Results 1 to 8 of 8

Click here to go to the first staff post in this thread.
Thread: Out of date or insufficient TLS

  1. #1

    Out of date or insufficient TLS

    I don't know where to place this since it is about the forum software not the actual game.

    One of the places I read the forums at during the day has made some updates and now visiting forums.frontier.co.uk is blocked due to out of date or insufficient TLS, whatever that means.

    I don't know if that's something the forum people can fix.

    [copied from support forum]

    Thanks

  2. This is the last staff post in this thread. #2
    Which browser are you using to cause this to happen? And what pages in general are triggering this event?

    The *.frontier.co.uk thumbprint should be exactly: c68d96effc0ca5301bbedbcc57009ab27edb13c3 (C6:8D:96:EF:FC:0C:A5:30:1B:BE:DB:CC:57:00:9A:B2:7E:DB:13:C3).

    If it is not that, then you've a MITM issues going on replacing our SSL cert with something else, that is not from us.

  3. #3
    It might not be related but Chrome started to say our SSL certificate wasn't trusted anymore this week. Turns out an update to Chrome now means some RapidSSL, Symantec and others issued before (I think) September 2017 are no longer trusted. I managed to get an updated SSL from our supplier and aply it and all is good again.

    I've noticed the same on other sites this week but the weird thing is that it's not consistent on our network even if Chrome is at the same version (V70). Some devices throw the error while others don't.

  4. #4
    Originally Posted by TheGit View Post (Source)
    It might not be related but Chrome started to say our SSL certificate wasn't trusted anymore this week. Turns out an update to Chrome now means some RapidSSL, Symantec and others issued before (I think) September 2017 are no longer trusted. I managed to get an updated SSL from our supplier and aply it and all is good again.

    I've noticed the same on other sites this week but the weird thing is that it's not consistent on our network even if Chrome is at the same version (V70). Some devices throw the error while others don't.
    Hasn't TLS 1.2 been recently rendered untrusted or something? Or is that 1.1... Unsure, but I knew there was some kerfuffle recently. More likely though it just needs a cert update.

  5. #5
    Originally Posted by Siobhan View Post (Source)
    Hasn't TLS 1.2 been recently rendered untrusted or something? Or is that 1.1... Unsure, but I knew there was some kerfuffle recently. More likely though it just needs a cert update.
    I'm not sure but sounds about right. This is the link about Chrome and certificates, we got ours replaced free of charge by our CMS supplier who look after our certificates https://www.websecurity.symantec.com...kaAnnQEALw_wcB

  6. #6
    Originally Posted by TheGit View Post (Source)
    It might not be related but Chrome started to say our SSL certificate wasn't trusted anymore this week. Turns out an update to Chrome now means some RapidSSL, Symantec and others issued before (I think) September 2017 are no longer trusted.
    Yeah, it's amazing, we warned customers about that for half a year in the run-up to the various deadlines that were happening since late 2017, went ahead and generated new, trusted certificates from the successor CAs, and most are just now complaining that their certificates are untrusted if they care about that at all (most don't give a damn) Top. Men.

    That's not the issue here though.

  7. #7
    Originally Posted by Shadowdancer View Post (Source)
    Yeah, it's amazing, we warned customers about that for half a year in the run-up to the various deadlines that were happening since late 2017, went ahead and generated new, trusted certificates from the successor CAs, and most are just now complaining that their certificates are untrusted
    Yep I got an email back in August from our supplier to say it wasn't going to be trusted and do we want to replace it so I said go ahead. It appears that they hadn't!.

    Originally Posted by Shadowdancer View Post (Source)
    That's not the issue here though.
    No it's not, I just ran forums.frontier.co.uk through https://www.ssllabs.com/ssltest/ which shows their certificate is fine.

  8. #8
    Yeah, this is a long story. It began with Mozilla foundation, when they figured out Symantec violated their own rules while issuing certificates, and they never issued the problem. It took quite a while until they could muzzle the bad source.