biancini
commented
6 years ago @nicoleharris what's your suggestion on this? Should we try to direct this issue to UNINET or do you suggest we move out of discojuice CDN?
Closed thijskh closed 6 years ago
biancini
commented
6 years ago @nicoleharris what's your suggestion on this? Should we try to direct this issue to UNINET or do you suggest we move out of discojuice CDN?
jaimeperez
commented
6 years ago Hi guys,
I've just told Brook, but in any case: UNINETT does not run that. I believe it was Leif who set it up.
thijskh
commented
6 years ago The SSLLabs rating has changed, but it is still broken. See: https://www.ssllabs.com/ssltest/analyze.html?d=cdn.discojuice.org&s=99.198.110.253&hideResults=on section "Handshake Simulation". Current settings do not work with either Firefox or Chrome.
nicoleharris
commented
6 years ago I've asked Leif to investigate and come up with a solution. It's a samlbits issue. If they can find a fix, I will update
dnmvisser
commented
6 years ago It's got an A now and it looks like it's pretty strict.
In any case I can connect to it with latest Firefox and Chrome etc.
thijskh
commented
6 years ago Yes, SSL-wise it works now. Thanks!
I do get an error 500 on https://met.refeds.org/saml2/acs/, but probably should file a separate issue about that…
dnmvisser
commented
6 years ago Correct!
When I try to login to MET I cannot select my IdP. This seems to be caused by MET using something called
cdn.discojuice.netwhich has an extremely insecure SSL config. So insecure that stock Firefox plainly refuses to connect to it.See: https://www.ssllabs.com/ssltest/analyze.html?d=cdn.discojuice.org&s=99.198.110.253&hideResults=on