From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bernhard Bitsch <Bernhard.Bitsch@gmx.de>
To: development@lists.ipfire.org
Subject:
 Aw: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
Date: Tue, 25 Dec 2018 23:23:10 +0100
Message-ID:
 <trinity-ddda7ebc-dc65-49a4-9a1a-368c6d7ecd40-1545776590579@3c-app-gmx-bs23>
In-Reply-To: <D8353877-3936-4ABA-B9BD-6DB1506192BF@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8275918660033467789=="
List-Id: <development.lists.ipfire.org>

--===============8275918660033467789==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable



> Gesendet: Dienstag, 25. Dezember 2018 um 22:54 Uhr
> Von: "Michael Tremer" <michael.tremer(a)ipfire.org>
> An: "Bernhard Bitsch" <Bernhard.Bitsch(a)gmx.de>
> Cc: "IPFire: Development-List" <development(a)lists.ipfire.org>
> Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org =3D> TLS e=
rror
>
> Hello,
>=20
> > On 25 Dec 2018, at 20:44, Bernhard Bitsch <Bernhard.Bitsch(a)gmx.de> wrot=
e:
> >=20
> > Hi,
> >=20
> > problem is fixed. I changed 'security.ssl.enable_ocsp_must_staple' in abo=
ut:config for Firefox.
> > forum.ipfire.org was reachable. Resetting to default now did change the r=
eachability.
>=20
> I absolutely cannot recommend to disable inspection of the certificate attr=
ibutes.
>=20

That's right. I just tested this, had found some posts about that problem in =
several sites.
Reverted to the default. No problems with the inspection of the attributes.
Thank you for the quick fix.

- Bernhard
> Are there still any issues with the default configuration?
>=20
> Best,
> -Michael
>=20
> > Merry Christmas!
> >=20
> > Bernhard
> >=20
> >> Gesendet: Dienstag, 25. Dezember 2018 um 10:18 Uhr
> >> Von: "Matthias Fischer" <matthias.fischer(a)ipfire.org>
> >> An: "Michael Tremer" <michael.tremer(a)ipfire.org>
> >> Cc: "IPFire: Development-List" <development(a)lists.ipfire.org>
> >> Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org =3D> TL=
S error
> >>=20
> >> Hi,
> >>=20
> >> On 25.12.2018 09:35, Michael Tremer wrote:
> >>> Thanks for letting me know=E2=80=A6
> >>=20
> >> No problem...
> >>=20
> >>> Haproxy lost its configuration file and therefore could not be reloaded=
 to read the latest OCSP responses.
> >>>=20
> >>> Fixed that now. Let me know if there are any other problems.
> >>>=20
> >>> Merry Christmas!
> >>=20
> >> Thanks for fixing - merry christmas to you too - and to all on the
> >> list... ;-)
> >>=20
> >> Best,
> >> Matthias
> >>=20
> >>> -Michael
> >>>=20
> >>>> On 25 Dec 2018, at 09:11, Matthias Fischer <matthias.fischer(a)ipfire.=
org> wrote:
> >>>>=20
> >>>> Hi,
> >>>>=20
> >>>> FYI, today the above three websites refused to load with the following
> >>>> error message:
> >>>>=20
> >>>> "Secure Connection Failed
> >>>>=20
> >>>> An error occurred during a connection to forum.ipfire.org. A required
> >>>> TLS feature is missing. Error code:
> >>>> MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
> >>>>=20
> >>>>   The page you are trying to view cannot be shown because the
> >>>> authenticity of the received data could not be verified.
> >>>>   Please contact the website owners to inform them of this problem."
> >>>>=20
> >>>> Can anyone confirm?
> >>>>=20
> >>>> Best,
> >>>> Matthias
> >>>=20
> >>>=20
> >>=20
> >>=20
>=20
>

--===============8275918660033467789==--