[xwiki-users] HTTPS: No ciphers offerred?

2017-03-20 Thread Douglas Landau 
Greets,

I've enabled HTTPS on my XWiki.  But when I surf there, I get a failure with no 
explanation from Chrome, and this from IE:
--
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting 
to https://pwswiki10.westmarine.net  again. If this error persists, it is 
possible that this site uses an unsupported protocol or cipher suite such as 
RC4 (link for the details), which is not considered secure. Please contact your 
site administrator.
--

When I hit the site with this nmap command to enumerate the available ciphers, 
I get none.
# nmap --script ssl-enum-ciphers -p 443 pwswiki10


I googled it, and it looks like there was once some text about this problem on 
the XWiki site, something about re-enabling TLS, but when I click the link I 
land on the administration manual's Configuration page, which has a lot of good 
stuff but not the bit about re-enabling TLS.

I found the "ExcludeCipherSuites" section in jetty-ssl.xml, and tried 
commenting it out, but still get no ciphers. 
I tried adding the following section, but still get no ciphers:



  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_AES_128_CBC_SHA256
  TLS_RSA_WITH_AES_128_GCM_SHA256
  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_AES_256_CBC_SHA256
  TLS_RSA_WITH_AES_256_GCM_SHA384

  
--

Seems like maybe I need to find the equivalent of this line from httpd.conf:
SSLProtocol -ALL +TLSv1.1 +TLSv1.2

I am searching the archives.  Meanwhile can anyone point me to what I am doing 
wrong /, or to an example of how that IncludeCipherSuites block should be?


Thanks
Doug


The information contained in this transmission may contain West Marine 
proprietary, confidential and/or privileged 
information.  It is intended only for the use of the person(s) named above. If 
you are not the intended recipient, you are 
hereby notified that any review, dissemination, distribution or duplication of 
this communication is strictly prohibited. 
If you are not the intended recipient, please contact the sender by reply email 
and destroy all copies of the original 
message. To reply to our email administrator directly, please send an email to 
netad...@westmarine.com.

Re: [xwiki-users] catch error on include macro

2017-03-20 Thread Vincent Massol 

> On 20 Mar 2017, at 15:44, Gerritjan Koekkoek  wrote:
> 
> 
> 
> Verstuurd vanaf mijn iPhone
> 
>> Op 20 mrt. 2017 om 13:17 heeft Vincent Massol  het 
>> volgende geschreven:
>> 
>> Hi,
>> 
>>> On 20 Mar 2017, at 13:08, Gerritjan Koekkoek  
>>> wrote:
>>> 
>>> I'm using: {{include document=".yyy"/}} quite a lot.
>>> 
>>> When using it on a page where the current user has not the rights to view I 
>>> get velocity error box!
>>> 
>>> 
>>> Is it possible to give the user some hint instead of the error:
>>> 
>>> 
>>> Like: "To read the complete content of this page you need to login!" with a 
>>> link to Login…
>> 
>> This is not related to logging in or not… It’s related to not having view 
>> rights on the page… You can prevent some users or groups from having view 
>> rights on any page/children even if the user is logged in.
>> 
>> Now if you’re on page that shouldn’t work if the user is not logged in 
>> (because it includes another page for which the user doesn’t have view 
>> rights), then it probably means you have some wrong permissions set for the 
>> current page and it should probably not be viewable by the user.
>> 
> This assumption is not always true. This page has text that can be Viewed by 
> guest and included a page that can/should not be viewed...
> In particular it should work to convince the reading user to consider login 
> or registration and login. The velocity error will probably have the opposite 
> effect…

This is something specific to you and you could implement it using a velocity 
macro and using an #if (and only do the include if the condition is true).

Thanks
-Vincent

> Thanks
>> -Vincent
>> 
>>> Gerritjan Koekkoek
>>> Vader van Rai Koekkoek (cdls) en voorzitter vereniging CdLS
>>> Visit our website
>>> Facebook
>>> email

Re: [xwiki-users] catch error on include macro

2017-03-20 Thread Gerritjan Koekkoek 


Verstuurd vanaf mijn iPhone

> Op 20 mrt. 2017 om 13:17 heeft Vincent Massol  het 
> volgende geschreven:
> 
> Hi,
> 
>> On 20 Mar 2017, at 13:08, Gerritjan Koekkoek  wrote:
>> 
>> I'm using: {{include document=".yyy"/}} quite a lot.
>> 
>> When using it on a page where the current user has not the rights to view I 
>> get velocity error box!
>> 
>> 
>> Is it possible to give the user some hint instead of the error:
>> 
>> 
>> Like: "To read the complete content of this page you need to login!" with a 
>> link to Login…
> 
> This is not related to logging in or not… It’s related to not having view 
> rights on the page… You can prevent some users or groups from having view 
> rights on any page/children even if the user is logged in.
> 
> Now if you’re on page that shouldn’t work if the user is not logged in 
> (because it includes another page for which the user doesn’t have view 
> rights), then it probably means you have some wrong permissions set for the 
> current page and it should probably not be viewable by the user.
> 
This assumption is not always true. This page has text that can be Viewed by 
guest and included a page that can/should not be viewed...
In particular it should work to convince the reading user to consider login or 
registration and login. The velocity error will probably have the opposite 
effect...

> Thanks
> -Vincent
> 
>> Gerritjan Koekkoek
>> Vader van Rai Koekkoek (cdls) en voorzitter vereniging CdLS
>> Visit our website
>> Facebook
>> email
>> 
>> 
>> 
>

Re: [xwiki-users] catch error on include macro

2017-03-20 Thread Vincent Massol 
Hi,

> On 20 Mar 2017, at 13:08, Gerritjan Koekkoek  wrote:
> 
> I'm using: {{include document=".yyy"/}} quite a lot.
> 
> When using it on a page where the current user has not the rights to view I 
> get velocity error box!
> 
> 
> Is it possible to give the user some hint instead of the error:
> 
> 
> Like: "To read the complete content of this page you need to login!" with a 
> link to Login…

This is not related to logging in or not… It’s related to not having view 
rights on the page… You can prevent some users or groups from having view 
rights on any page/children even if the user is logged in.

Now if you’re on page that shouldn’t work if the user is not logged in (because 
it includes another page for which the user doesn’t have view rights), then it 
probably means you have some wrong permissions set for the current page and it 
should probably not be viewable by the user.

Thanks
-Vincent

> Gerritjan Koekkoek
> Vader van Rai Koekkoek (cdls) en voorzitter vereniging CdLS
> Visit our website
> Facebook
> email
> 
> 
>

[xwiki-users] catch error on include macro

2017-03-20 Thread Gerritjan Koekkoek 
I'm using: {{include document=".yyy"/}} quite a lot.

When using it on a page where the current user has not the rights to view I get 
velocity error box!


Is it possible to give the user some hint instead of the error:


Like: "To read the complete content of this page you need to login!" with a 
link to Login...


Gerritjan Koekkoek
Vader van Rai Koekkoek (cdls) en voorzitter vereniging CdLS
Visit our website
Facebook
email