httpd vs TLS

To: tech-security%NetBSD.org@localhost
Subject: httpd vs TLS
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Wed, 16 Mar 2016 23:19:01 +0100

I wanted to update the httpd running on wip.pkgsrc.org to one that
supports https redirects.

So I copied the httpd directory from -current to wip (running NetBSD
7), built there and installed it.

Then I tried connecting to https://wip.pkgsrc.org and firefox went haywire.

First I got this:

https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean?redirectlocale=en-US&redirectslug=how-resolve-weak-crypto-error-messages-firefox

then I allowed it to "connect to wip.pkgsrc.org using outdated
security" or something, and then it switched to

"Secure Connection Failed

An error occurred during a connection to wip.pkgsrc.org. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. Error code: SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites
"

I've now replaced it with the NetBSD 7 version of httpd, which doesn't
throw these warnings.

Please choose the default SSL settings for httpd in such a way that it
can be used without throwing errors in firefox.

Thanks,
 Thomas

Follow-Ups:
- Re: httpd vs TLS
  - From: tr
- Re: httpd vs TLS
  - From: Mateusz Kocielski

Prev by Date: Re: SHA3 implementation in src
Next by Date: Re: httpd vs TLS
Previous by Thread: SHA3 implementation in src
Next by Thread: Re: httpd vs TLS
Indexes:

Home | Main Index | Thread Index | Old Index