[Samba] wiki returns ERR_HTTP2_PROTOCOL_ERROR

L.P.H. van Belle belle at bazuin.nl
Tue Aug 17 07:03:29 UTC 2021 

Hai, 


I dont know how handles this, but Its something that happend after the renew of the certificicate. 
Thats where the misconfiguration is. Missing HPKP. 

Certificate #1: EC 256 bits (SHA256withRSA) 
Serial Number	0337747cc4c9caf0ca7b0eca0f4c32a44b72
Valid from	Sat, 29 May 2021 05:25:24 UTC
Valid until	Fri, 27 Aug 2021 05:25:24 UTC (expires in 9 days, 22 hours)
This one  PIN:  DT/SApt3dPXAcaf9rnVmi2YbmxUy4gHvn50WiMLNXJA=    Is not published. 


Certificate #2: RSA 3072 bits (SHA256withRSA)
Serial Number	041aae8a416f93319ff53f29bd2eb6b41d84
Valid from	Sat, 31 Jul 2021 05:25:22 UTC
Valid until	Fri, 29 Oct 2021 05:25:20 UTC (expires in 2 months and 11 days)
Pin :  jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0= is published. 

And with pinning HSTS used and DNS CAA, this is what i would look at first.

Published PIN's
pin-sha256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
pin-sha256: jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=
pin-sha256: J2/oqMTsdhFWW/n85tys6b4yDBtb6idZayIEBx7QTxA=


So why we have errors in "some" browers, these browsers enforce/follow the best settings,
Just, these have errors, so we see these. 



Greetz, 

Louis

 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Andrew Bartlett via samba
> Verzonden: dinsdag 17 augustus 2021 1:14
> Aan: miguel medalha; samba at lists.samba.org
> Onderwerp: Re: [Samba] wiki returns ERR_HTTP2_PROTOCOL_ERROR
> 
> On Mon, 2021-08-16 at 23:03 +0100, miguel medalha via samba wrote:
> > > I went to access the wiki and it is returning
> > > the error ERR_HTTP2_PROTOCOL_ERROR.
> > 
> > It works here with curl 7.29.0 and 7.19.7
> > 
> > Works with Firefox 91.0
> > 
> > Doesn't work with any browser based on Chrome:
> > -- Chrome  92.0.4515.131
> > -- Edge 92.0.902.73
> > -- Brave 1.28.105 Chromium: 92.0.4515.131
> 
> Thanks everyone for the report.  I'll mention this thread to our
> sysadmin team.  Our sysadmins operate on EU time so hopefully they can
> deal with it in the next EU day.
> 
> Andrew,
> 
> -- 
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
> 
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba-technical mailing list