On 2017/02/16 10:18, Danchev, Lambri wrote:
> Dear OpenBSD Team,
> 
> Recently I red article describing security and releability of OpenBSD.
> I had made attempt to visit your web site https://www.openbsd.org/, but 
> couldn't open even the front page as per next error:
> 
> ssl_error_protocol_version_alert
> 
> Which tells me that something in your security certificates is not OK.
> Please, find next screenshots from FireFox and Internet Explorer browsers.
> Both browsers reported one and the same issue - your website could not be 
> opened using secure "https" protocol.

I suspect you may have a corporate proxy or "security" device that is
doing a man-in-the-middle of your SSL connections, and is unable to cope
with modern security (https://www.openbsd.org *only* offers TLSv1.2, no
earlier version).

Please check some other website and verify the certificate issuer (e.g.
the certificate for https://www.letsencrypt.org/ should be issued by
IdenTrust's TrustID Server CA A52). If this is showing some other signing
CA then this is almost certainly the cause.

A recent review of security of this type of device shows many that only
support TLSv1.0. The original paper 
https://jhalderm.com/pub/papers/interception-ndss17.pdf
is currently offline (404) but google has a cached copy.

https://webcache.googleusercontent.com/search?q=cache:Igg-o2pcwyYJ:https://jhalderm.com/pub/papers/interception-ndss17.pdf+&cd=3&hl=en&ct=clnk&gl=uk&client=firefox-b

Reply via email to