[opensuse] https help
I am lost. In the "I don't understand" way. Google has not helped much, either. If I bypass my router, i.e. patch directly to my ethernet port on the 'puter (networking set to dhcp) I can no longer access https websites. I get the IP addr from the ISP's server ok, I can go to different sites ok but all https sites return an error. The specific wording is different on different sites but basically it is indicating a security error. I assume then that my router has some security certificate or similar mechanism that is passed to these sites that my 'puter doesn't. How to enable it? It would seem to be a really simple thing but I can find nothing that helps me figure it out. SSL 3.3 or TLS 1.2 is what my Firefox uses when connected to https sites using the router, so that doesn't seem to be the issue. Fred -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/02/2019 00.24, Stevens wrote:
I am lost. In the "I don't understand" way. Google has not helped much, either.
If I bypass my router, i.e. patch directly to my ethernet port on the 'puter (networking set to dhcp) I can no longer access https websites. I get the IP addr from the ISP's server ok, I can go to different sites ok but all https sites return an error. The specific wording is different on different sites but basically it is indicating a security error.
Well, paste here examples.
I assume then that my router has some security certificate or similar mechanism that is passed to these sites that my 'puter doesn't. How to enable it? It would seem to be a really simple thing but I can find nothing that helps me figure it out.
No, the routers have no certificates. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2/9/19 9:00 PM, Carlos E. R. wrote:
On 10/02/2019 00.24, Stevens wrote:
I am lost. In the "I don't understand" way. Google has not helped much, either.
If I bypass my router, i.e. patch directly to my ethernet port on the 'puter (networking set to dhcp) I can no longer access https websites. I get the IP addr from the ISP's server ok, I can go to different sites ok but all https sites return an error. The specific wording is different on different sites but basically it is indicating a security error.
Well, paste here examples.
I assume then that my router has some security certificate or similar mechanism that is passed to these sites that my 'puter doesn't. How to enable it? It would seem to be a really simple thing but I can find nothing that helps me figure it out.
No, the routers have no certificates.
Carlos: In Firefox I get "error: ssl error rx record too long" when I am connected straight from my puter to the ISP. If the router is in circuit, all works as it should. This behavior says that obviously the router is doing something that my computer is not whilst communicating with the distant server. What "that" is escapes me. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
10.02.2019 8:06, Stevens пишет:
On 2/9/19 9:00 PM, Carlos E. R. wrote:
On 10/02/2019 00.24, Stevens wrote:
I am lost. In the "I don't understand" way. Google has not helped much, either.
If I bypass my router, i.e. patch directly to my ethernet port on the 'puter (networking set to dhcp) I can no longer access https websites. I get the IP addr from the ISP's server ok, I can go to different sites ok but all https sites return an error. The specific wording is different on different sites but basically it is indicating a security error.
Well, paste here examples.
I assume then that my router has some security certificate or similar mechanism that is passed to these sites that my 'puter doesn't. How to enable it? It would seem to be a really simple thing but I can find nothing that helps me figure it out.
No, the routers have no certificates.
Carlos:
In Firefox I get "error: ssl error rx record too long" when I am connected straight from my puter to the ISP. If the router is in circuit, all works as it should. This behavior says that obviously the router is doing something that my computer is not whilst communicating with the distant server. What "that" is escapes me.
Does it happen with other browser as well? Show output of openssl s_client -connect <host-name>:443 -state < /dev/null for the same host when connected to the router and directly. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/02/2019 06.06, Stevens wrote:
On 2/9/19 9:00 PM, Carlos E. R. wrote:
In Firefox I get "error: ssl error rx record too long" when I am connected straight from my puter to the ISP. If the router is in circuit, all works as it should. This behavior says that obviously the router is doing something that my computer is not whilst communicating with the distant server. What "that" is escapes me.
Ok, that is an error I have not seen. I'll hazard a wild guess: network package size (MTU) is too large for what your ISP wants to handle. <http://www.microhowto.info/howto/change_the_mtu_of_a_network_interface.html> It uses ifconfig, which is deprecated. I'm not familiar with the alternative. It could be this: ip link to show. ip link set eth0 mtu MTU See "man ip" and "ip link help" Now, what MTU the router uses, maybe it says in its log. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2/10/19 4:16 AM, Carlos E. R. wrote:
On 10/02/2019 06.06, Stevens wrote:
On 2/9/19 9:00 PM, Carlos E. R. wrote:
In Firefox I get "error: ssl error rx record too long" when I am connected straight from my puter to the ISP. If the router is in circuit, all works as it should. This behavior says that obviously the router is doing something that my computer is not whilst communicating with the distant server. What "that" is escapes me.
Ok, that is an error I have not seen.
I'll hazard a wild guess: network package size (MTU) is too large for what your ISP wants to handle.
<http://www.microhowto.info/howto/change_the_mtu_of_a_network_interface.html>
It uses ifconfig, which is deprecated. I'm not familiar with the alternative. It could be this:
ip link to show.
ip link set eth0 mtu MTU
See "man ip" and "ip link help"
Now, what MTU the router uses, maybe it says in its log.
