On Fri, Jan 06, 2017 at 10:59:40AM +0100, Solène Rapenne wrote: > Le 2017-01-06 10:47, Solène Rapenne a écrit : > > Le 2017-01-06 10:38, Landry Breuil a écrit : > > > On Fri, Jan 06, 2017 at 10:33:04AM +0100, Solène Rapenne wrote: > > > > Hello, > > > > > > > > I upgraded my amd64 -current this morning (OpenBSD 6.0-current > > > > (GENERIC.MP) > > > > #110: Thu Jan 5 20:32:18 MST 2017) > > > > > > > > With the latest firefox version (firefox-50.1.0) I can't connect to > > > > www.google.com, I get the following message > > > > > > > > Your connection is not secure > > > > The website tried to negotiate an inadequate level of security. > > > > google.com uses security technology that is outdated and > > > > vulnerable to > > > > attack. An attacker could easily reveal information which you > > > > thought to be > > > > safe. The website administrator will need to fix the server > > > > first before you > > > > can visit the site. > > > > Error code: NS_ERROR_NET_INADEQUATE_SECURITY > > > > > > > > > > > > I tried a few others SSL websites and they all works. > > > > > > Iirc that's due to the fact that some certs were removed from cert.pem > > > and those were in the cert chain for google. Should be fixed or a > > > fix is > > > in the works. > > > > > > That's the perfect occasion to start using another search engine which > > > respects users' privacy :) > > > > > > Landry > > > > For what it worth, the problem occurs with firefox-esr too, but it > > doesn't > > show an error, it just fails silently and keep the current page viewed. > > thanks to johany@ on IRC, setting network.http.spdy.enabled.http2 to false > in > about:config works as a workaround
Ah. Then maybe it's a fuckup with TLS1.3 in nss 3.28. Maybe 3.28.1 will fix this. Or not. Landry