From owner-freebsd-security@FreeBSD.ORG Thu May 14 10:02:30 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 05426CAE for ; Thu, 14 May 2015 10:02:30 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 68F0C1B94 for ; Thu, 14 May 2015 10:02:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t4EA2HMr061703; Thu, 14 May 2015 20:02:17 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 14 May 2015 20:02:17 +1000 (EST) From: Ian Smith To: Patrick Proniewski cc: Anders Gulden Olstad , Liste FreeBSD-security Subject: Re: Forums.FreeBSD.org - SSL Issue? In-Reply-To: <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> Message-ID: <20150514193706.V69409@sola.nimnet.asn.au> References: <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2015 10:02:30 -0000 On Thu, 14 May 2015 10:28:27 +0200, Patrick Proniewski wrote: > On 13 mai 2015, at 23:18, Anders Gulden Olstad wrote: > > > Qualys report chain issues > > that's pretty odd, because I've checked too just after sending my > reply to the list (message id > A2D58CCB-8B0A-40FF-9ED1-89B698A830DD@patpro.net), and Qualys reported > no issues at all about the chain. That was about 7-8 hours before > your message. > > But well, the global note was B at this time, and now it's A+. They > obviously upgraded TLS from 1.0 to 1.2, ditched support for "old" > browsers, and made other cipher tuning. Good job admins (though I > would have been a bit more conservative about browser support). Well, I can't reach https://forums.freebsd.org/ at all at the moment, my (admittedly ancient, on 8.2) SeaMonkey now consistenly reports: "Data Transfer Interrupted The connection to forums.freebsd.org has terminated unexpectedly. Some data may have been transferred." .. which I found pretty weird as I'd read this post - also not reachable now, of course - at 03:20 this morning, ie 17:20 UTC on 13th May: https://forums.freebsd.org/threads/virtualbox-4-3-26-wont-start.51341/ I checked 'forums.freebsd.org' at https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org which is currently showing: "The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B." That report also shows "Valid from Tue, 12 May 2015 00:00:00 UTC Valid until Tue, 17 May 2016 23:59:59 UTC (expires in 1 year)" although my successful access at 03:20 this morning above was over 41 hours later than that Server Key and Certificate #1 date. Hopefully a temporary glitch, though I rarely refer to the forums. No similar issue with https://www.freebsd.org/ luckily (a matter of time?) cheers, Ian