Ask / Submit
4

Browser TLS crypto support lacking

asked 2019-05-16 09:58:52 +0300

Mohjive gravatar image

updated 2019-05-16 17:35:45 +0300

When I go to https://blog.tuleap.org with the native Sailfish browser I get an error

The owner of blog.tuleap.org has configured their website improperly. [...]
Nightly can't load this page for some reason.

Using Firefox for android or desktop browser I can't see anything strange with the site and I guess it's a certificate support error in Sailfish browser.

Edit: answer provided by @Maus explains that it's a crypto support issue.

edit retag flag offensive close delete

Comments

2

Well, this is not a rendering/js-code issue, but a protocol/tls(?) issue, so I don't think it belongs there, even though it's related.

Mohjive ( 2019-05-16 11:56:37 +0300 )edit

2 Answers

Sort by » oldest newest most voted
5

answered 2019-05-16 17:20:19 +0300

Maus gravatar image

updated 2019-05-16 18:04:08 +0300

As already answered by @emva, you can check the remote web server's capabilities with the SSL Labs tool. But you can also check your browser's capabilities there.

If you take a look at the cipher suites offered by the server, you'll notice that there is no matching suite supported by the Sailfish browser. Bummer.

By the way, thank you for raising this question, as I had to read up on this to have a better understanding of the problem. Now I can fix my own web servers, too, by offering more (weaker) cipher suites :-)

edit flag offensive delete publish link more

Comments

1

Thank you for clearing things up. :) Seems that the site only supports GCM while Sailfish only supports CBC (difference).

Mohjive ( 2019-05-16 17:32:38 +0300 )edit
1

answered 2019-05-16 15:51:57 +0300

emva gravatar image

updated 2019-05-16 15:55:20 +0300

ssllabs gives an error with the certificate: This site works only in browsers with SNI support.

Alternative names blog.enalean.com MISMATCH

Happens on servers with shared hosts, you must edit the virtualhost file for it to work.

edit flag offensive delete publish link more

Comments

2

SNI seems like a very basic function to support today. There should be a plethora of shared hosting that use it currently, which would break if SNI isn't supported

Mohjive ( 2019-05-16 16:55:59 +0300 )edit
Login/Signup to Answer

Question tools

Follow
4 followers

Stats

Asked: 2019-05-16 09:58:52 +0300

Seen: 239 times

Last updated: May 16