Site Navigation

Date:      Tue, 17 Nov 2015 21:07:02 -0500
From:      "Michael B. Eichorn" <ike@michaeleichorn.com>
To:        Royce Williams <royce@tycho.org>, Zaphod Beeblebrox <zbeeble@gmail.com>
Cc:        FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   Re: FreeBSD forum certificates wrong somehow.
Message-ID:  <1447812422.23778.17.camel@michaeleichorn.com>
In-Reply-To: <CA%2BE3k92UUHnt4wwCWkRY%2B2Ux_HWXzPfgKmHT6p6OF54RhzO3aA@mail.gmail.com>
References:  <CACpH0MeBPA1wmZMEbxk2vZS567rZcNQy8z2PRT44_d0zz1R-nA@mail.gmail.com> <CA%2BE3k92UUHnt4wwCWkRY%2B2Ux_HWXzPfgKmHT6p6OF54RhzO3aA@mail.gmail.com>

---

index | next in thread | previous in thread | raw e-mail

---

[-- Attachment #1 --]
On Tue, 2015-11-17 at 16:28 -0900, Royce Williams wrote:
> On Tue, Nov 17, 2015 at 4:05 PM, Zaphod Beeblebrox <zbeeble@gmail.com
> > wrote:
> > I realize that I have no idea who is in the wrong --- the error is
> > rather
> > opaque, but please follow:
> > 
> > One of google or https everywhere (or both) directs my google
> > searches to
> > https when forums.freebsd.org comes up.  For some reason, I can't
> > seem to
> > add an exception, but https is generally good...

The forum does not serve http, there is a 301 redirect to https.

> > 
> > ... but firefox doesn't want to talk to https://forums.freebsd.org.
> >   So
> > much so, in fact, it doesn't even provide the usual "add exception
> > for
> > https self-signed" ... it's just a dialog to report this nasty
> > violation.
> > 
> > ... now I realize that chrome seems to read the site just
> > fine...but I
> > maintain that I'd rather not use chrome ... and really someone
> > needs to
> > look at the problem...
> > 
> > ... and since I don't know how to effectively complain to mozilla,
> > I'm
> > starting by posting here.
> 
> Firefox on what platform?  I'm unable to replicate here, on Windows 7
> or Linux (all I can reach at the moment).

More importantly which version. TLSv1.1 and 1.2 were disabled by
default until version 27 (Released 20140204)[1]. And a noted below the
forum requires at least 1.1

> 
> Qualys SSL Labs comes up clean for both IPv4 and IPv6:
> 
> https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org&s=1
> 49.20.54.209&latest
> 
> https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org&s=2
> 001%3A4f8%3A3%3A36%3A0%3A0%3A0%3A209
> 
> Only unusual (not bad) thing that stands out from the results is that
> TLS 1.0 is not supported, which most sites haven't had the guts to do
> yet that I have seen.
> 
> Do the forums have any load-balancing or DNS anycast stuff going on,
> or is forums.freebsd.org always 149.20.54.209 regardless of network
> standpoint?

> 
> Firefox usually supplies an error code (of the form
> "err_ssl_version_or_cipher_mismatch" or similar).  Anything like that
> showing up on your end?
> 
> Royce

[1] http://website-archive.mozilla.org/www.mozilla.org/firefox_releasen
otes/en-US/firefox/27.0/releasenotes/
[-- Attachment #2 --]
0�	*�H��

��0�

10
	`�H
e
0�	*�H��


���0�00��
]�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��

	
ike@michaeleichorn.com0�
"0
	*�H��



�
0�

�

�UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYDz�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����
aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\��

���0��0	U00U�0U%0+
+
0U�jj�:	�γ����+39�啖0U#0�Sr풜���
\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class1/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ
��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�00��
]�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��

	
ike@michaeleichorn.com0�
"0
	*�H��



�
0�

�

�UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYDz�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����
aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\��

���0��0	U00U�0U%0+
+
0U�jj�:	�γ����+39�啖0U#0�Sr풜���
\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class1/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ
��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�40��

0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�
"0
	*�H��



�
0�

�

�	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N��

��
�0�
�0U

�0

�0U

�
0USr풜���
\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+


Z0X0'+
0
�http://ocsp.startssl.com/ca0-+
0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+

��7

0f0.+

"http://www.startssl.com/policy.pdf04+

(http://www.startssl.com/intermediate.pdf0
	*�H��


�

�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢����
��o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�LJ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b
��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�1�0�{

0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	`�H
e
��
�0	*�H��

	1	*�H��


0	*�H��

	1
151118020702Z0/	*�H��

	1" �I�-t��8m{��━zˉbw��%H�`*0��	+

�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0��*�H��

	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	*�H��



�
�ucD����@f�A&��+��
em?�J�bç:�{;*��V�@U���M�����f<m������(/�{qz���	G�Z�TI�WY�|o8�9s}��f����n����H�r�����ެW��ת��9C��`?��p�L���-�x�&���J�,��
y���ip�Qhj�	һo;�4M�t��x� (��������@���'��\���˒}д�����)�N�v��$G��Y[/��ܓD0�

help

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1447812422.23778.17.camel>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact