> Please contact the website owners to inform them of this problem. >> ***SNAP*** >>=20 >> Setting "security.ssl.enable_ocsp_must_staple" in about:config to >> "false" temporarily fixes this, but could it be that there is a problem >> with the "Let's Encrypt" certificate!? >>=20 >> Can anyone confirm? >>=20 >> Best, >> Matthias >>=20 >> P.S.: Possible solution (german!) >> =3D> >> https://www.kuketz-blog.de/nginx-aktivierung-von-ocsp-must-staple-ohne-tim= eout/ >=20 >=20 --===============8507764839629355268==--