[Samba] wiki returns ERR_HTTP2_PROTOCOL_ERROR
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 17 07:03:29 UTC 2021
I dont know how handles this, but Its something that happend after the renew of the certificicate.
Thats where the misconfiguration is. Missing HPKP.
Certificate #1: EC 256 bits (SHA256withRSA)
Serial Number 0337747cc4c9caf0ca7b0eca0f4c32a44b72
Valid from Sat, 29 May 2021 05:25:24 UTC
Valid until Fri, 27 Aug 2021 05:25:24 UTC (expires in 9 days, 22 hours)
This one PIN: DT/SApt3dPXAcaf9rnVmi2YbmxUy4gHvn50WiMLNXJA= Is not published.
Certificate #2: RSA 3072 bits (SHA256withRSA)
Serial Number 041aae8a416f93319ff53f29bd2eb6b41d84
Valid from Sat, 31 Jul 2021 05:25:22 UTC
Valid until Fri, 29 Oct 2021 05:25:20 UTC (expires in 2 months and 11 days)
Pin : jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0= is published.
And with pinning HSTS used and DNS CAA, this is what i would look at first.
So why we have errors in "some" browers, these browsers enforce/follow the best settings,
Just, these have errors, so we see these.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Andrew Bartlett via samba
> Verzonden: dinsdag 17 augustus 2021 1:14
> Aan: miguel medalha; samba at lists.samba.org
> Onderwerp: Re: [Samba] wiki returns ERR_HTTP2_PROTOCOL_ERROR
> On Mon, 2021-08-16 at 23:03 +0100, miguel medalha via samba wrote:
> > > I went to access the wiki and it is returning
> > > the error ERR_HTTP2_PROTOCOL_ERROR.
> > It works here with curl 7.29.0 and 7.19.7
> > Works with Firefox 91.0
> > Doesn't work with any browser based on Chrome:
> > -- Chrome 92.0.4515.131
> > -- Edge 92.0.902.73
> > -- Brave 1.28.105 Chromium: 92.0.4515.131
> Thanks everyone for the report. I'll mention this thread to our
> sysadmin team. Our sysadmins operate on EU time so hopefully they can
> deal with it in the next EU day.
> Andrew Bartlett (he/him) https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
> Samba Development and Support, Catalyst IT - Expert Open Source
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba-technical