On 2017/02/16 10:18, Danchev, Lambri wrote:
> Dear OpenBSD Team,
> Recently I red article describing security and releability of OpenBSD.
> I had made attempt to visit your web site https://www.openbsd.org/, but 
> couldn't open even the front page as per next error:
> ssl_error_protocol_version_alert
> Which tells me that something in your security certificates is not OK.
> Please, find next screenshots from FireFox and Internet Explorer browsers.
> Both browsers reported one and the same issue - your website could not be 
> opened using secure "https" protocol.

I suspect you may have a corporate proxy or "security" device that is
doing a man-in-the-middle of your SSL connections, and is unable to cope
with modern security (https://www.openbsd.org *only* offers TLSv1.2, no
earlier version).

Please check some other website and verify the certificate issuer (e.g.
the certificate for https://www.letsencrypt.org/ should be issued by
IdenTrust's TrustID Server CA A52). If this is showing some other signing
CA then this is almost certainly the cause.

A recent review of security of this type of device shows many that only
support TLSv1.0. The original paper 
is currently offline (404) but google has a cached copy.


Reply via email to