Re: firefox palemoon waterfox baselisk problem, not on chromium

To: debian-user@lists.debian.org
Cc: sp113438@telfort.nl
Subject: Re: firefox palemoon waterfox baselisk problem, not on chromium
From: arne <sp113438@telfort.nl>
Date: Fri, 30 Nov 2018 23:05:19 +0100
Message-id: <[🔎] 20181130230519.3b78c6a1@ryzen>
In-reply-to: <20181020072719.qen7amjoefadtl7i@p5k.home>
References: <20181020021657.305c6788@ryzen> <20181020062200.gtjqtgdbq3ecqp74@p5k.home> <08530714a7eda5e146b7b3dbc51b6610@gmail.com> <20181020072719.qen7amjoefadtl7i@p5k.home>
On Sat, 20 Oct 2018 10:27:19 +0300
Reco <recoverym4n@enotuniq.net> wrote:

> > > > Any ideas what can be the solution?  
> > > 
> > > A better question would be - what's the actual problem.
> > > 'Secure Connection Failed' can refer to many things, such as
> > > certificate/domain mismatch, certificate expiration, wrong TLS
> > > protocol version etc.
> > > Any Modern Browser™ hides these details from you, so Firefox (for
> > > instance) itself is hardly suited for the troubleshooting.
> > > 
> > > So I propose this for starters:
> > > 
> > > openssl s_client -connect www.google.com:443
> > > 
> > > Reco  
> > 
> > Is this something about google enforcing https everywhere ?  
> 
> That's a part of the problem, of course. Plain HTTP does not have
> these kind of problems (but there are another ones and HTTPS was
> invented to solve these).
> But I don't have any useful information (yet) to even start
> suspecting something.
> 
> Reco
> 

