[u-u] Odds and Ends

Giles Orr gilesorr at gmail.com
Fri Jul 20 16:55:02 EDT 2018 

On 20 July 2018 at 16:19, Unix Unanimous <u-u at mail.unixunanimous.org> wrote:

> On Fri, 20 Jul 2018, Giles Orr wrote:
> |On 20 July 2018 at 08:57, Adam Holland <ajh8888 at gmail.com> wrote:
> |
> |1. HTTPS for unixunanimous.org (as per the URLs appended to the bottom
> |of mailing list messages) gives me a strange error.  If not already a
> known
> |issue, ask me for details.
> |
> |It would appear the inclusion of "https:" is, shall we say, aspirational.
> |The website is unencrypted, so if you attempt to visit the website with
> |https: prepended, it fails with a security error.  The "s" should be
> |removed from the signature.
>
>
>         Removal os the "s" is not secure ... we added a new
>         Let's Encrypt cert recently & even tho cert testers
>         seem to like it, browsers often take several clicks
>         on "Try Again" to make it work for some reason
>
>
>         Perhaps we will replace the cert soon if further
>         debugging doesn't turn up anything, sigh :\
>

Dan has beaten me to a similar analysis - he may have done a better job.
But I thought I'd send this along anyway.

Whatever the problem is, it's probably not the cert.  I'm damned if I can
tell what it is though: when I hit it with Firefox, it gives me an
SSL_ERROR_UNSUPPORTED_VERSION which would seem to indicate you're not even
supporting TLS 1.2 - which would be a bit insecure (that blocking is a
setting I have in FF, most people don't have this set).  When I hit it with
Chrome on my Mac, I get ERR_SSL_PROTOCOL_ERROR (my Chrome has only standard
settings - nothing weird like FF).  When I put it in Qualys SSL Labs (
https://www.ssllabs.com/ssltest/analyze.html?d=unixunanimous.org ) this
morning, they said the site was entirely unencrypted - so they couldn't
test your cert or secure server configuration.  This afternoon Qualys says
"Unable to resolve domain name".  But Chrome on Windows sees the page fine
So yeah: I have NO idea what's wrong with the site, but I'd say there are
probably multiple problems that needs to be looked at.  I wouldn't start
with the cert.

-- 
Giles
https://www.gilesorr.com/
gilesorr at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unixunanimous.org/pipermail/u-u/attachments/20180720/0ed2c8ea/attachment.html>

More information about the u-u mailing list