Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Nov 2015 16:28:28 -0900
From:      Royce Williams <royce@tycho.org>
To:        Zaphod Beeblebrox <zbeeble@gmail.com>
Cc:        FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   Re: FreeBSD forum certificates wrong somehow.
Message-ID:  <CA%2BE3k92UUHnt4wwCWkRY%2B2Ux_HWXzPfgKmHT6p6OF54RhzO3aA@mail.gmail.com>
In-Reply-To: <CACpH0MeBPA1wmZMEbxk2vZS567rZcNQy8z2PRT44_d0zz1R-nA@mail.gmail.com>
References:  <CACpH0MeBPA1wmZMEbxk2vZS567rZcNQy8z2PRT44_d0zz1R-nA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Nov 17, 2015 at 4:05 PM, Zaphod Beeblebrox <zbeeble@gmail.com> wrote:
> I realize that I have no idea who is in the wrong --- the error is rather
> opaque, but please follow:
>
> One of google or https everywhere (or both) directs my google searches to
> https when forums.freebsd.org comes up.  For some reason, I can't seem to
> add an exception, but https is generally good...
>
> ... but firefox doesn't want to talk to https://forums.freebsd.org.  So
> much so, in fact, it doesn't even provide the usual "add exception for
> https self-signed" ... it's just a dialog to report this nasty violation.
>
> ... now I realize that chrome seems to read the site just fine...but I
> maintain that I'd rather not use chrome ... and really someone needs to
> look at the problem...
>
> ... and since I don't know how to effectively complain to mozilla, I'm
> starting by posting here.

Firefox on what platform?  I'm unable to replicate here, on Windows 7
or Linux (all I can reach at the moment).

Qualys SSL Labs comes up clean for both IPv4 and IPv6:

https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org&s=149.20.54.209&latest

https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org&s=2001%3A4f8%3A3%3A36%3A0%3A0%3A0%3A209

Only unusual (not bad) thing that stands out from the results is that
TLS 1.0 is not supported, which most sites haven't had the guts to do
yet that I have seen.

Do the forums have any load-balancing or DNS anycast stuff going on,
or is forums.freebsd.org always 149.20.54.209 regardless of network
standpoint?

Firefox usually supplies an error code (of the form
"err_ssl_version_or_cipher_mismatch" or similar).  Anything like that
showing up on your end?

Royce

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BE3k92UUHnt4wwCWkRY%2B2Ux_HWXzPfgKmHT6p6OF54RhzO3aA>