MTU = 1500 on both, so that ain't it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I am lost. In the "I don't understand" way. Google has not helped much, either.
If I bypass my router, i.e. patch directly to my ethernet port on the 'puter (networking set to dhcp) I can no longer access https websites. I get the IP addr from the ISP's server ok, I can go to different sites ok but all https sites return an error. The specific wording is different on different sites but basically it is indicating a security error.
I assume then that my router has some security certificate or similar mechanism that is passed to these sites that my 'puter doesn't. How to enable it? It would seem to be a really simple thing but I can find nothing that helps me figure it out
SSL 3.3 or TLS 1.2 is what my Firefox uses when connected to https sites using the router, so that doesn't seem to be the issue.
Fred I've seen this in the past, with a former ISP. Changing the device connected
Op zondag 10 februari 2019 00:24:33 CET schreef Stevens: directly to the modem required a modem restart, i.e. power off, wait > 1 minute, power on with other device connected. So, did you try turning the modem off and on again? :) -- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2/10/19 4:57 AM, Knurpht-openSUSE wrote:
I am lost. In the "I don't understand" way. Google has not helped much, either.
If I bypass my router, i.e. patch directly to my ethernet port on the 'puter (networking set to dhcp) I can no longer access https websites. I get the IP addr from the ISP's server ok, I can go to different sites ok but all https sites return an error. The specific wording is different on different sites but basically it is indicating a security error.
I assume then that my router has some security certificate or similar mechanism that is passed to these sites that my 'puter doesn't. How to enable it? It would seem to be a really simple thing but I can find nothing that helps me figure it out
SSL 3.3 or TLS 1.2 is what my Firefox uses when connected to https sites using the router, so that doesn't seem to be the issue.
Fred I've seen this in the past, with a former ISP. Changing the device connected
Op zondag 10 februari 2019 00:24:33 CET schreef Stevens: directly to the modem required a modem restart, i.e. power off, wait > 1 minute, power on with other device connected. So, did you try turning the modem off and on again? :)
Yes, no change. FYI: I can connect to https://duckduckgo.com with no error but haven't found another https site that works. From a tech article: "As we mentioned earlier, the correct listening port for HTTPS traffic is 443. So if you’re using an irregular port or you don’t have a trusted SSL/TLS certificate on that port, you’re potentially going to trigger the SSL_ERROR_RX_RECORD_TOO_LONG message." How to get a certificate on that port? Obviously the router has one, if that is the problem. OS here is Ubuntu 16.04 (not my choice at the time). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/02/2019 17.00, Stevens wrote:
On 2/10/19 4:57 AM, Knurpht-openSUSE wrote:
I am lost. In the "I don't understand" way. Google has not helped much, either.
If I bypass my router, i.e. patch directly to my ethernet port on the 'puter (networking set to dhcp) I can no longer access https websites. I get the IP addr from the ISP's server ok, I can go to different sites ok but all https sites return an error. The specific wording is different on different sites but basically it is indicating a security error.
I assume then that my router has some security certificate or similar mechanism that is passed to these sites that my 'puter doesn't. How to enable it? It would seem to be a really simple thing but I can find nothing that helps me figure it out
SSL 3.3 or TLS 1.2 is what my Firefox uses when connected to https sites using the router, so that doesn't seem to be the issue.
Fred I've seen this in the past, with a former ISP. Changing the device connected
Op zondag 10 februari 2019 00:24:33 CET schreef Stevens: directly to the modem required a modem restart, i.e. power off, wait > 1 minute, power on with other device connected. So, did you try turning the modem off and on again? :)
Yes, no change.
FYI: I can connect to https://duckduckgo.com with no error but haven't found another https site that works.
From a tech article: "As we mentioned earlier, the correct listening port for HTTPS traffic is 443. So if you’re using an irregular port or you don’t have a trusted SSL/TLS certificate on that port, you’re potentially going to trigger the SSL_ERROR_RX_RECORD_TOO_LONG message."
How to get a certificate on that port? Obviously the router has one, if that is the problem.
OS here is Ubuntu 16.04 (not my choice at the time).
There is no such thing as port certificates. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-02-10 00:24, Stevens wrote:
I am lost. In the "I don't understand" way. Google has not helped much, either.
If I bypass my router, i.e. patch directly to my ethernet port on the 'puter (networking set to dhcp) I can no longer access https websites. I get the IP addr from the ISP's server ok, I can go to different sites ok but all https sites return an error. The specific wording is different on different sites but basically it is indicating a security error.
I assume then that my router has some security certificate or similar mechanism that is passed to these sites that my 'puter doesn't. How to enable it? It would seem to be a really simple thing but I can find nothing that helps me figure it out.
You don't happen to have proxy turned on in firefox? Check under preferences and network settings. -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Andrei Borzenkov -
Bengt Gördén -
Carlos E. R. -
Knurpht-openSUSE -
Stevens