On Mon, Jun 26, 2017 at 10:26:08AM -0300, Ben Mezger wrote:
This *only* happens on Google Chrome and Chromium.
Any idea why this might happen?
I'll get this fixed over the next day or so, probably with a letsencrypt cert. Details: I'm running the current incarnation of https://lists.cpunks.org and this problem was presumably caused by some SSL changes I made yesterday. The lists.cpunks.org Apache named virtual host lives on mail.pglaf.org, which uses a wildcard certificate for *.pglaf.org duly issued by Network Solutions. So, Chrome is right to complain that the cert doesn't match the domain. See, for example: https://www.ssllabs.com/ssltest/analyze.html?d=lists.cpunks.org It's interesting that this new error didn't occur until I tightened the cipher suites. In apache2.conf, the old set was: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP ... which yielded some recent reports of Firefox complaining about allowing SSL3 and some other less secure ciphers. The current config line, as of Sunday afternoon, is: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:-MEDIUM:-LOW:-SSLv2:-SSLv3:+EXP - Greg