Forum issues after the cluster move
#1
I sometimes access this site from an older computer which is stuck on an older Firefox ESR version. There are still no SSL errors on e.g. www.pine64.org, but after the move forum.pine64.org now gives:

An error occurred during a connection to forum.pine64.org. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

It can only be accessed by using plain http.
#2
If you can get me a list of the SSL cyphers that the old Firefox ESR install supports, I'll see what can be done to fix this.
Community administrator and sysadmin for PINE64
(Translation: If something breaks on the website, forum, or chat network, I'm a good person to yell at about it)

#3
It's Firefox 45.9.0esr, released 2017.04.19, the last pre-Electrolysis ESR version.

According to ssllabs' database, it supports TLS 1.2.
https://www.ssllabs.com/ssltest/viewClie...07&key=127

According to their server test,
https://www.ssllabs.com/ssltest/analyze....219.133.83

The forum supports TLS 1.2 & 1.3, but the handshake simulation section shows,
Firefox 31.3.0 ESR / Win 7 - Server sent fatal alert: handshake_failure
Firefox 47 / Win 7 R - Server sent fatal alert: handshake_failure
Firefox 49 / XP SP3 - RSA 2048 (SHA256) - TLS 1.2 > http/1.1

and a number of other TLS 1.2 browsers getting bumped to plain http.

Looking at the specific TLS 1.2 cipher suites supported, there is just no overlap. The still-good ones FF45 supports would be,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128

and the closest the server has enabled are,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 4096 bits FS 256

(but it does have one weak one enabled.)


Also, www.pine64.org is available via IP6, but according to their testing the SSL config is out of sync with the IP4 one & substantially behind it (e.g. no TLS 1.3):
https://www.ssllabs.com/ssltest/analyze....a136%3a207


Possibly Related Threads…
Thread Author Replies Views Last Post
  star64 bootable images, u-boot, sbi, forum? hexdump 4 2,235 11-12-2024, 05:02 AM
Last Post: Paul Avery
  Link USB power strips for a cluster? shanefe 1 955 04-02-2024, 11:11 PM
Last Post: evilbunny
  Forum Recommendations for Pine64 support? backwoodstech2 0 812 02-04-2024, 07:12 PM
Last Post: backwoodstech2
  Im thinking of building a Pine64 cluster Theirat1991 1 1,197 01-12-2024, 03:31 AM
Last Post: KC9UDX
  Link USB power strips for a cluster? DevonBirch 4 4,249 08-10-2023, 09:11 PM
Last Post: halibutdreary
  RSS feed for the forum power46 1 1,147 08-01-2023, 02:02 AM
Last Post: ericssonmere
  Why are you using MyBB for this forum? notramo 6 6,288 05-24-2023, 07:44 PM
Last Post: Kevin Kofler
  Change the forum's software to Discourse Liz_34 11 5,028 01-25-2023, 08:04 PM
Last Post: Kevin Kofler
  Own sub for PineBuds Pro to this forum Liz_34 0 1,067 01-12-2023, 12:04 PM
Last Post: Liz_34
  Issues with PinePower Desktop superkamiguru 0 983 10-24-2022, 07:43 AM
Last Post: superkamiguru

Forum Jump:


Users browsing this thread: 1 Guest(s)