+- Dolphin, the GameCube and Wii emulator - Forums (https://forums.dolphin-emu.org)
+-- Forum: Dolphin Site (https://forums.dolphin-emu.org/Forum-dolphin-site)
+--- Forum: Site Feedback and Questions (https://forums.dolphin-emu.org/Forum-site-feedback-and-questions)
+--- Thread: HTTPS issue with the main site and forum (/Thread-https-issue-with-the-main-site-and-forum)
Pages:
1
2
HTTPS issue with the main site and forum - leolam - 03-16-2016
I am currently having HTTPS warnings when accessing dolphin-emu.org and forums.dolphin-emu.org because the common names don't match. Looks like the certs are for AlwaysData instead of dolphin-emu.org. Am I the only one getting this?
RE: HTTPS issue with the main site and forum - JosJuice - 03-17-2016
I got this too. Seems to be fixed now, though.
RE: HTTPS issue with the main site and forum - zackoftrades333 - 04-06-2016
![[Image: New_Bitmap_Image.png]](http://s18.postimg.org/860igivqh/New_Bitmap_Image.png)
ISSUE NOT RESOLVED!!!
I just had the same thing happen to me, and the only browser that works that I've tested (which is many) is a portable legacy opera browser (which I have to enable ssl3).
Please fix this issue because I rather use the latest chrome or Firefox, TY.
I can't visit anything from this site, forum main-page and all. I even enabled tls fall-back and everything I found from a wild-goose-chase trying to fix this problem.
I can ping this site and view through a proxy site though...
RE: HTTPS issue with the main site and forum - Aleron Ives - 04-06-2016
I get "connection interrupted" errors about 50% of the time when trying to load the site, but it works if I reload the page. This problem didn't occur in the past, so I'm not sure what's changed.
RE: HTTPS issue with the main site and forum - leolam - 04-06-2016
@zackoftrades333: well, this isn't possible as SSLv3 is disabled server-side. So it sounds like there is something wrong on your end… perhaps a transparent proxy, a firewall or something else is tampering with HTTPS connections?
However, there is something wrong with the server according to ssllabs.com: it's reportedly vulnerable to the DROWN attack.
RE: HTTPS issue with the main site and forum - Helios - 04-07-2016
I'll get that error half the time if I'm in an SSH tunnel only on Firefox. Never on Chrome. Refreshing a couple times usually works
RE: HTTPS issue with the main site and forum - Intruso - 04-09-2016
I suffer the error constantly. I'm using just the common Firefox without firewalls or anything weird.
RE: HTTPS issue with the main site and forum - leolam - 04-09-2016
Are you getting the common name mismatch or something else? If it's not the CN issue, I think it may be more appropriate to create another thread.
RE: HTTPS issue with the main site and forum - BFeely - 04-09-2016
Hi. I noticed someone was running the SSL Labs test on forums.dolphin-emu.org. It appears you need to revoke your certificate, generate a brand new RSA key, and obtain a new certificate; SSL Labs is giving your domain a grade of F for being vulnerable to the DROWN vulnerability; see https://www.ssllabs.com/ssltest/analyze.html?d=forums.dolphin-emu.org
Also, Google Chrome also indicates mixed content on this specific page due in part to the embedded image being loaded from regular http; if the user or a moderator edit the http to https it should be fixed; the image host supports HTTPS.
RE: HTTPS issue with the main site and forum - zackoftrades333 - 04-09-2016
(04-06-2016, 09:26 PM)leolam Wrote: @zackoftrades333: well, this isn't possible as SSLv3 is disabled server-side. So it sounds like there is something wrong on your end… perhaps a transparent proxy, a firewall or something else is tampering with HTTPS connections?
However, there is something wrong with the server according to ssllabs.com: it's reportedly vulnerable to the DROWN attack.
Don't know what to tell ya
. I don't have any firewalls except for windows firewall, and its not blocking it. Also don't have any proxies up besides when visiting site though firefox as mentioned before. Site is https://proxy-nl.hide.me/index.php, not sure that matters though.Also, it seems that the ssl3 thing doesn't seem to happen on all pages of the site now. But when it does, this happens if I don't enable it:
![[Image: New_Bitmap_Image.png]](http://s14.postimg.org/jwqkpxx9d/New_Bitmap_Image.png)
That browser at least has an option to allow the mismatched domain and certificate problem previously mentioned, where if I use anything modern like the current opera, firefox, IE that comes w/ windows 8.1, or chrome, it always gives me a connection error with no options at all.
Could this all be fixed if the host of the site just got a new certificate that actually matches the URL?
