Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2024-02-24 18:33:43

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,276
GitHub

Feedback request: browser testing for potential new web server setup

Testing complete – I’ll leave the stuff below intact for reference. Thank you to all participants.

temple.textpattern.net

Please visit the above URL with your daily driver / typical browser(s).

If it works as expected, you will see a green heart (💚).

If you see do see the green heart (💚), no further action is required. Thank you for your time & interest.

If you do not see the green heart (💚) please leave a reply here with the details of your browser: name & version, and operating system for a bonus internet point.

You can stop reading now if you don’t want to know the nerd stuff…otherwise, here we go!

I am tweaking the web server TLS stack to remove a couple of weak ciphers from the list. I want to make sure that stuff still works with current browsers. I am mindful some folks around here run some older hardware & software, so this is a real-world field test on how these changes might affect future Textpattern server builds.

Last edited by gaekwad (2024-03-14 12:56:07)

Offline

#2 2024-02-24 18:35:38

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,276
GitHub

Re: Feedback request: browser testing for potential new web server setup

Known issues:

  • There is a problem with Tor in some cases, you might get a error similar to:

HTTPS-Only Mode Alert
Secure Site Not Available

You’ve enabled HTTPS-Only Mode for enhanced security, and a HTTPS version of is not available.

What could be causing this?

    Most likely, the website simply does not support HTTPS.
    It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details.

If you continue, HTTPS-Only Mode will be turned off temporarily for this site.

I am investigating this.

Offline

#3 2024-02-25 00:57:16

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,210
Website

Re: Feedback request: browser testing for potential new web server setup

FWIW: Firefox 123


Secure Connection Failed

An error occurred during a connection to temple.textpattern.net. A required TLS feature is missing.

Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem.

–^–

Safari on the Luddite iPhone SE (iOS 15) and Safari 17 and Brave latest display what you expect.

Console reports on both (along with some babbling about permission-policy)

Error while parsing the 'sandbox' Content Security Policy directive: ''self'' is an invalid sandbox flag.

Safari also flags this:

[Error] Blocked script execution in 'https://temple.textpattern.net/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. (x4)

Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#4 2024-02-25 07:17:00

Dragondz
Moderator
From: Algérie
Registered: 2005-06-12
Posts: 1,538
Website GitHub Twitter

Re: Feedback request: browser testing for potential new web server setup

Hi

I have got error connexion with Firefox 122.0.1 Win 10 :

Code d’erreur : MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

The page is not loaded at all.

Cheers

Offline

#5 2024-02-25 14:38:14

Vienuolis
Member
From: Vilnius, Lithuania
Registered: 2009-06-14
Posts: 310
Website GitHub GitLab Mastodon Twitter

Re: Feedback request: browser testing for potential new web server setup

Secure Connection Failed
Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

Firefox 115.6.0esr (64-bit) on FreeBSD 14.0-Rp5.

Ungoogled Chromium, Iridium, Dooble browsers all show your green hearth on the same laptop. And Lynx, curl --head both handshake smoothly, too.

Vivaldi and MS Edge on MS Windows both are green.

Vivaldi on Android is also green.

Last edited by Vienuolis (2024-02-25 15:14:35)

Offline

#6 2024-02-25 15:27:08

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,276
GitHub

Re: Feedback request: browser testing for potential new web server setup

Thank you phiw13, Dragondz & Vienuolis!

I think I have located and fixed the MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING error.

Please try once again with those browsers you used, and please confirm if it works. Thank you.

Offline

#7 2024-02-25 15:29:58

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,276
GitHub

Re: Feedback request: browser testing for potential new web server setup

phiw13 wrote #336739:

Console reports on both (along with some babbling about permission-policy)

Error while parsing the 'sandbox' Content Security Policy directive: ''self'' is an invalid sandbox flag....

Safari also flags this:

[Error] Blocked script execution in 'https://temple.textpattern.net/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. (x4)...

I swear there is such a thing as HTTP header PTSD and I’m a prime candidate for the treatment…

Thank you. I’ll investigate.

Offline

#8 2024-02-25 15:31:48

Vienuolis
Member
From: Vilnius, Lithuania
Registered: 2009-06-14
Posts: 310
Website GitHub GitLab Mastodon Twitter

Re: Feedback request: browser testing for potential new web server setup

Firefox has already been greeted with green — congrats!

Offline

#9 2024-02-25 15:35:00

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,276
GitHub

Re: Feedback request: browser testing for potential new web server setup

Vienuolis wrote #336746:

Firefox has already been greeted with green — congrats!

Hurrah!

Offline

#10 2024-02-25 16:04:33

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,276
GitHub

Re: Feedback request: browser testing for potential new web server setup

As part of this test, I have removed two TLS ciphers from the stack as they are considered ‘weak’ by current standards.

The side effect of this is that some old browsers won’t work. The test is to gauge how we will be affected in real terms. This is essentially to discover “who here is using really old browsers”. The list of browsers that will likely not work with this test configuration include:

  • IE 6 to 8 on Windows XP & 7
  • anything using Java 6 or 7
  • Chrome 49 on Windows XP
  • Safari 6 to 8 on iOS 6 to 8 & macOS 10.9 & 10.10

When the test is complete, I will decide if it’s safe to remove these two ‘weak’ ciphers from our other servers.

Offline

#11 2024-02-25 22:33:31

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,210
Website

Re: Feedback request: browser testing for potential new web server setup

All fine now across the board!

The side effect of this is that some old browsers won’t work.

Yeah, those very old browsers. I doubt they can access much of the internet anyway.

I’ll check later if I can find where a way to download Firefox 102esr – I think that is the last one that still supports macOS 10.9.


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#12 2024-02-26 05:09:21

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,310

Re: Feedback request: browser testing for potential new web server setup

gaekwad wrote #336733:

I am mindful some folks around here run some older hardware & software

I’m one of these folks. But every browser I tried showed the green heart. Thanks, Pete!


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

Board footer

Powered by FluxBB