Closed rstens closed 4 years ago
@rstens seems to be fine under Chrome. It looks like the certificate chain is loaded correctly.
An overall grading of a C. That's not great by any measure. SSL_Server_Test_dev.bcregistry.ca.pdf
Priority 1 bug.
Sent from my iPhone
On Dec 19, 2019, at 8:20 PM, thor notifications@github.com<mailto:notifications@github.com> wrote:
Assigned #2198https://github.com/bcgov/entity/issues/2198 to @Kaineatthelabhttps://github.com/Kaineatthelab.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHubhttps://github.com/bcgov/entity/issues/2198?email_source=notifications&email_token=AIRHOIMFEMOITFKXGEH3PFLQZRB2DA5CNFSM4J5UHDM2YY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOVTJSHVQ#event-2899518422, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AIRHOILSYNSMKZH3IK7QCG3QZRB2DANCNFSM4J5UHDMQ.
Is there a correlation with the TLS 1.0 version still being the only supported one?
WAM has five tickets open for this, due to the variety of applications behind *.bcregistry.ca. To make it easier on WAM we're closing ours and letting Dave McKinnon deal with it, since he has the oldest servers hosting the highest profile applications.
Yes, it's due to both the TLS version, as well as the cipher suite in use). Chrome 81 (March 17) will not allow access to TLS1.0 and TLS1.1 sites. Likewise Firefox 74 (March 10).
See also #1487.
Closing this ticket per Walter's note above.
Describe the bug Firefox does not trust dev.bcregistry.ca because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.
The Certificateseems to be valid and correct
To Reproduce Steps to reproduce the behavior:
Expected behavior No Error, functionality is now blocked.
Screenshots
Desktop (please complete the following information):