HTTPS issue with the main site and forum

[leolam]

I am currently having HTTPS warnings when accessing dolphin-emu.org and forums.dolphin-emu.org because the common names don't match. Looks like the certs are for AlwaysData instead of dolphin-emu.org. Am I the only one getting this?

[JosJuice]

I got this too. Seems to be fixed now, though.

[zackoftrades333]

ISSUE NOT RESOLVED!!!

I just had the same thing happen to me, and the only browser that works that I've tested (which is many) is a portable legacy opera browser (which I have to enable ssl3).

Please fix this issue because I rather use the latest chrome or Firefox, TY.


I can't visit anything from this site, forum main-page and all. I even enabled tls fall-back and everything I found from a wild-goose-chase trying to fix this problem.
I can ping this site and view through a proxy site though...

[Aleron Ives]

I get "connection interrupted" errors about 50% of the time when trying to load the site, but it works if I reload the page. This problem didn't occur in the past, so I'm not sure what's changed.

[leolam]

@zackoftrades333: well, this isn't possible as SSLv3 is disabled server-side. So it sounds like there is something wrong on your end… perhaps a transparent proxy, a firewall or something else is tampering with HTTPS connections?

However, there is something wrong with the server according to ssllabs.com: it's reportedly vulnerable to the DROWN attack.

[Helios]

I'll get that error half the time if I'm in an SSH tunnel only on Firefox. Never on Chrome. Refreshing a couple times usually works

[Intruso]

I suffer the error constantly. I'm using just the common Firefox without firewalls or anything weird.

[leolam]

Are you getting the common name mismatch or something else? If it's not the CN issue, I think it may be more appropriate to create another thread.

[BFeely]

Hi. I noticed someone was running the SSL Labs test on forums.dolphin-emu.org. It appears you need to revoke your certificate, generate a brand new RSA key, and obtain a new certificate; SSL Labs is giving your domain a grade of F for being vulnerable to the DROWN vulnerability; see https://www.ssllabs.com/ssltest/analyze.html?d=forums.dolphin-emu.org

Also, Google Chrome also indicates mixed content on this specific page due in part to the embedded image being loaded from regular http; if the user or a moderator edit the http to https it should be fixed; the image host supports HTTPS.

[zackoftrades333]

(04-06-2016, 09:26 PM)leolam Wrote: @zackoftrades333: well, this isn't possible as SSLv3 is disabled server-side. So it sounds like there is something wrong on your end… perhaps a transparent proxy, a firewall or something else is tampering with HTTPS connections?

However, there is something wrong with the server according to ssllabs.com: it's reportedly vulnerable to the DROWN attack.

Don't know what to tell ya   . I don't have any firewalls except for windows firewall, and its not blocking it. Also don't have any proxies up besides when visiting site though firefox as mentioned before. Site is https://proxy-nl.hide.me/index.php, not sure that matters though.

Also, it seems that the ssl3 thing doesn't seem to happen on all pages of the site now. But when it does, this happens if I don't enable it:


That browser at least has an option to allow the mismatched domain and certificate problem previously mentioned, where if I use anything modern like the current opera, firefox, IE that comes w/ windows 8.1, or chrome, it always gives me a connection error with no options at all.


Could this all be fixed if the host of the site just got a new certificate that actually matches the URL?