From owner-freebsd-questions@freebsd.org Sun Jul 26 16:09:22 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9B10D9A8990 for ; Sun, 26 Jul 2015 16:09:22 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 62CBE7B3 for ; Sun, 26 Jul 2015 16:09:22 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de (port-92-195-110-127.dynamic.qsc.de [92.195.110.127]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 0E205276C3; Sun, 26 Jul 2015 18:09:13 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id t6QG9DlK002196; Sun, 26 Jul 2015 18:09:13 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Sun, 26 Jul 2015 18:09:13 +0200 From: Polytropon To: Ian Smith Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD Forum access problem (was Re: Endless Data Loss) Message-Id: <20150726180913.bfa82863.freebsd@edvax.de> In-Reply-To: <20150726233449.M17327@sola.nimnet.asn.au> References: <20150726233449.M17327@sola.nimnet.asn.au> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2015 16:09:22 -0000 On Sun, 26 Jul 2015 23:58:25 +1000 (EST), Ian Smith wrote: > In freebsd-questions Digest, Vol 581, Issue 7, Message: 9 > On Sat, 25 Jul 2015 20:03:43 +0200 Polytropon wrote: > > On Sat, 25 Jul 2015 09:23:51 -0700, jungle Boogie wrote: > > > On 25 July 2015 at 06:51, Polytropon wrote: > > > > I've tried back and forth with Opera (version 11.50/1074 here). > > > > From "about:config" with the search terms "tls" and "ssl" and > > > > through Tools -> Preferences -> Advanced -> Security... I just > > > > keep getting this "helpful" message: > > > > > > > > https://forums.freebsd.org/ > > > > > > > > Error > > > > > > > > Could not connect to remote server > > > > Check that the address is spelled correctly, > > > > or try searching for the site. > > > > > > > > > Can you access https://www.freebsd.org/ ? > > > > Yes, that page never stopped working. > > > > > Both have a preferred cipher of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > > > > Interesting... so what's the significant difference here? > > That's not the problem. The problem with the forums site is that it no > longer allows connections using SSLv3 or TLS 1.0 .. it requires at least > TLS 1.1 now, and might later accept only TLS 1.2, even just for reading. Thank you for clarification! I've set the security options to only (!) allow TLS 1.1 and 1.2, _no_ SSL v3 or TLS 1.0, and now I can connect to the forum again. I'll check now if the other few websites I visit will be "impacted" by that configuration change. Sometimes, just that kind of "little pointer" can solve an unpleasant problem. Thanks again! -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...