Forum issues after the cluster move
#1
I sometimes access this site from an older computer which is stuck on an older Firefox ESR version. There are still no SSL errors on e.g. www.pine64.org, but after the move forum.pine64.org now gives:

An error occurred during a connection to forum.pine64.org. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

It can only be accessed by using plain http.
  Reply
#2
If you can get me a list of the SSL cyphers that the old Firefox ESR install supports, I'll see what can be done to fix this.
Community administrator and sysadmin for PINE64
(Translation: If something breaks on the website, forum, or chat network, I'm a good person to yell at about it)

  Reply
#3
It's Firefox 45.9.0esr, released 2017.04.19, the last pre-Electrolysis ESR version.

According to ssllabs' database, it supports TLS 1.2.
https://www.ssllabs.com/ssltest/viewClie...07&key=127

According to their server test,
https://www.ssllabs.com/ssltest/analyze....219.133.83

The forum supports TLS 1.2 & 1.3, but the handshake simulation section shows,
Firefox 31.3.0 ESR / Win 7 - Server sent fatal alert: handshake_failure
Firefox 47 / Win 7 R - Server sent fatal alert: handshake_failure
Firefox 49 / XP SP3 - RSA 2048 (SHA256) - TLS 1.2 > http/1.1

and a number of other TLS 1.2 browsers getting bumped to plain http.

Looking at the specific TLS 1.2 cipher suites supported, there is just no overlap. The still-good ones FF45 supports would be,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128

and the closest the server has enabled are,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 4096 bits FS 256

(but it does have one weak one enabled.)


Also, www.pine64.org is available via IP6, but according to their testing the SSL config is out of sync with the IP4 one & substantially behind it (e.g. no TLS 1.3):
https://www.ssllabs.com/ssltest/analyze....a136%3a207
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Is the forum software of Pine64 open source? Peter Gamma 2 419 10-07-2020, 02:38 AM
Last Post: Peter Gamma
  Please create a PineTab section in the forum eaglecup 2 1,457 07-29-2020, 12:26 PM
Last Post: JamesGrelf
  Suggested UX improvements for forum site Stevie-O 14 2,702 06-03-2020, 09:18 AM
Last Post: lot378
Exclamation Unresolved issues with rk3399 UART and PBP adapter voltage z4v4l 3 798 02-20-2020, 07:47 PM
Last Post: z4v4l
Question Is there a forum for PineTab? Danct12 3 1,965 01-31-2020, 08:23 PM
Last Post: InsideJob
  Forum Login Failure neilman 3 1,214 11-07-2019, 12:07 PM
Last Post: tophneal
  Minor forum suggestion about "View New Posts", "View Today's Posts" Thra11 3 981 08-14-2019, 05:47 PM
Last Post: fire219
  Forum login problems with Chromebook jiyong 4 1,295 08-09-2019, 04:36 AM
Last Post: jiyong
  Account delete on Pine64 Forum User 12599 1 1,363 07-11-2019, 08:56 AM
Last Post: fire219
  Forum Update not working with Tapatalk jsfrederick 6 1,777 05-31-2019, 06:36 AM
Last Post: Luke

Forum Jump:


Users browsing this thread: 1 Guest(s)