[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue accessing https://git.libssh.org

[Thread Prev] | [Thread Next]

[Date Prev] | [Date Next]

Subject: Re: Issue accessing https://git.libssh.org
From: Tilo Eckert <tilo.eckert@xxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Thu, 29 Jun 2017 16:13:38 +0200
To: libssh@xxxxxxxxxx

Am 29.06.2017 um 12:46 schrieb Andreas Schneider:
> On Thursday, 29 June 2017 10:54:12 CEST Tilo Eckert wrote:
>> Am 28.06.2017 um 18:05 schrieb Andreas Schneider:
>>> On Wednesday, 28 June 2017 15:40:00 CEST Tilo Eckert wrote:
>>>> Am 28.06.2017 um 13:42 schrieb Andreas Schneider:
>>>>> On Wednesday, 28 June 2017 12:43:14 CEST Tilo Eckert wrote:
>>>>>> Hi,
>>>>>
>>>>> Hi Tilo,
>>>>>
>>>>>> I am experiencing a re-occuring issue when accessing
>>>>>> https://git.libssh.org with Firefox. When requesting a page for the
>>>>>> first time after browser startup or after not accessing the site for a
>>>>>> while, I get an SSL error page with the error code
>>>>>> NS_ERROR_NET_INADEQUATE_SECURITY.
>>>>>>
>>>>>> Refreshing the page causes it to load successfully and I can navigate
>>>>>> the site. When idling on one page for a couple of minutes, the issue
>>>>>> reappears on the next page request.
>>>>>>
>>>>>> If the server is configured for HTTPS2, this post might be relevant:
>>>>>> https://support.mozilla.org/en-US/questions/1139019
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Please retry.
>>>>
>>>> The issue still persists. I think the reason is that the cipher suite
>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is negotiated which is blacklisted in
>>>> HTTP/2. Firefox probably falls back to HTTP/1.1 when negotiation failed
>>>> for a recent previous request.
>>>
>>> Strange, I used the SSLCipherSuite line from
>>> https://icing.github.io/mod_h2/ howto.html
>>>
>>> I don't see the issue with Firefox 52.0.2
>>
>> This SSLCipherSuite?
>>
>>> SSLCipherSuite
>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES25
>>> 6-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-D
>>> SS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES12
>>> 8-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA3
>>> 84:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:D
>>> HE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES2
>>> 56-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES
>>> :!RC4:!3DES:!MD5:!PSK
> 
> Yes, that's the one.
> 
>> It looks like you either did not specify "SSLHonorCipherOrder on" or
>> your SSLCipherSuite declaration is not used for some reason.
> 
> That's set too.
> 
> 
> However I think I found it.

I can confirm it as fixed. :)

Thanks.

References:
Issue accessing https://git.libssh.org	Tilo Eckert <tilo.eckert@xxxxxxx>
Re: Issue accessing https://git.libssh.org	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: Issue accessing https://git.libssh.org	Tilo Eckert <tilo.eckert@xxxxxxx>
Re: Issue accessing https://git.libssh.org	Andreas Schneider <asn@xxxxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org