Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#25 2018-08-23 07:43:41

philwareham
Core designer
From: Haslemere, Surrey, UK
Registered: 2009-06-11
Posts: 3,564
Website GitHub Mastodon

Re: Server migration - status, discussion

The forum isn’t actually moving until the week after next now – we are going to spend a few days before that tweaking the .org site so it’s working better.

Offline

#26 2018-08-23 09:33:34

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,298
GitHub

Re: Server migration - status, discussion

uli wrote #313584:

I could not make it work, alas, but currently something is annoying much much more (and I hope I’m not going to be locked out completely very soon):

[…]

When I call the same URL on my smartphone I even get a 404.

This is actually a good sign. I’ve been thinking about why you can’t connect, and if you’re getting a 404 on forum.textpattern.com from the phone that’s a good sign – that’s as it should be, at least for a short term while we sort some things out.

I am confused as to why you’re having SSL errors. It’s almost like you have stale SSL entries in your browsers. Is it feasible to clear your browser history for the Textpattern sites to check if that helps?

The cipher list I’m using is the Mozilla recommended list, which excludes broken crypto and has support for modern browsers. That said, if we’re missing something that makes it fail that’s clearly not good and I will address it.

uli: can you tell me your operating system, I’ll see if I can reproduce your situation at this end.

Offline

#27 2018-08-23 09:42:58

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,298
GitHub

Re: Server migration - status, discussion

This period of transition is taking some time because of legacy & custom code in a number of Textpattern sites. There’s a bunch of work to do to get things running on modern code, and keep the flagship sites up-to-date.

I am very, very mindful of having nothing break or disappearing, and untangling some of the older sites (which run on old server technology) is turning out to be quite challenging.

And it’s also summer in the north hemisphere, so people’s availability is more scattered. We’re moving things, tidying as we go, and the focus is on high availability at the moment. When things are moved to the new servers, there will be a period of consolidating where some properties will be merged into fewer domains overall. As an example, the forum right now lives on forum.textpattern.io but in time will move to (or, “return to”) forum.textpattern.com – all the content will remain, of course, existing logins will still work, and no doubt spammers will be keen to push their SEO services – it’ll also be running a newer codebase with better performance and other benefits.

Thanks for your continued patience. I’ll update the original post to reflect the current situation.

Offline

#28 2018-08-23 11:58:56

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,298
GitHub

Re: Server migration - status, discussion

uli: are you running security software on your computer? Have a look at this thread, see if it helps:

support.mozilla.org/en-US/questions/1222439

Offline

#29 2018-08-23 12:01:42

philwareham
Core designer
From: Haslemere, Surrey, UK
Registered: 2009-06-11
Posts: 3,564
Website GitHub Mastodon

Re: Server migration - status, discussion

Doesn’t Uli run a fairly old Firefox ESR version, if my memory serves me correct?

Offline

#30 2018-08-23 12:17:01

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,298
GitHub

Re: Server migration - status, discussion

philwareham wrote #313597:

Doesn’t Uli run a fairly old Firefox ESR version, if my memory serves me correct?

Yep. Edit: actually, April 2017 according to https://ftp.mozilla.org/pub/firefox/releases/45.9.0esr/

There’s an about:config tweak that could be made, might be an SSL 3.0 issue. Server is running TLS 1.3 with a 1.2 fallback, so if FF is looking for TLS 1.0 (not safe) then it may complain.

Last edited by gaekwad (2018-08-23 14:34:40)

Offline

#31 2018-08-23 12:27:41

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,298
GitHub

Re: Server migration - status, discussion

uli: more follow up, what do you get if you visit www.howsmyssl.com ?

Offline

#32 2018-08-23 22:26:36

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,311

Re: Server migration - status, discussion

gaekwad wrote #313578:

Something to try – reset Chrome SSL state

I’ve tried this but to no avail. I’ve also tried the about:config method for TLS.VER you’ve recommended later on. My values were all default, so I couldn’t improve a thing.

From this test here www.howsmyssl.com I got six times a green “good”. In case it tells you something, here’s the cipher suits my FF supports:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

The forum profile links I found didn’t work (forum links to the .com forum) came from a post where I handcoded links to spammer profiles in the moderation forum. There may be more such links with .com hardcoded in them in the forum archives, in case someone copied and pasted manually. But the forum script builds the User X wrote links to posts in a different manner (e.g. ./viewtopic.php?pid=313578#p313578), so there’s no tld involved, at least in recent times.

Is it feasible to clear your browser history for the Textpattern sites to check if that helps?

I’ve set up a whole new FF profile for that reason, and I get the same results here, too, SSL_ERROR_NO_CYPHER_OVERLAP on the first screen, and then SSL_ERROR_PROTOCOL_VERSION_ALERT on the second.

Pete, I appreciate all your tips and hints to get my browser back on the tracks. Thank you very much!!

(Have I forgotten to answer something? Sorry if so, it’s late here. Ah yes, my OS is Mountain Lion, 10.8.)


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#33 2018-08-24 09:12:35

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,298
GitHub

Re: Server migration - status, discussion

uli: please try now, I’ve changed the cipher suite at the server.

Offline

#34 2018-08-24 11:04:32

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,311

Re: Server migration - status, discussion

Yay, it’s back for me! Thank you, Pete!! :)


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#35 2018-08-24 11:16:02

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,298
GitHub

Re: Server migration - status, discussion

uli wrote #313613:

Yay, it’s back for me! Thank you, Pete!! :)

Great news! I may end up calling on you again as we fine-tune the settings. The selection of ciphers used has been increased, and should cover modern browsers. It’s a balancing act, but it’s a fun one!

Offline

#36 2018-08-24 11:30:51

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,311

Re: Server migration - status, discussion

gaekwad wrote #313614:

I may end up calling on you again as we fine-tune the settings.

Don’t hesitate, I’m glad to give anything back.


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

Board footer

Powered by FluxBB