Midori+https

Support Debian
#1

Midori refuse les sites en https !

[quote]Erreur - https://debian-fr.org/

La page « https://debian-fr.org/ » n’a pu être chargée.

SSL handshake failed[/quote]

#2

Chez moi ça fonctionne.

#3

Me voilà bien avancé ! Je vais aller chez toi alors :slight_smile:

1 J'aime
#4

Quelle version ? sur quelle distrib ?

En effet, ce message est affiché quand le client n’est pas capable de lire une ou l’autre des versions SSL/TLS acceptée/envoyée par le serveur HTTPS.

Cela signifie qu’il faut mettre-à-jour le client, où en changer … ou demander à l’admin de baisser ses critères de qualités !

C’est un des problèmes que j’ai eu récemment dans mon “combat” d’installation du serveur Radicale, où j’ai découvert ce genre de problèmes.

#5

Ah les joies du SSL et des cyphers :stuck_out_tongue:

#6

C’est le mieux qu’on puisse dire au vu des détails que tu nous fournis ;-). Sinon tu peux venir, ça me dérange pas !

#7

J’ai deux ordi portables : un vieux ibook G4 reconverti avec une jessie powerpc et un asus sous crunchbang wheezy.

#8

Midori ne refuse pas les sites HTTPS !

Je test sous OpenBSD, avec Midori 0.5.11 … et, je surfe sans soucis ici, sur mes sites …
M’est avis que le soucis vient d’ailleurs .

PS : Et, non, je ne me la pête pas … je découvre OpenBSD ! :stuck_out_tongue:
Pour l’instant, ça me plaît :smiley:

#9

Tout est ok côté serveur sur les deux IP :

[code]testssl.sh https://debian-fr.org/

No mapping file found

###########################################################
testssl.sh 2.6 from https://testssl.sh/
(1.379B 2015/09/25 12:35:41)

  This program is free software. Distribution and 
         modification under GPLv2 permitted. 
  USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

   Please file bugs @ https://testssl.sh/bugs/

###########################################################

Using “OpenSSL 1.0.2g 1 Mar 2016” [~125 ciphers] on
fr-lap00154:/usr/bin/openssl
(built: “reproducible build, date unspecified”, platform: “linux-x86_64”)

Testing all IPv4 addresses (port 443): 104.28.12.4 104.28.13.4

Testing now (2016-04-25 17:21) —> 104.28.12.4:443 (debian-fr.org) <—

further IP addresses: 104.28.13.4 2400:cb00:2048:1::681c:d04 2400:cb00:2048:1::681c:c04
rDNS (104.28.12.4): –
Service detected: HTTP

–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered
TLS 1.1 offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption Local problem: No 40 Bit encryption configured in /usr/bin/openssl
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) Local problem: No Export Ciphers (general) configured in /usr/bin/openssl
Low (<=64 Bit) Local problem: No Low (<=64 Bit) configured in /usr/bin/openssl
DES Ciphers Local problem: No DES Ciphers configured in /usr/bin/openssl
Medium grade encryption not offered (OK)
Triple DES Ciphers offered (NOT ok)
High grade encryption offered (OK)

–> Testing (perfect) forward secrecy, §FS – omitting 3DES, RC4 and Null Encryption here

PFS is offered (OK) ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA

–> Testing server preferences

Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH
Cipher order
TLSv1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA
TLSv1.1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA
TLSv1.2: ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA

–> Testing server defaults (Server Hello)

