Forum issues after the cluster move
#1
I sometimes access this site from an older computer which is stuck on an older Firefox ESR version. There are still no SSL errors on e.g. www.pine64.org, but after the move forum.pine64.org now gives:

An error occurred during a connection to forum.pine64.org. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

It can only be accessed by using plain http.
  Reply
#2
If you can get me a list of the SSL cyphers that the old Firefox ESR install supports, I'll see what can be done to fix this.
Community administrator and sysadmin for PINE64
(Translation: If something breaks on the website, forum, or chat network, I'm a good person to yell at about it)

  Reply
#3
It's Firefox 45.9.0esr, released 2017.04.19, the last pre-Electrolysis ESR version.

According to ssllabs' database, it supports TLS 1.2.
https://www.ssllabs.com/ssltest/viewClie...07&key=127

According to their server test,
https://www.ssllabs.com/ssltest/analyze....219.133.83

The forum supports TLS 1.2 & 1.3, but the handshake simulation section shows,
Firefox 31.3.0 ESR / Win 7 - Server sent fatal alert: handshake_failure
Firefox 47 / Win 7 R - Server sent fatal alert: handshake_failure
Firefox 49 / XP SP3 - RSA 2048 (SHA256) - TLS 1.2 > http/1.1

and a number of other TLS 1.2 browsers getting bumped to plain http.

Looking at the specific TLS 1.2 cipher suites supported, there is just no overlap. The still-good ones FF45 supports would be,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128

and the closest the server has enabled are,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 4096 bits FS 256

(but it does have one weak one enabled.)


Also, www.pine64.org is available via IP6, but according to their testing the SSL config is out of sync with the IP4 one & substantially behind it (e.g. no TLS 1.3):
https://www.ssllabs.com/ssltest/analyze....a136%3a207
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Suggested UX improvements for forum site Stevie-O 14 861 06-03-2020, 09:18 AM
Last Post: lot378
  Please create a PineTab section in the forum eaglecup 1 422 05-20-2020, 06:07 AM
Last Post: tophneal
Exclamation Unresolved issues with rk3399 UART and PBP adapter voltage z4v4l 3 367 02-20-2020, 07:47 PM
Last Post: z4v4l
Question Is there a forum for PineTab? Danct12 3 992 01-31-2020, 08:23 PM
Last Post: InsideJob
  Forum Login Failure neilman 3 383 11-07-2019, 12:07 PM
Last Post: tophneal
  Minor forum suggestion about "View New Posts", "View Today's Posts" Thra11 3 287 08-14-2019, 05:47 PM
Last Post: fire219
  Forum login problems with Chromebook jiyong 4 424 08-09-2019, 04:36 AM
Last Post: jiyong
  Account delete on Pine64 Forum User 12599 1 585 07-11-2019, 08:56 AM
Last Post: fire219
  Forum Update not working with Tapatalk jsfrederick 6 829 05-31-2019, 06:36 AM
Last Post: Luke
Information Moderation Forum Rules & Expectations for Discussion and Decorum MarkHaysHarris777 1 22,538 09-14-2016, 02:27 AM
Last Post: Ghost

Forum Jump:


Users browsing this thread: 1 Guest(s)