On Sun, Mar 3, 2024 at 2:02 PM Jeffrey Walton <noloa...@gmail.com> wrote: > > On Sun, Mar 3, 2024 at 1:47 PM Marcelo Laia <marcelol...@gmail.com> wrote: > > > > Hello Debian users! > > > > When accessing the website https://gontijoonibus.gontijo.com.br/ on Firefox > > Android (on my smartphone), the site is accessed normally. However, when > > attempting to access this site on the desktop, Debian Firefox-ESR version > > 115.8.0esr (64-bit), the following error occurs: > > > > Secure Connection Failed > > An error occurred during a connection to gontijoonibus.gontijo.com.br. > > The page you are trying to view cannot be displayed because the > > authenticity of the received data could not be verified. > > Please contact the website owners to inform them of this problem. > > According to OpenSSL and the default CA list on Ubuntu 22.04, the > connection looks Ok. The problem appears to be more than a simple > problem connecting. > > If I had to hazard a guess, I would start with the wildcard in the > Common Name (CN) shown below. I know the CA/Browser Baseline > Requirements changed recently, and CN is now a SHOULD NOT. Wildcards > have been frowned upon but not forbidden. Maybe the browsers are > moving against wildcards in the CN now. > > Note: tooling, like cURL, OpenSSL and Wget follow the IETF's Internet > PKI (PKIX). Browsers follow the CA/Browsers Baseline Requirements (Web > PKI). They mostly overlap, but they have a fair amount of differences > once you accumulate some knowledge about them. > > And the IETF lawyers wrote a nasty letter to the W3C a couple of years > ago because the W3C was publishing incompatible standards. See > <https://www.ietf.org/media/documents/2023.01.26_Correspondence_IETF.pdf>. > And from my observations, the CA/Browser Forums have been doing the > same thing. So I would not be surprised if there's an incompatible > change between PKIX and Web PKI. > > <CODE> > $ echo -e 'GET / HTTP/1.1\r\n\r\n' | openssl s_client -connect > gontijoonibus.gontijo.com.br:443 -servername > gontijoonibus.gontijo.com.br > CONNECTED(00000003) > depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert > Global Root G2 > verify return:1 > depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte > TLS RSA CA G1 > verify return:1 > depth=0 CN = *.gontijo.com.br > verify return:1 > --- > Certificate chain > 0 s:CN = *.gontijo.com.br > i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA > G1 > a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 > v:NotBefore: May 9 00:00:00 2023 GMT; NotAfter: May 8 23:59:59 2024 GMT > 1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA > G1 > i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert > Global Root G2 > a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 > v:NotBefore: Nov 2 12:24:25 2017 GMT; NotAfter: Nov 2 12:24:25 2027 GMT > 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert > Global Root G2 > i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert > Global Root G2 > a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 > v:NotBefore: Aug 1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIGITCCBQmgAwIBAgIQB7Bs73IlM/884Dqb8/YZoTANBgkqhkiG9w0BAQsFADBe > MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 > d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRUaGF3dGUgVExTIFJTQSBDQSBHMTAe > Fw0yMzA1MDkwMDAwMDBaFw0yNDA1MDgyMzU5NTlaMBsxGTAXBgNVBAMMECouZ29u > dGlqby5jb20uYnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoYUM > EjKsU7gHu5iZpkwZkwJGyMe1l5d1+YVUJLkB23vxGXxSRoYVOqhPR/sbvyue0FFA > OwbKriu+XjXA/dCOC6hEX9UbvHK9i5YFaPbJIDkwZKuA3SltFSyJsuRNP7dpYEkY > uxZ4pcLBtEAh9+im1g5l4ubrFDrxdr5Wvjne6viDyZ+40Alc+i1pirlymsD7k6tH > 4bLaR+qopr6YqufzOkWlcodNbCnQ3TF1ZOVppwJDYvWaROQ8WcUC5c3v4TDYcXrq > YasWMtN2GL+UwQL4Gc/q9slkpG1ML8lX50CwxhGAngjz8PdNq9ql+kHa9XfTx+5G > DYrshriHimk9POppAgMBAAGjggMcMIIDGDAfBgNVHSMEGDAWgBSljP4yzOsPLNQZ > xgi4ACSIXcPFtzAdBgNVHQ4EFgQUOgqjT5nVOc1VYZ8vm/Y80TI7UIEwKwYDVR0R > BCQwIoIQKi5nb250aWpvLmNvbS5icoIOZ29udGlqby5jb20uYnIwDgYDVR0PAQH/ > BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAy > MDCgLqAshipodHRwOi8vY2RwLnRoYXd0ZS5jb20vVGhhd3RlVExTUlNBQ0FHMS5j > cmwwPgYDVR0gBDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3 > dy5kaWdpY2VydC5jb20vQ1BTMHAGCCsGAQUFBwEBBGQwYjAkBggrBgEFBQcwAYYY > aHR0cDovL3N0YXR1cy50aGF3dGUuY29tMDoGCCsGAQUFBzAChi5odHRwOi8vY2Fj > ZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVRMU1JTQUNBRzEuY3J0MAkGA1UdEwQCMAAw > ggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8 > vOzew1FIWUZxH7WbAAABiABkUyYAAAQDAEcwRQIgfzcKflXhHpmu5GHg8S048cs8 > vpP1gxpdWDsSoIW7iBICIQDMDeAMb6rf8XcdLAxVXeScb4DE6WI73WrxLuhijv7O > +gB2AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABiABkUyUAAAQD > AEcwRQIgP46qqZOnzi6Zp+F30GBTHY5LpCR9uL55MFTS+XnRsv0CIQDTC52xy9Gl > xzzDqltvAGVq10MgnLY9rIvZMccRsEVgEAB2ANq2v2s/tbYin5vCu1xr6HCRcWy7 > UYSFNL2kPTBI1/urAAABiABkUvIAAAQDAEcwRQIgAtm8xShzPd6lmxA4dGyZzQKa > U6fmBbCDIkyqNnKgOtoCIQCx5g1X5GBvuqkBlQHIYeWQ4UB1tNEtYYN/z3D293Lf > LTANBgkqhkiG9w0BAQsFAAOCAQEARpS7/BX4uVMvOMGfTo92uZNMozhWJzE+5o+k > ARsyf8FPmTNjHs+Z6A+DWTQ/4AAJ+cRv9LJzHpXw4X/o3u6VF5+rma20q7eLupxg > wR42zPCAw0SvfgbPvJsEZ/PE2ydOcWQ2Td3jr5ef/mxuyDxf3t7UvwMAVJLcZgHw > eF+DSBvq+2T1td5/B8K85vjhF0PSjji39GH/aX//jv4m/lrplUTXu+dxFCoeMS1t > yD2XppYHTThvxHjOEs77GnLcvZZqX+21+K7b8QqmzHidCAapVGBNiGoyMhVhZq7B > aUH4Sou6JqALkvso5pLFdfk4Lg+sBpogecpqaK+W6SpBAAxoFQ== > -----END CERTIFICATE----- > subject=CN = *.gontijo.com.br > issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte > TLS RSA CA G1 > --- > No client certificate CA names sent > Peer signing digest: SHA256 > Peer signature type: RSA-PSS > Server Temp Key: X25519, 253 bits > --- > SSL handshake has read 4224 bytes and written 410 bytes > Verification: OK > --- > New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 > Server public key is 2048 bit > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 0 (ok) > --- > DONE > </CODE>
One other thing to note is information from <https://www.ssllabs.com/ssltest/analyze.html?d=gontijoonibus.gontijo.com.br>. It looks like the tool is reporting an error at the application layer (the request failed). So if we add the host: parameter to the HTTP request, we can see it also shows no document is returned: <CODE> $ echo -e 'GET / HTTP/1.1\r\n host: gontijoonibus.gontijo.com.br\r\n\r\n' | openssl s_client -connect gontijoonibus.gontijo.com.br:443 -servername gontijoonibus.gontijo.com.br CONNECTED(00000003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1 verify return:1 depth=0 CN = *.gontijo.com.br verify return:1 --- ... New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE </CODE> So the problem seems to be in the web server, and not in the TLS protocol. Jeff