TLS server extensions server name, renegotiation info, EC point formats, session ticket, status request
Session Tickets RFC 5077 64800 seconds
Server key size EC 256 bit
Signature Algorithm ECDSA with SHA256
Fingerprint / Serial SHA1 E0E37A3F06EB97DD67B9D825BA41EF3F498CEA35 / FAF1C6746BE4BF129338E60FB950645A
SHA256 1AF0E057E2CC348C75261B7F42CD0EBCB014DF6F9F0B55A899F281814A4EF4C6
Common Name (CN) sni70205.cloudflaressl.com (request w/o SNI didn’t succeed)
subjectAltName (SAN) sni70205.cloudflaressl.com *.abcn.ae *.abcn.bh *.abcn.qa *.abcs.consulting *.alternativesineducation.co.uk *.arab-mirror.com *.bamastangguy.com *.biznstyle.com *.boutline.com *.cifnation.org *.debian-fr.org *.dontim-eng.co.uk *.entrepreneuralarabiya.com *.experiencenorthcountry.co.uk *.flexysafe.co.uk *.greatmiddleeastgate.com *.gulfofmexico.com *.hcdev-tn.com *.interieurs.id *.istanbulindex.com.tr *.lalprojectsltd.co.uk *.lalprojectsltd.com *.lancashirebedandbreakfast.co.uk *.linuxality.co.uk *.linuxality.com *.lowrxdrugcard.com *.patientassistance.com *.rexdrugcard.com *.theconsultingrooms.co.uk *.tuwogo.com *.visionelements.co.uk *.wain.com.kw *.walkerontheweb.co.uk *.whatis340b.com abcn.ae abcn.bh abcn.qa abcs.consulting alternativesineducation.co.uk arab-mirror.com bamastangguy.com biznstyle.com boutline.com cifnation.org debian-fr.org dontim-eng.co.uk entrepreneuralarabiya.com experiencenorthcountry.co.uk flexysafe.co.uk greatmiddleeastgate.com gulfofmexico.com hcdev-tn.com interieurs.id istanbulindex.com.tr lalprojectsltd.co.uk lalprojectsltd.com lancashirebedandbreakfast.co.uk linuxality.co.uk linuxality.com lowrxdrugcard.com patientassistance.com rexdrugcard.com theconsultingrooms.co.uk tuwogo.com visionelements.co.uk wain.com.kw walkerontheweb.co.uk whatis340b.com
Issuer COMODO ECC Domain Validation Secure Server CA 2 (COMODO CA Limited from GB)
EV cert (experimental) no
Certificate Expiration >= 60 days (2016-04-19 02:00 --> 2016-10-24 01:59 +0200)

of certificates provided 3

Certificate Revocation List http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl
OCSP URI http://ocsp.comodoca4.com
OCSP stapling offered
TLS timestamp random values, no fingerprinting possible

–> Testing HTTP header response @ “/”

HTTP Status Code 200 OK
HTTP clock skew -1 sec from localtime
Strict Transport Security –
Public Key Pinning –
Server banner cloudflare-nginx
Application banner –
Cookie(s) 2 issued: NONE secure, 2/2 HttpOnly
Security headers X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge
Reverse Proxy banner –

–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK)
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) Local problem: /usr/bin/openssl lacks zlib support
BREACH (CVE-2013-3587) NOT ok: uses gzip HTTP compression (only “/” tested)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK)
FREAK (CVE-2015-0204) Local problem: /usr/bin/openssl doesn’t have any EXPORT RSA ciphers configured
LOGJAM (CVE-2015-4000), experimental Local problem: /usr/bin/openssl doesn’t have any DHE EXPORT ciphers configured
BEAST (CVE-2011-3389) TLS1: ECDHE-ECDSA-DES-CBC3-SHA
– but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)

–> Testing all locally available 125 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits

xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256
xc024 ECDHE-ECDSA-AES256-SHA384 ECDH 256 AES 256
xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128
xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 256 AES 128
xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128
xc008 ECDHE-ECDSA-DES-CBC3-SHA ECDH 256 3DES 168

Done now (2016-04-25 17:22) —> 104.28.12.4:443 (debian-fr.org) <—

Testing now (2016-04-25 17:22) —> 104.28.13.4:443 (debian-fr.org) <—

further IP addresses: 104.28.12.4 2400:cb00:2048:1::681c:d04 2400:cb00:2048:1::681c:c04
rDNS (104.28.13.4): –
Service detected: HTTP

–> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered
TLS 1.1 offered
TLS 1.2 offered (OK)
SPDY/NPN not offered

–> Testing ~standard cipher lists

Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption Local problem: No 40 Bit encryption configured in /usr/bin/openssl
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl
Export Ciphers (general) Local problem: No Export Ciphers (general) configured in /usr/bin/openssl
Low (<=64 Bit) Local problem: No Low (<=64 Bit) configured in /usr/bin/openssl
DES Ciphers Local problem: No DES Ciphers configured in /usr/bin/openssl
Medium grade encryption not offered (OK)
Triple DES Ciphers offered (NOT ok)
High grade encryption offered (OK)

–> Testing (perfect) forward secrecy, §FS – omitting 3DES, RC4 and Null Encryption here

PFS is offered (OK) ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA

–> Testing server preferences

Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH
Cipher order
TLSv1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA
TLSv1.1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA
TLSv1.2: ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA

–> Testing server defaults (Server Hello)

TLS server extensions server name, renegotiation info, EC point formats, session ticket, status request
Session Tickets RFC 5077 64800 seconds
Server key size EC 256 bit
Signature Algorithm ECDSA with SHA256
Fingerprint / Serial SHA1 E0E37A3F06EB97DD67B9D825BA41EF3F498CEA35 / FAF1C6746BE4BF129338E60FB950645A
SHA256 1AF0E057E2CC348C75261B7F42CD0EBCB014DF6F9F0B55A899F281814A4EF4C6
Common Name (CN) sni70205.cloudflaressl.com (request w/o SNI didn’t succeed)
subjectAltName (SAN) sni70205.cloudflaressl.com *.abcn.ae *.abcn.bh *.abcn.qa *.abcs.consulting *.alternativesineducation.co.uk *.arab-mirror.com *.bamastangguy.com *.biznstyle.com *.boutline.com *.cifnation.org *.debian-fr.org *.dontim-eng.co.uk *.entrepreneuralarabiya.com *.experiencenorthcountry.co.uk *.flexysafe.co.uk *.greatmiddleeastgate.com *.gulfofmexico.com *.hcdev-tn.com *.interieurs.id *.istanbulindex.com.tr *.lalprojectsltd.co.uk *.lalprojectsltd.com *.lancashirebedandbreakfast.co.uk *.linuxality.co.uk *.linuxality.com *.lowrxdrugcard.com *.patientassistance.com *.rexdrugcard.com *.theconsultingrooms.co.uk *.tuwogo.com *.visionelements.co.uk *.wain.com.kw *.walkerontheweb.co.uk *.whatis340b.com abcn.ae abcn.bh abcn.qa abcs.consulting alternativesineducation.co.uk arab-mirror.com bamastangguy.com biznstyle.com boutline.com cifnation.org debian-fr.org dontim-eng.co.uk entrepreneuralarabiya.com experiencenorthcountry.co.uk flexysafe.co.uk greatmiddleeastgate.com gulfofmexico.com hcdev-tn.com interieurs.id istanbulindex.com.tr lalprojectsltd.co.uk lalprojectsltd.com lancashirebedandbreakfast.co.uk linuxality.co.uk linuxality.com lowrxdrugcard.com patientassistance.com rexdrugcard.com theconsultingrooms.co.uk tuwogo.com visionelements.co.uk wain.com.kw walkerontheweb.co.uk whatis340b.com
Issuer COMODO ECC Domain Validation Secure Server CA 2 (COMODO CA Limited from GB)
EV cert (experimental) no
Certificate Expiration >= 60 days (2016-04-19 02:00 --> 2016-10-24 01:59 +0200)

of certificates provided 3

Certificate Revocation List http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl
OCSP URI http://ocsp.comodoca4.com
OCSP stapling offered
TLS timestamp random values, no fingerprinting possible

–> Testing HTTP header response @ “/”

