[Operators] ECDSA certs score F

shmick at riseup.net shmick at riseup.net
Thu Aug 14 14:13:58 UTC 2014


additionally using this server to chat to many others was tested and
working

is it because of the cert that the s2s test fails completely ?

shmick at riseup.net wrote:
> hi Thijs,
> 
> Thijs Alkemade wrote:
>>
>> On 26 jul. 2014, at 05:18, shmick at riseup.net wrote:
> 
>>> i dont know what's up with the s2s though
>>>
>>>
>>
>> It’s still unimplemented because I didn’t have any server to test against when I set it up.
> 
> i tried mqas.net again s2s but froze again completing only the cert score
> 
>>
>> There’s also the minor issue that I’m not sure exactly how to grade ECDSA keys, but I think giving them all 100 points makes sense (equivalent to 4096 bit RSA).
>>
>> Your TLSA records are for your domain, not for your SRV target. That doesn’t match draft-ietf-dane-srv.
> 
> much thanks - the RRs were ammended
> 
>>
>> Thijs
>>
> 
> still testing s2s with problems & some debug output received is as
> follows - if you think any more could be useful let me know for reply
> 
> socket  debug   ssl handshake error: unknown protocol
> socket  debug   closing client with id: da9860 unknown protocol
> s2sindc5010     debug   s2s disconnected: observatory.xmpp.net->mqas.net
> (unknown protocol)
> s2sindc5010     debug   Destroying incoming session
> observatory.xmpp.net->mqas.net: unknown protocol
> socket  debug   handshake failed because: unknown protocol
> 
> 
> s2sindcee30     debug   certificate chain validation result: invalid
> s2sindcee30     debug   certificate error(s) at depth 0: self signed
> certificate
> mod_s2s warn    Forbidding insecure connection to/from observatory.xmpp.net
> 
> s2sindcee30   info    incoming s2s stream observatory.xmpp.net->mqas.net
> closed: Your server's certificate
> is invalid, expired, or not trusted by mqas.net
> s2sindcee30     debug   Destroying incoming session
> observatory.xmpp.net->mqas.net:
> Your server's certificate is invalid, expired, or not trusted by mqas.net
> socket        debug   try to close client connection with
> id: dcf7b0
> socket       debug   closing delayed until writebuffer is emptysocket
>     debug   closing client after
> writing socket  debug   closing client with id: dcf7b0
> 


More information about the Operators mailing list