Hi Joe,

> My bet is that the update is what caused it to break.

Looks so ineed!


The link from your previous mail is interesting:

   https://www.ssllabs.com/ssldb/analyze.html?d=https://app.7fach.de

If I understand the diagnosis right

      Protocols
      TLS 1.2                   No
      TLS 1.1                   No
      TLS 1.0                   Yes
      SSL 3.0                   Yes
      SSL 2.0+ upgrade support  Yes
      SSL 2.0   INSECURE        Yes

Then SSL 2.0 is a major problem.


To test it, I changed "src/httpGate.c"

   177c177
   <       if (!(ctx = SSL_CTX_new(SSLv23_server_method())) ||
   ---
   >       if (!(ctx = SSL_CTX_new(SSLv3_server_method())) ||

to use only SSL version 3 (not allowing 2, if I understand it right).


With that, https://app.7fach.de works for me (FF 3.5.15, w3m, chromium)
as good as ever. However, The ssllabs.com analyzer tells me:

   Assessment failed: Connection reset

   Common Error Messages

    • Connect timed out - server did not respond to our connection request
    • No route to host - unable to reach the server
    • Unable to connect to server - failed to connect to the server
    • Unrecognized SSL message, plaintext connection? - the server responded 
with plain-text HTTP on HTTPS port

   Known Issues

    • Could not generate DH keypair - due to a known problem with the 
underlying SSL library (Sun's JSSE implementation)
      we are unable to assess the sites that only offer DHE handshakes stronger 
than 1024 bits.

How is THAT do understand? Can't it access SSLv3?

MoreAndMoreConfused,
- Alex
-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Reply via email to