HTTP Status Code 200 OK
HTTP clock skew 0 sec from localtime
Strict Transport Security –
Public Key Pinning –
Server banner cloudflare-nginx
Application banner –
Cookie(s) 1 issued: NOT secure, 1/1 HttpOnly
Security headers X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge
Reverse Proxy banner –

–> Testing vulnerabilities

Heartbleed (CVE-2014-0160) not vulnerable (OK)
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) Local problem: /usr/bin/openssl lacks zlib support
BREACH (CVE-2013-3587) NOT ok: uses gzip HTTP compression (only “/” tested)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK)
FREAK (CVE-2015-0204) Local problem: /usr/bin/openssl doesn’t have any EXPORT RSA ciphers configured
LOGJAM (CVE-2015-4000), experimental Local problem: /usr/bin/openssl doesn’t have any DHE EXPORT ciphers configured
BEAST (CVE-2011-3389) TLS1: ECDHE-ECDSA-DES-CBC3-SHA
– but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)

–> Testing all locally available 125 ciphers against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits

xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256
xc024 ECDHE-ECDSA-AES256-SHA384 ECDH 256 AES 256
xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128
xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 256 AES 128
xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128
xc008 ECDHE-ECDSA-DES-CBC3-SHA ECDH 256 3DES 168

Done now (2016-04-25 17:22) —> 104.28.13.4:443 (debian-fr.org) <—

Done testing now all IP addresses (on port 443): 104.28.12.4 104.28.13.4

[/code]

Je penche plus pour une MAJ côté client (openssl ou naviguateur ?), il y a probablement le support du TLS qui ne fonctionne pas… C’est finis le SSL ! :wink:

openssl version pour voir ta version d’openssl, et tu peu faire un curl pour voir le résultat ?

1 J'aime
#10

Merci @TrashHard :smile:

#11

#openssl version
OpenSSL 1.0.1e 11 Feb 2013

Par contre je n’ai pas le paquet ‘testssl.sh’ sur ma powerpc !

#12

Regarde bien, stp :

 testssl.sh https://debian-fr.org/
No mapping file found
###########################################################
    testssl.sh       2.6 from https://testssl.sh/    
    (1.379B 2015/09/25 12:35:41)
      This program is free software. Distribution and 
         modification under GPLv2 permitted. 
  USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

   Please file bugs @ https://testssl.sh/bugs/
###########################################################

C’est un script shell ; tu as l’adresse dans l’entête fournie ci-dessus !

#13

Oui vas sur le site tu pourras le télécharger… Il suffit que tu le copie dans /usr/locale/bin après si tu veux qu’il soit dans tes path

Ta version d’openssl est bonne, tu peux fournir le résultat de :

Il y a un proxy ou un élément réseau que tu ne maitrise pas sur ton réseau ? Ça peut être également un problème de gestion du certificat SAN sur un de ces éléments.

#14

Oui, j’ai un serveur qui fait office de passerelle pour mon reseau domestique. Dessus, j’ai squid3 et dansguardian .Tout le traffic transite par cette passerelle.

#15

[quote]# curl -Ivv -XGET https://debian-fr.org/

  • About to connect() to debian-fr.org port 443 (#0)
  • Trying 104.28.13.4…
  • connected
  • Connected to debian-fr.org (104.28.13.4) port 443 (#0)
  • successfully set certificate verify locations:
  • CAfile: none
    CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Server key exchange (12):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using ECDHE-ECDSA-AES128-GCM-SHA256
  • Server certificate:
  • subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=sni70205.cloudflaressl.com
  • start date: 2016-04-19 00:00:00 GMT
  • expire date: 2016-10-23 23:59:59 GMT
  • subjectAltName: debian-fr.org matched
  • issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
  • SSL certificate verify ok.

