Feedback request: browser testing for potential new web server setup

gaekwad · 2024-02-24 18:33:43

Testing complete – I’ll leave the stuff below intact for reference. Thank you to all participants.

temple.textpattern.net

Please visit the above URL with your daily driver / typical browser(s).

If it works as expected, you will see a green heart (💚).

If you see do see the green heart (💚), no further action is required. Thank you for your time & interest.

If you do not see the green heart (💚) please leave a reply here with the details of your browser: name & version, and operating system for a bonus internet point.

You can stop reading now if you don’t want to know the nerd stuff…otherwise, here we go!

I am tweaking the web server TLS stack to remove a couple of weak ciphers from the list. I want to make sure that stuff still works with current browsers. I am mindful some folks around here run some older hardware & software, so this is a real-world field test on how these changes might affect future Textpattern server builds.

Last edited by gaekwad (2024-03-14 12:56:07)

gaekwad · 2024-02-24 18:35:38

Known issues:

There is a problem with Tor in some cases, you might get a error similar to:


HTTPS-Only Mode Alert
Secure Site Not Available

You’ve enabled HTTPS-Only Mode for enhanced security, and a HTTPS version of is not available.

What could be causing this?

    Most likely, the website simply does not support HTTPS.
    It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details.

If you continue, HTTPS-Only Mode will be turned off temporarily for this site.

I am investigating this.

phiw13 · 2024-02-25 00:57:16

FWIW: Firefox 123


Secure Connection Failed

An error occurred during a connection to temple.textpattern.net. A required TLS feature is missing.

Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem.

–^–

Safari on the Luddite iPhone SE (iOS 15) and Safari 17 and Brave latest display what you expect.

Console reports on both (along with some babbling about permission-policy)

Error while parsing the 'sandbox' Content Security Policy directive: ''self'' is an invalid sandbox flag.

Safari also flags this:

[Error] Blocked script execution in 'https://temple.textpattern.net/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. (x4)

Dragondz · 2024-02-25 07:17:00

Hi

I have got error connexion with Firefox 122.0.1 Win 10 :

Code d’erreur : MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

The page is not loaded at all.

Cheers

Vienuolis · 2024-02-25 14:38:14

Secure Connection Failed
Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

Firefox 115.6.0esr (64-bit) on FreeBSD 14.0-Rp5.

Ungoogled Chromium, Iridium, Dooble browsers all show your green hearth on the same laptop. And Lynx, curl --head both handshake smoothly, too.

Vivaldi and MS Edge on MS Windows both are green.

Vivaldi on Android is also green.

Last edited by Vienuolis (2024-02-25 15:14:35)

gaekwad · 2024-02-25 15:27:08

Thank you phiw13, Dragondz & Vienuolis!

I think I have located and fixed the MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING error.

Please try once again with those browsers you used, and please confirm if it works. Thank you.

gaekwad · 2024-02-25 15:29:58

phiw13 wrote #336739:

Console reports on both (along with some babbling about permission-policy)

Error while parsing the 'sandbox' Content Security Policy directive: ''self'' is an invalid sandbox flag....

Safari also flags this:

[Error] Blocked script execution in 'https://temple.textpattern.net/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. (x4)...

I swear there is such a thing as HTTP header PTSD and I’m a prime candidate for the treatment…

Thank you. I’ll investigate.

Vienuolis · 2024-02-25 15:31:48

Firefox has already been greeted with green — congrats!

gaekwad · 2024-02-25 15:35:00

Vienuolis wrote #336746:

Firefox has already been greeted with green — congrats!

Hurrah!

gaekwad · 2024-02-25 16:04:33

As part of this test, I have removed two TLS ciphers from the stack as they are considered ‘weak’ by current standards.

The side effect of this is that some old browsers won’t work. The test is to gauge how we will be affected in real terms. This is essentially to discover “who here is using really old browsers”. The list of browsers that will likely not work with this test configuration include:

IE 6 to 8 on Windows XP & 7
anything using Java 6 or 7
Chrome 49 on Windows XP
Safari 6 to 8 on iOS 6 to 8 & macOS 10.9 & 10.10

When the test is complete, I will decide if it’s safe to remove these two ‘weak’ ciphers from our other servers.

phiw13 · 2024-02-25 22:33:31

All fine now across the board!

The side effect of this is that some old browsers won’t work.

Yeah, those very old browsers. I doubt they can access much of the internet anyway.

I’ll check later if I can find where a way to download Firefox 102esr – I think that is the last one that still supports macOS 10.9.

uli · 2024-02-26 05:09:21

gaekwad wrote #336733:

I am mindful some folks around here run some older hardware & software

I’m one of these folks. But every browser I tried showed the green heart. Thanks, Pete!

Textpattern CMS

Textpattern CMS support forum

#1 2024-02-24 18:33:43