Re: A Networking Mystery -
Check the certificate chain?
Re: A Networking Mystery -
Not sure how to do that, but other https sites work fine. Besides I'd think an invalid/unverified certificate would generate a more specific error message.
Attempting to log the session I get these errors:
[10728:9928:0121/121636.098:ERROR:ssl_client_socket_impl.cc(962)] handshake failed; returned -1, SSL error code 1, net_error -101
[10728:9928:0121/121640.158:ERROR:ssl_client_socket_impl.cc(962)] handshake failed; returned -1, SSL error code 1, net_error -101
[10728:9928:0121/121644.241:ERROR:ssl_client_socket_impl.cc(962)] handshake failed; returned -1, SSL error code 1, net_error -101
[10728:9928:0121/121644.244:ERROR:ssl_client_socket_impl.cc(962)] handshake failed; returned -1, SSL error code 1, net_error -101
[10728:9928:0121/121648.303:ERROR:ssl_client_socket_impl.cc(962)] handshake failed; returned -1, SSL error code 1, net_error -101
[10728:9928:0121/121648.304:ERROR:ssl_client_socket_impl.cc(962)] handshake failed; returned -1, SSL error code 1, net_error -101
This appears certificate related but also may be something else.
Re: A Networking Mystery -
last week, i changed all my websites to only accept TLS 1.3. That broke a few clients. ssllabs has an online ssl checker that can be pointed at any website.
As for tracing a cert, any ssl browser can show the cert, intermediary and final trusts. Click on the lock to get started. Every website has a different chain of trust. If someone has taken over your DNS, bad certs are the first hint of a problem I'd expect to see. Could yor home router have been hacked?
Re: A Networking Mystery -
Quote:
Originally Posted by
TheFu
…Could yor home router have been hacked?
This just in. Though unlikely, nonetheless, worth looking into: https://www.theregister.com/2021/01/...che_poisoning/
Re: A Networking Mystery -
Thanks oifr the help.
[QUOTE=TheFu;14016096]last week, i changed all my websites to only accept TLS 1.3. That broke a few clients. ssllabs has an online ssl checker that can be pointed at any website.
As for tracing a cert, any ssl browser can show the cert, intermediary and final trusts. Click on the lock to get started. Every website has a different chain of trust. If someone has taken over your DNS, bad certs are the first hint of a problem I'd expect to see. [QUOTE]
Since I never get to the actual site I don't get the certificates in the browser.
Quote:
Could your home router have been hacked?
Actually it's my office router and the ISP remotely reset it to factory defaults, thereby breaking a number of things. Various DNS checks seem to be returning the correct results.
The bank is Hancock Whitney. Their home page is www.hancockwhitney.com and the ssllabs found two IP addresses.
199.60.103.30 and 99.60.103.226 both received a B grade. Thats not too much of a problem since it's basically a home page with advertising. Logins more to another server.
When the login fails it fails with a url in the browser of https://login.hancockwhitney.com/idp...ishwb-dBanking
Checking login.hancockwhitney.com (107.162.140.171) ssllabs reports a A rating.
Re: A Networking Mystery -
For login.hancockwhitney.com I'm seeing only 107.162.140.171.
I see Entrust Certification Authority - L1K as the signer and it is a wildcard cert ... For some reason, I always thought wildcard certs were less secure. Perhaps I'm out of date?
Firefox throws up this error if I go to the IP:
Quote:
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for 107.162.140.171. The certificate is only valid for the following names: *.hancockwhitney.com, hancockwhitney.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
View Certificate
That's expected. When I use login.hancockwhitney.com, all is fine.
Have you tried creating a new userid and then tried all the different browsers under it? I'm on 16.04. Also tested chromium (not the snap) on a 20.04 test system. Cert seems fine.
Re: A Networking Mystery -
THanks for following this up.
Quote:
Originally Posted by
TheFu
For login.hancockwhitney.com I'm seeing only 107.162.140.171.
That's the only IP address I got for that one.
Quote:
I see Entrust Certification Authority - L1K as the signer and it is a wildcard cert ... For some reason, I always thought wildcard certs were less secure. Perhaps I'm out of date?
Firefox throws up this error if I go to the IP:
That's expected. When I use login.hancockwhitney.com, all is fine.
Have you tried creating a new userid and then tried all the different browsers under it? I'm on 16.04. Also tested chromium (not the snap) on a 20.04 test system. Cert seems fine.
I can try but I'm not sure I can. I wonder what changed It was working last wrrk and works one several other computers.
Re: A Networking Mystery -
Certificates apply to domain names, not IP addresses.
Re: A Networking Mystery -
I'm still working this problem.
This morning I tried an experiment.
I attempted to go through a number of computers I hadn't previously tried. I was able to connect to the bank on one computer - a 32 bit Ubuntu 16.04 LTS that I have been putting off upgrading because I have to transfer all of the configurations to 18.04 or 20.04. All of the others Windows 10 (6), Ubuntu 18.04 LTS (2), Ubuntu 20.04 LTS (1) and a single Windows Server failed. I still have a few Windows 10 computers I haven't tried.
First decided to bypass the network switch and try the 16.04 computer. I connected an ethernet cable to a port on the AT&T BGW210-700 Gateway and it worked. I leapt to the conclusion that it must be our 24 port unmanaged Netgear switch. I then tried connecting it back to the switch and it still worked. I then began trying other computers I hadn't previously tried. None of them worked.