GET / HTTP/1.1
User-Agent: curl/7.26.0
Host: debian-fr.org
Accept: /

  • additional stuff not fine transfer.c:1037: 0 0
  • HTTP 1.1 or later with persistent connection, pipelining supported
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    < Server: cloudflare-nginx
    Server: cloudflare-nginx
    < Date: Mon, 25 Apr 2016 19:20:56 GMT
    Date: Mon, 25 Apr 2016 19:20:56 GMT
    < Content-Type: text/html; charset=utf-8
    Content-Type: text/html; charset=utf-8
    < Transfer-Encoding: chunked
    Transfer-Encoding: chunked
    < Connection: keep-alive
    Connection: keep-alive
    < Set-Cookie: __cfduid=d3e7f322cc562516365966382a7b7689d1461612056; expires=Tue, 25-Apr-17 19:20:56 GMT; path=/; domain=.debian-fr.org; HttpOnly
    Set-Cookie: __cfduid=d3e7f322cc562516365966382a7b7689d1461612056; expires=Tue, 25-Apr-17 19:20:56 GMT; path=/; domain=.debian-fr.org; HttpOnly
    < X-Frame-Options: SAMEORIGIN
    X-Frame-Options: SAMEORIGIN
    < X-XSS-Protection: 1; mode=block
    X-XSS-Protection: 1; mode=block
    < X-Content-Type-Options: nosniff
    X-Content-Type-Options: nosniff
    < X-Discourse-Route: categories/index
    X-Discourse-Route: categories/index
    < Set-Cookie: _forum_session=MTgzbGpmYk9RQ2RxQitHeVQzMVZiWDRHSUxkN2RudHQxQVZPSXlTOVFPMUhFbzRaRk1uTzh4b3JOTUcvVG91TlFLdW0xN3JhdkRwT2Z2UmR1bkwvRVE9PS0tWUpMUXVLK01CTEVocklUOGNnVzZGdz09–68c954499523691ad8863113b5e1afbbafd7b4ed; path=/; HttpOnly
    Set-Cookie: _forum_session=MTgzbGpmYk9RQ2RxQitHeVQzMVZiWDRHSUxkN2RudHQxQVZPSXlTOVFPMUhFbzRaRk1uTzh4b3JOTUcvVG91TlFLdW0xN3JhdkRwT2Z2UmR1bkwvRVE9PS0tWUpMUXVLK01CTEVocklUOGNnVzZGdz09–68c954499523691ad8863113b5e1afbbafd7b4ed; path=/; HttpOnly
    < X-Request-Id: 81e980d1-68d1-410c-9b44-7180bc0693b0
    X-Request-Id: 81e980d1-68d1-410c-9b44-7180bc0693b0
    < X-Runtime: 0.089348
    X-Runtime: 0.089348
    < X-UA-Compatible: IE=edge
    X-UA-Compatible: IE=edge
    < CF-RAY: 299427b8195a0491-CDG
    CF-RAY: 299427b8195a0491-CDG

<

  • Excess found in a non pipelined read: excess = 549 url = / (zero-length body)
  • Connection #0 to host debian-fr.org left intact
  • Closing connection #0
  • SSLv3, TLS alert, Client hello (1):[/quote]
#16

On dirait que c’est ton navigateurs qui est à la ramasse, une petite MAJ nécessaire ?

http://forum.slitaz.org/topic/tls-handshake-issues

#17

testssl fonctionne mais le rapport est super long !!
Il y a une partie qui t’intéresse plus qu’une autre ?

#18

Tout est intéressant !

Mais ton curl montre que ton systèmes accepte bien la connexion SSL et que ça viens du navigateur, et le lien que je t’ai donné te prouve que c’est ton navigateur qui bloque avec la gestion du TLS

Utilise un autre navigateur et ça devrait-être bon…

#19

Justement, je voulais passer à midori car il est léger et iceweasel est plus lent.
mais bon, si çà ne fonctionne pas !!
Peut-être en installant le paquet directement depuis le site.

#20

J’ai un autre pc qui tourne sous jessie 32 bits. Midori fonctionne nickel. C’est donc l’os (wheezy) qui n’est pas bon. Faut que je passe à powerpc jessie et pour crunchbang qui n’est plus supportée je laisse comme çà pour le moment.