search

servo / servo.org_2014-2020

Main website for Servo.
https://servo.org
Mozilla Public License 2.0
13 stars 31 forks source link

Website HTTPS is broken #87

Closed alexkreidler closed 4 years ago

alexkreidler commented 4 years ago

When I go to https://servo.org/, I get

image

because the site now uses HSTS. 

curl -vkL https://servo.org/
*   Trying 104.31.74.227:443...
* TCP_NODELAY set
* Connected to servo.org (104.31.74.227) port 443 (#0)
* ALPN, offering http/1.1
* WARNING: disabling hostname validation also disables SNI.
* Server aborted the SSL handshake
* Closing connection 0
curl: (35) Server aborted the SSL handshake

whereas curl -vkL http://servo.org/ works fine

Darkspirit commented 4 years ago

-k, --insecure Allow insecure server connections when using SSL

WARNING: disabling hostname validation also disables SNI.

You must use SNI when connecting to Cloudflare, otherwise you don't talk with servo.org.

What does Firefox say if you click on "Advanced"? servo.org is properly configured. https://www.ssllabs.com/ssltest/analyze.html?d=servo.org&s=104.31.74.227

You probably have misbehaving anti virus snakeoil software. You might need to disable its Man in the Middle attack snooping feature ("HTTPS scanning") or to import its CA certificate into Firefox. https://support.mozilla.org/en-US/kb/error-codes-secure-websites#w_antivirus-products

Third-party antivirus software can interfere with Firefox's secure connections. We recommend uninstalling your third-party software and using the security software offered for Windows by Microsoft

(Yes, I see that you are using MacOS. I don't know what your problem otherwise could be at this point. Your system clock could be wrong)

alexkreidler commented 4 years ago

Huh, ok I just tested this through a VPN outside my firewall and it works fine. Sorry for wasting your time! Thanks for a great project