Hi Kim,
Zitat von Kim Alvefur <[email protected]>:
Hello Nikolaus,
On 2014-04-16 14:50, Nikolaus Polak wrote:
some of the users of 0nl1ne.at noticed me that connections to specific
servers are not reliable since a few days (working only in one
direction), and because I have no idea where this comes from (contacted
already one admin of one of these servers, cluster.sx - he said he did
only a openssl upgrade, and I updated the CaCert certificate for
0nl1ne.at), I'm writing now to this nice list.
I note that your other hosts has StartCom certificates, so this is
likely to do with CAcert.org.
Two things: CAcert.org has been removed from the default CAs in Debian¹
and Ubuntu² recently, so these might no longer be trusted by some host.
However there's still Dialback, so this might not be noticed.
Secondly, CAcert.org recently switched to SHA2-512 signatures³, which
has been criticized⁴ because this there are known compatibility issues.
And I guess this one was the point, as communication between the other
servers works without problems. I just switched from the CaCert
certificate to a self-signed, no problems now with 0nl1ne.at s2s
communications.
Hoping to be able to switch back soon, I like CaCert more than
self-signed ones.
Thanks,
--
Mit freundlichen Grüßen / with best regards,
Nikolaus Polak - http://nikolauspolak.info
