[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue accessing https://git.libssh.org

Subject: Re: Issue accessing https://git.libssh.org
From: Tilo Eckert <tilo.eckert@xxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Wed, 28 Jun 2017 15:40:00 +0200
To: libssh@xxxxxxxxxx

Am 28.06.2017 um 13:42 schrieb Andreas Schneider:
> On Wednesday, 28 June 2017 12:43:14 CEST Tilo Eckert wrote:
>> Hi,
> 
> Hi Tilo,
> 
>> I am experiencing a re-occuring issue when accessing
>> https://git.libssh.org with Firefox. When requesting a page for the
>> first time after browser startup or after not accessing the site for a
>> while, I get an SSL error page with the error code
>> NS_ERROR_NET_INADEQUATE_SECURITY.
>>
>> Refreshing the page causes it to load successfully and I can navigate
>> the site. When idling on one page for a couple of minutes, the issue
>> reappears on the next page request.
>>
>> If the server is configured for HTTPS2, this post might be relevant:
>> https://support.mozilla.org/en-US/questions/1139019
> 
> Thanks!
> 
> Please retry.

The issue still persists. I think the reason is that the cipher suite
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is negotiated which is blacklisted in
HTTP/2. Firefox probably falls back to HTTP/1.1 when negotiation failed
for a recent previous request.

See RFC 7540 for all blacklisted suites:
https://tools.ietf.org/html/rfc7540#page-83

Regards,
Tilo

Follow-Ups:
Re: Issue accessing https://git.libssh.org	Andreas Schneider <asn@xxxxxxxxxxxxxx>

References:
Issue accessing https://git.libssh.org	Tilo Eckert <tilo.eckert@xxxxxxx>
Re: Issue accessing https://git.libssh.org	Andreas Schneider <asn@xxxxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org