# openssl s_client -connect www.youtube.com:443

CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet
Authority G3 verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN
= *.google.com verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.google.com
   i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
 1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIgjCCB2qgAwIBAgIIKLskhPTDJakwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc
R29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzAeFw0xODExMDcwODU5MDBaFw0x
OTAxMzAwODU5MDBaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgTExDMRUw
EwYDVQQDDAwqLmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC9t8q7r6/5Yk1AbkdU/AnqOr3i5sd2OwncTPJOtSZR8hwPIuUQwprVG1qB
GvPFDs/rSxmTFESO61WGqcE5MNx3S/JZoF+3J46WxOo0+MrkRMAXJm8MVtlwLI7t
RF11UXFgC3KleL2coIwi7O6eA5zBtq6uG5yGslaAVoImW434MYCcypYep5plqXQu
E6ALUTp6sypfUsEJSlTVC7Er94mtGydVZbFfg8btHyvqrfVtI9UQjacTkKQ3pHgw
Atw+WKmLXPOkqQjde2ZDyNc/O/qCWk3WOP68GPEYIlnhq3/1GNq5UaxntGs1B3Py
cWOThdtoNss+qUZyFr8wjoHhTh7xAgMBAAGjggVEMIIFQDATBgNVHSUEDDAKBggr
BgEFBQcDATCCBBkGA1UdEQSCBBAwggQMggwqLmdvb2dsZS5jb22CDSouYW5kcm9p
ZC5jb22CFiouYXBwZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNv
bYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIKKi5nZ3BodC5jboIWKi5nb29nbGUt
YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds
ZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2ds
ZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdv
b2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8q
Lmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29n
bGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyou
Z29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdv
b2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVv
LmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tghIqLmdzdGF0aWNjbmFw
cHMuY26CCiouZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMu
Y29tggwqLnVyY2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CFioueW91dHViZS1u
b2Nvb2tpZS5jb22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5j
b22CESoueW91dHViZWtpZHMuY29tggcqLnl0LmJlggsqLnl0aW1nLmNvbYIaYW5k
cm9pZC5jbGllbnRzLmdvb2dsZS5jb22CC2FuZHJvaWQuY29tghtkZXZlbG9wZXIu
YW5kcm9pZC5nb29nbGUuY26CHGRldmVsb3BlcnMuYW5kcm9pZC5nb29nbGUuY26C
BGcuY2+CCGdncGh0LmNuggZnb28uZ2yCFGdvb2dsZS1hbmFseXRpY3MuY29tggpn
b29nbGUuY29tghJnb29nbGVjb21tZXJjZS5jb22CGHNvdXJjZS5hbmRyb2lkLmdv
b2dsZS5jboIKdXJjaGluLmNvbYIKd3d3Lmdvby5nbIIIeW91dHUuYmWCC3lvdXR1
YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIPeW91dHViZWtpZHMuY29tggV5
dC5iZTBoBggrBgEFBQcBAQRcMFowLQYIKwYBBQUHMAKGIWh0dHA6Ly9wa2kuZ29v
Zy9nc3IyL0dUU0dJQUczLmNydDApBggrBgEFBQcwAYYdaHR0cDovL29jc3AucGtp
Lmdvb2cvR1RTR0lBRzMwHQYDVR0OBBYEFObMyCuhg19JGNBh1sBz1UeG0030MAwG
A1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUd8K4UJpndnaxLcKG0IOgfqZ+ukswIQYD
VR0gBBowGDAMBgorBgEEAdZ5AgUDMAgGBmeBDAECAjAxBgNVHR8EKjAoMCagJKAi
hiBodHRwOi8vY3JsLnBraS5nb29nL0dUU0dJQUczLmNybDANBgkqhkiG9w0BAQsF
AAOCAQEAEZjuAyJiuldoNJXyiaMbAI2d52r62N8nJh/Yse9s6ubmWvIeMWdtR/Ls
7dNhOtv1OS/IbBuw3q77rZiD3GL8TT0q0Phb5h1DQuK36tAZgZlMhHWDKwI2RLGd
DX+jgeykZBXzRaeYo8Z8W3igrKv3YQdrCQ1FHaVpIwTgyMl3/gAtQix+MXOkgGmI
AcSFl4inlNgKnRuX6yg99T23gtiG4lpuMPPZfH2WSKXKxzNOQsxqbWZ4w0D3cBfg
qvOXZ9p0TGMUllqLoIgELl0SAasRhe33OOtfHCiPiCtrTfH20o4mXLu8ZRANdcqU
tqTkyPdC7xULDzNYRQgfgM2MUWS5iA==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.google.com
issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3978 bytes and written 261 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    Session-ID:
72DCB3E94FCF24E2A2458996163C2E454EE285BADA326445CC7EC1468267EF8D
Session-ID-ctx: Master-Key:
A1966236408AE4D096A8AEE5C709877F63287D4A5CFA7ECE3EF5199454CC2A1A09B7F3CD0158FBC771D43E996C26F1E2
PSK identity: None PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 00 3b 73 b5 a3 5f 61 58-fc 17 56 0b 6f 5f cb
40   .;s.._aX..V.o_.@ 0010 - 38 dd d2 7c 09 14 f1 56-71 da 13 76 cd 8c
28 07   8..|...Vq..v..(. 0020 - d2 9e fe 6a 3b 47 d2 5c-4e dc 0e 8b 91
ec 16 71   ...j;G.\N......q 0030 - 74 e1 7f 5c 82 b6 e5 2e-c9 24 62 f3
e0 dd ff 00   t..\.....$b..... 0040 - 95 e2 10 2f 35 18 dc 07-53 bd 7d
d2 0e ce ca bc   .../5...S.}..... 0050 - c4 ec 5a 2a da 74 84 21-5e 67
78 7f 02 fa a5 0f   ..Z*.t.!^gx..... 0060 - a0 cf fb 4e f7 8a 40 1a-c5
08 d8 cf 3f c0 a5 85   ...N..@.....?... 0070 - fd 35 75 1e 3d 12 ba
73-01 81 e4 63 90 f9 53 24   .5u.=..s...c..S$ 0080 - e9 b1 98 7a e2 13
34 de-e3 d2 41 0d 19 76 7f a5   ...z..4...A..v.. 0090 - c1 c2 73 5b 8d
fe 7a f5-58 a1 6d d0 7d 7b bf bd   ..s[..z.X.m.}{.. 00a0 - 9e 88 d8 97
bb fb 2c f1-2a f0 76 a8 ee a6 46 da   ......,.*.v...F. 00b0 - eb 5d 6b
68 04 55 60 05-a2 0a 9e e5 15 e0 d5 b2   .]kh.U`......... 00c0 - af 83
70 fe 11 99 0e 1d-d5 9a b5 27 f9 c1 86 6a   ..p........'...j 00d0 - c2
1e aa b3 09 a9 17 2c-37                        .......,7 00da -
<SPACES/NULS>

    Start Time: 1543615272
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
read:errno=0

++++++++++++++++++++++++++++++++++
palemoon gives:

Secure Connection Failed

The connection to www.youtube.com was interrupted while the page was
loading.

    The page you are trying to view cannot be shown because the
    authenticity of the received data could not be verified. Please
    contact the website owners to inform them of this problem.

++++++++++++++++++++++++++++++++++

Hope this helps
Reply to:
Prev by Date: Re: [OT?] home partition vs. home directory
Previous by thread: Re: [OT?] home partition vs. home directory
Index(es):
- Date
- Thread