Solved Anyone could access openbsd.org?

  • Thread starter Deleted member 63539
  • Start date
D

Deleted member 63539

Guest


I'm always greeted with Secure Connection Failed.

Code:
An error occurred during a connection to www.openbsd.org. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
 

20-100-2fe

Well-Known Member

Reaction score: 364
Messages: 303

It works fine with Firefox, so the problem may be on your browser's side.
 
OP
D

Deleted member 63539

Guest


It works fine with Firefox, so the problem may be on your browser's side.
It can't be. Firefox on both FreeBSD and Linux give the same error. It's been so for more than two days.
 
OP
D

Deleted member 63539

Guest


It can't be. Firefox on both FreeBSD and Linux give the same error. It's been so for more than two days.
It seemed you are right. I can access the site via an online proxy service.
 

ralphbsz

Son of Beastie

Reaction score: 2,357
Messages: 3,243

Strange. I went there last night to check, and it worked. Just going there right now, and it still works. Example: Surprised to see that OpenBSD supports the Raspberry Pi 3. I fear you have some local problem.
 
OP
D

Deleted member 63539

Guest


FWIW there were some cloudflare and Level3 issues, but as far as I know, they began Sunday (EDT) morning. Cloudflare site now showing all operational, but here's a slashdot article on it. https://tech.slashdot.org/story/20/08/30/1634240/major-internet-outage-dozens-of-sites-are-down
Yesterday, I have problem with sourceforge and many other sites. They loaded very slow and worked very unreliable. I can't download SparkyLinux from sourceforge and because they only provide download via sourceforge or osdn (too slow) I downloaded and installed MX Linux instead. Typing from MX KDE now.
 
OP
D

Deleted member 63539

Guest


Strange. I went there last night to check, and it worked. Just going there right now, and it still works. Example: Surprised to see that OpenBSD supports the Raspberry Pi 3. I fear you have some local problem.
Not a local problem. It seemed to be a BSD problem. On all of my BSDs (FreeBSD, DragonflyBSD), Firefox failed to load openbsd.org. On my MX KDE, the site openbsd.org loaded properly without any problems. Since DragonflyBSD also uses (even though a patched) FreeBSD ports, I think it's the Firefox port's problem.
 

ralphbsz

Son of Beastie

Reaction score: 2,357
Messages: 3,243

Sorry, don't have a *BSD desktop system, nor any firefox installation.
 

Jose

Daemon

Reaction score: 1,001
Messages: 1,206

No problems here using Firefox 75 on Freebsd 12.1-RELEASE-p8. Shows me a valid Let's Encrypt certificate.
 

vigole

Daemon

Reaction score: 1,468
Messages: 1,283

=> [tl;dr aka soydevoid answer]
Firefox | about:config

[Toggle to TRUE]: security.osclientcerts.autoload
[Toggle to FALSE]: security.tls.hello_downgrade_check
[Change to 3]: security.tls.version.max

=> [Long-form/Normal answer]
openbsd.org is fine, therefore this kind of errors you're receiving, probably indicates that you are behind some sort of malfunction proxy/firewall or maybe creepy ISP. Your socket receives bad-form SSL3 handshake. It's related to NSS and SSL Error Codes section of malformed (too long or short or invalid content) SSL handshake.
Error like this: "SSL received a malformed Server Hello handshake message." documented in SSL_ERROR_RX_MALFORMED_SERVER_HELLO -12259. Try some combinations/or all of these. Some of them are specific to Win/Mac. But who cares! Right now I'm using FreeBSD in CLI fashion. I can't reproduce your problem, or confirm any of these solutions, but here we go and any consequence is on you.
Firefox | about:config

[Toggle to TRUE]: security.osclientcerts.autoload
Linux: OpenSC project Windows/macOS: Expanding Client Certificates in Firefox 75

[Toggle to FALSE]: security.tls.hello_downgrade_check
If false, the TLS 1.3 downgrade check is disabled. => mozilla/policy-templates and Delegated Credentials mechanism

[Change to 3]: security.tls.version.max
security.tls.version.max specifies the maximum supported protocol version. 3 for TLS/1.2 and 4 for TLS/1.3. AFAIK openbsd.org supports both TLS/1.3 and TLS/1.2.
 

memreflect

Well-Known Member

Reaction score: 220
Messages: 257

ping fine. Only Firefox has problem with the site. Chromium without problem.
Clear your cache recently?

One possible issue would involve your add-ons or preferences. Create a new profile using firefox --ProfileManager and start Firefox using that profile. If the site works, the easiest solution would be to just use the new profile and delete your old one; you'll need to reconfigure your preferences, add-ons, and anything you modified in about:config. If it still doesn't work in the new profile, it's time to consider uninstalling Firefox and reinstalling it (or maybe a new version was released that you can upgrade?) Another option would be to switch browsers.
 

20-100-2fe

Well-Known Member

Reaction score: 364
Messages: 303

Can you check your Firefox configuration?
The kind of problem you describe can happen when using an inappropriate proxy.
I remember having encountered the same kind of issues using the WiFi connection in a hotel room.
If Chromium is not configured the same way, this could explain the difference.
 
OP
D

Deleted member 63539

Guest


Can you check your Firefox configuration?
The kind of problem you describe can happen when using an inappropriate proxy.
I remember having encountered the same kind of issues using the WiFi connection in a hotel room.
If Chromium is not configured the same way, this could explain the difference.
I didn't do anything with my Firefox configuration. It's almost vanilla except I turned off smooth scrolling and turned on auto scrolling. I didn't use nor setup any proxy. I'm using ethernet via a cable, not wifi.
 

Mjölnir

Daemon

Reaction score: 1,504
Messages: 2,114

If it works for so many others with the same versions of Firefox & base OS, it must be either your OS's network setup or a lame internet provider? There has been an update of security/ca_root_nss & security/nss recently (today?). So maybe just pkg update && pkg upgrade
 
OP
D

Deleted member 63539

Guest


If it works for so many others with the same versions of Firefox & base OS, it must be either your OS's network setup or a lame internet provider? There has been an update of security/ca_root_nss & security/nss recently (today?). So maybe just pkg update && pkg upgrade
I confirm that this has nothing to do with the certificates.
 
OP
D

Deleted member 63539

Guest


You've been given a substantial answer by vigole in message #14. Have you tried ANY of these? Especially the max tls version?
Yeah and it worked. I'm going to mark this thread as SOLVED but since new people continue to comment I have to address their wrong assumptions before I actually doing so ;)
 
Top