:: Re: [DNG] SSL certificate on devuan…
Góra strony
Wiadomość jest częścią wątku:
M++--\pełne drzewo wątku posortowane wg daty
MMM+\MKlaus Ethgen at <-
..MMMMAdam Borowski at ->
Delete this message
Reply to this message
Autor: Klaus Ethgen
Data:  
Dla: dng
Temat: Re: [DNG] SSL certificate on devuan.org invalid
Hi folks,

Am Di den 31. Jan 2017 um 19:35 schrieb Klaus Ethgen:
> the SSL certificate for website devuan.org is invalid again and does not
> match the one in TLSA record.

That problem gets serious now. I even cannot access www.devuan.org
anymore.

On all pages I get certificate mismatch. There seems to be one that is
impersonalizing devuan.org with a faked Let's Encrypt certificate.

The Fingerprint I get currently from the website is:
CF:C6:BE:F8:22:E5:30:16:3A:50:3B:1A:B8:99:FC:9D:83:B3:E5:38

And tlsa verification gives:
~> tlsa --verify www.devuan.org
FAIL (Usage 3 [DANE-EE]): Certificate offered by the server does not match the TLSA record (46.105.191.76)
FAIL (Usage 3 [DANE-EE]): Certificate offered by the server does not match the TLSA record (2001:41d0:8:2c55::a1)

As the impersonating uses a Let's encrypt certificate I think it is a
more sever problem than just that my side would be tampered. 

Regards
   Klaus
- -- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


Wiadomość została wysłana do następujących list mailowych:
dng
Informacja o liście mailowej | Najbliższe wiadomości		<-Re: [DNG] Devuan on Raspberry PiRe: [DNG] SSL certificate on devuan.org invalid->

Donate to Dyne.org

dyne.org open discussions
administrowana przez dyne.org hackers		Lurker (wersja 2.3)