Project

General

Profile

[website] projects.tigase.org certificate expired

Daniele Ricci
Added almost 3 years ago

Sorry I didn't know where else to write this. I just wanted to let you know that the certificate for this site has expired today.


Replies (8)

Added by Eric Dziewa almost 3 years ago

Thanks. We've taken care of it.

Added by Daniele Ricci almost 3 years ago

Ehm guys...

https://www.ssllabs.com/ssltest/analyze.html?d=projects.tigase.org

This server supports insecure Diffie-Hellman (DH) key exchange parameters (Logjam). Grade set to F.
This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F.
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
Intermediate certificate has a weak signature. Upgrade to SHA2 as soon as possible to avoid browser warnings.
This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
This server's certificate chain is incomplete. Grade capped to B.

The last error made git on Debian not working anymore because of certificate validation error.

Added by Daniel Wisnewski IoT 1 Cloud almost 3 years ago

Thanks Daniele, we've made an internal ticket to get this resolved.

Added by Eric Dziewa almost 3 years ago

All those issues have been fixed. Daniele Ricci can you confirm git is working on your Debian system?

Added by Daniele Ricci almost 3 years ago

Issue has been fixed, thank you!

Added by Daniele Ricci almost 3 years ago

Wait, now it doesn't work again. Here is the output from:

openssl s_client -connect repository.tigase.org:443
CONNECTED(00000003)
140684613084824:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1463678356
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

This morning was working.

Added by Eric Dziewa almost 3 years ago

An errant redirect as I was finishing up...

Added by Daniele Ricci almost 3 years ago

Working perfectly now. Thanks :)

    (1-8/8)