Opened 2 years ago

Last modified 2 years ago

#2260 new bug

Unable to log to www with elinks, works on beta (as 2015-01-14)

Reported by: leoalone Owned by:
Priority: major Milestone: unassigned
Component: ServerSetup Keywords:

Description (last modified by leoalone)

Trying to log to with elinks (textual browser) that used to work at least until the last time i tried it, youc annot login singe gives a 403 error.
If you try to go directly to you get timmediately a 403 eroor.
If I try on the other way all works almost perfectly.
Aparently the only difference is in these lines in apache config, present on www but not on beta:

  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on

This has been added to force use of stronger encryption but cold lead to problem to people that want to use a very, very light and very low band browser, at same time could create problem to people using an old browser, possibly on a device for which updates are no longer issued!
see RFC7435 for further details.
Could we rethink this decision, or maybe being more sloppy on beta is enough for the really few people that have not TLS1.2 capable browsers ?
Is possible to put a warning somewhere in the page ?

Change History (6)

comment:1 Changed 2 years ago by leoalone

  • Description modified (diff)

comment:2 Changed 2 years ago by leoalone

update: also the graphic browser of nokia5800 does not works on www but only on beta

comment:3 Changed 2 years ago by shevek

Could you please check if the situation changed for these browser on beta?

comment:4 Changed 2 years ago by leoalone

now is worse: no longer works also on beta !

comment:5 Changed 2 years ago by shevek

@leo: With both browsers? I set an SSLCipherSuite yesterday to test something but the idea was to have one that is okay for old browsers as well. But I guess disallowing SSLv2 and SSLv3 doesn't help much in that regard.

comment:6 Changed 2 years ago by leoalone

tried with the Nokia 5800 : even that one fails with the new setup.
i would like to keep a version with more protocols for older browsers.

even elinks has failed with this configuration.

Last edited 2 years ago by leoalone (previous) (diff)
Note: See TracTickets for help on using tickets.