Gesendet: Dienstag, 25. Dezember 2018 um 22:54 Uhr Von: "Michael Tremer" michael.tremer@ipfire.org An: "Bernhard Bitsch" Bernhard.Bitsch@gmx.de Cc: "IPFire: Development-List" development@lists.ipfire.org Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
Hello,
On 25 Dec 2018, at 20:44, Bernhard Bitsch Bernhard.Bitsch@gmx.de wrote:
Hi,
problem is fixed. I changed 'security.ssl.enable_ocsp_must_staple' in about:config for Firefox. forum.ipfire.org was reachable. Resetting to default now did change the reachability.
I absolutely cannot recommend to disable inspection of the certificate attributes.
That's right. I just tested this, had found some posts about that problem in several sites. Reverted to the default. No problems with the inspection of the attributes. Thank you for the quick fix.
- Bernhard
Are there still any issues with the default configuration?
Best, -Michael
Merry Christmas!
Bernhard
Gesendet: Dienstag, 25. Dezember 2018 um 10:18 Uhr Von: "Matthias Fischer" matthias.fischer@ipfire.org An: "Michael Tremer" michael.tremer@ipfire.org Cc: "IPFire: Development-List" development@lists.ipfire.org Betreff: Re: www.ipfire.org / forum.ipfire.org / blog.ipfire.org => TLS error
Hi,
On 25.12.2018 09:35, Michael Tremer wrote:
Thanks for letting me know…
No problem...
Haproxy lost its configuration file and therefore could not be reloaded to read the latest OCSP responses.
Fixed that now. Let me know if there are any other problems.
Merry Christmas!
Thanks for fixing - merry christmas to you too - and to all on the list... ;-)
Best, Matthias
-Michael
On 25 Dec 2018, at 09:11, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
FYI, today the above three websites refused to load with the following error message:
"Secure Connection Failed
An error occurred during a connection to forum.ipfire.org. A required TLS feature is missing. Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."
Can anyone confirm?
Best, Matthias