Jump to content

SSL errors

fbax

By fbax
in Website

Followers 2

Recommended Posts

fbax

+fbax

Posted
Posted

Starting this morning; I get the following error when accessing geocaching.com

 

An error occurred during a connection to www.geocaching.com.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

Link to comment
stebu

stebu

Posted
Posted

Starting this morning; I get the following error when accessing geocaching.com

 

An error occurred during a connection to www.geocaching.com.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

They seem to have moved from TSL 1.0 to a newer version (TSL 1.1 or 1.2). Older Android devices can't cope with this :( My 4.1 doesn't work. :angry:

Link to comment
fbax

+fbax

Posted
  • Author
Posted

Starting this morning; I get the following error when accessing geocaching.com

 

An error occurred during a connection to www.geocaching.com.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

 

This issue simply "went away" after a few hours without any changes.

 

Now this message appears when trying to access forum website. :(

Link to comment
The A-Team

+The A-Team

Posted
Posted

This issue simply "went away" after a few hours without any changes.

Just as quietly as Groundspeak turned off TLS 1.0, they've turned it back on.

 

I bet one of these two scenarios occurred:

1. They intentionally turned off TLS 1.0, but neglected to consider the impact this would have on the users and failed to notify users either before or after the change. They now realize how much of an impact this has, and have rolled back.

2. They intended to make the change at some point in the future, but the change was mistakenly made before communication was ready. The mistake was caught and rolled back.

 

I'd like to think this was simply an unintentional mistake, but I fear it may have actually been closer to scenario 1. based on past experience.

 

@Groundspeak, here's a good reference for how much of an impact this would have. While you're changing this, you might want to consider doing some other "hardening" at the same time. SSL Labs gives you a "B" rating, but it probably wouldn't take much effort to get that up to an "A" with sorting of cipher suites and updating SSL certs. We recently did this on a number of servers at my company and there's a tool which makes this process very easy.

Link to comment
stebu

stebu

Posted
Posted

Just as quietly as Groundspeak turned off TLS 1.0, they've turned it back on.

 

I bet one of these two scenarios occurred:

1. They intentionally turned off TLS 1.0, but neglected to consider the impact this would have on the users and failed to notify users either before or after the change. They now realize how much of an impact this has, and have rolled back.

2. They intended to make the change at some point in the future, but the change was mistakenly made before communication was ready. The mistake was caught and rolled back.

 

I'd like to think this was simply an unintentional mistake, but I fear it may have actually been closer to scenario 1. based on past experience.

 

@Groundspeak, here's a good reference for how much of an impact this would have. While you're changing this, you might want to consider doing some other "hardening" at the same time. SSL Labs gives you a "B" rating, but it probably wouldn't take much effort to get that up to an "A" with sorting of cipher suites and updating SSL certs. We recently did this on a number of servers at my company and there's a tool which makes this process very easy.

Words of wisdom!

Link to comment
Lineflyer

+Lineflyer

Posted
Posted

Groundspeak should also consider, that millions of older mobile devices out there are not supporting anything higher than TSL1.0 (e.g. Android devices below version 5.0).

You can easily see this in the chapter "Handshake simulation" on https://www.ssllabs.com/ssltest/analyze.html?d=www.geocaching.com

 

I wasn't able to access the website anymore yesterday with my android tablet running 4.x.

Link to comment
SammysHP

+SammysHP

Posted
Posted

While you're changing this, you might want to consider doing some other "hardening" at the same time. SSL Labs gives you a "B" rating, but it probably wouldn't take much effort to get that up to an "A" with sorting of cipher suites and updating SSL certs. We recently did this on a number of servers at my company and there's a tool which makes this process very easy.

In fact they had an A rating with the new configuration (and with a better signature algorithm for one certificate in the chain they would have had an A+ rating).

 

It's sad that there is no official statement from Groundspeak.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 2
Go to topic listing
×
×
  • Create New...