public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
From: Bernhard Bitsch <Bernhard.Bitsch@gmx.de>
To: development@lists.ipfire.org
Subject: Aw: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
Date: Tue, 25 Dec 2018 23:23:10 +0100	[thread overview]
Message-ID: <trinity-ddda7ebc-dc65-49a4-9a1a-368c6d7ecd40-1545776590579@3c-app-gmx-bs23> (raw)
In-Reply-To: <D8353877-3936-4ABA-B9BD-6DB1506192BF@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 2719 bytes --]



> Gesendet: Dienstag, 25. Dezember 2018 um 22:54 Uhr
> Von: "Michael Tremer" <michael.tremer(a)ipfire.org>
> An: "Bernhard Bitsch" <Bernhard.Bitsch(a)gmx.de>
> Cc: "IPFire: Development-List" <development(a)lists.ipfire.org>
> Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
>
> Hello,
> 
> > On 25 Dec 2018, at 20:44, Bernhard Bitsch <Bernhard.Bitsch(a)gmx.de> wrote:
> > 
> > Hi,
> > 
> > problem is fixed. I changed 'security.ssl.enable_ocsp_must_staple' in about:config for Firefox.
> > forum.ipfire.org was reachable. Resetting to default now did change the reachability.
> 
> I absolutely cannot recommend to disable inspection of the certificate attributes.
> 

That's right. I just tested this, had found some posts about that problem in several sites.
Reverted to the default. No problems with the inspection of the attributes.
Thank you for the quick fix.

- Bernhard
> Are there still any issues with the default configuration?
> 
> Best,
> -Michael
> 
> > Merry Christmas!
> > 
> > Bernhard
> > 
> >> Gesendet: Dienstag, 25. Dezember 2018 um 10:18 Uhr
> >> Von: "Matthias Fischer" <matthias.fischer(a)ipfire.org>
> >> An: "Michael Tremer" <michael.tremer(a)ipfire.org>
> >> Cc: "IPFire: Development-List" <development(a)lists.ipfire.org>
> >> Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
> >> 
> >> Hi,
> >> 
> >> On 25.12.2018 09:35, Michael Tremer wrote:
> >>> Thanks for letting me know…
> >> 
> >> No problem...
> >> 
> >>> Haproxy lost its configuration file and therefore could not be reloaded to read the latest OCSP responses.
> >>> 
> >>> Fixed that now. Let me know if there are any other problems.
> >>> 
> >>> Merry Christmas!
> >> 
> >> Thanks for fixing - merry christmas to you too - and to all on the
> >> list... ;-)
> >> 
> >> Best,
> >> Matthias
> >> 
> >>> -Michael
> >>> 
> >>>> On 25 Dec 2018, at 09:11, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> >>>> 
> >>>> Hi,
> >>>> 
> >>>> FYI, today the above three websites refused to load with the following
> >>>> error message:
> >>>> 
> >>>> "Secure Connection Failed
> >>>> 
> >>>> An error occurred during a connection to forum.ipfire.org. A required
> >>>> TLS feature is missing. Error code:
> >>>> MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
> >>>> 
> >>>>   The page you are trying to view cannot be shown because the
> >>>> authenticity of the received data could not be verified.
> >>>>   Please contact the website owners to inform them of this problem."
> >>>> 
> >>>> Can anyone confirm?
> >>>> 
> >>>> Best,
> >>>> Matthias
> >>> 
> >>> 
> >> 
> >> 
> 
>

      reply	other threads:[~2018-12-25 22:23 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-25  8:11 Matthias Fischer
2018-12-25  8:35 ` Michael Tremer
2018-12-25  9:18   ` Matthias Fischer
2018-12-25 19:44     ` Aw: " Bernhard Bitsch
2018-12-25 21:54       ` Michael Tremer
2018-12-25 22:23         ` Bernhard Bitsch [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=trinity-ddda7ebc-dc65-49a4-9a1a-368c6d7ecd40-1545776590579@3c-app-gmx-bs23 \
    --to=bernhard.bitsch@gmx.de \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox