Meta.discourse.org issue on Firefox


#1

I have an issue on Firefox, meta.discourse.org doesn’t work, Firefox seems to block the website with an error message : the connection is not secure

NS_ERROR_NET_INADEQUATE_SECURITY

(The rest is in french)

On 1 of 10 refresh, I have another error message

SSL_ERROR_ILLEGAL_PARAMETER_ALERT

Is it only me ?

(No problem at all on Chrome, Opera, Windows Phone)


Is there a version that addresses sweet32
(Matt Palmer) #2

Which version of Firefox are you running? I’ve recently made some changes to the SSL config to mitigate the sweet32 attack, so perhaps I poked something else accidentally. A translation of the French error message might be useful, too, even if it’s just a quick Google Translate job – hopefully the gist of it will come through.

ETA: Is this roughly what the French text is saying?

meta.discourse.org uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.


#3

I have the latest version 48.0.1 (64 bits)

This is the message I have yes


(Francis Brunelle) #4

I also get the same error using Firefox 48.0.1. Not just on meta.discourse.org, but also on other forums that are hosted by the Discourse team.


(Matt Palmer) #5

Yeah, clearly something’s not right in the cipher suite selection. Strangely, SSL Labs still gives us an A+. I’ll investigate further and update here when I’ve got news.


(Matt Palmer) #6

OK, some more updates: it looks like the HTTP/2 spec gets a little aggressive about things which, IMO, aren’t really in its bailiwick. I’m going through that now to see what I’ve done wrong.


#7

It works now.

I didn’t try for 30 minutes, but you have found the solution I guess


(Matt Palmer) #8

Yes, the solution has been found. Firefox came good a little while ago, but my fix caused issues, in turn, for lesser browsers (coughIEcough), so I spent the time fixing those up before rolling out the Mission Accomplished banner.

I have some very unflattering things to say about the HTTP/2 spec authors. Let’s just leave it at that.


(Jeff Atwood) #9