POV-Ray : Newsgroups : povray.general : SSL error Server Time
23 Nov 2024 09:53:17 EST (-0500)
  SSL error (Message 1 to 10 of 10)  
From: Bald Eagle
Subject: SSL error
Date: 11 Nov 2024 12:25:00
Message: <web.67323cf46987cc6fa911b6e125979125@news.povray.org>
I've been getting the following error lately:


Post a reply to this message


Attachments:
Download 'screenshot 2024-11-08 154851.png' (41 KB)

Preview of image 'screenshot 2024-11-08 154851.png'
screenshot 2024-11-08 154851.png


 

From: Kenneth
Subject: Re: SSL error
Date: 11 Nov 2024 14:05:00
Message: <web.67325482dc45172991c33a706e066e29@news.povray.org>
Maybe unrelated, but for several months now, when I try to connect to the
newsgroups here with my usual link...
      https://news.povray.org/groups/

I sometimes get a warning page instead, something like "We're having trouble
connecting to that https site" or "This site does not have an https webpage,
continue to http site instead?" -- along with a tremendous slow-down in
connecting to the 'net in general. But by simply refreshing the page, the proper
https site does comes up. That's strange.

Trying to find some solution or explanation for the slow-down itself, I've
lately been researching Cloudflare (the global DNS provider)-- and the odd
problems it is causing with some websites and servers. It's all too technical
for me to understand, but I wonder: Do the POV-ray newsgroups use the Cloudflare
service?

Or maybe my internet provider does, I don't know. But I have a gut feeling that
something about Cloudflare's workings might be the culprit here.


Post a reply to this message

From: Bald Eagle
Subject: Re: SSL error
Date: 11 Nov 2024 14:55:00
Message: <web.67326085dc451729a911b6e125979125@news.povray.org>
"Kenneth" <kdw### [at] gmailcom> wrote:
> Maybe unrelated, but for several months now, when I try to connect to the
> newsgroups here with my usual link...
>       https://news.povray.org/groups/
>
> I sometimes get a warning page instead, something like "We're having trouble
> connecting to that https site" or "This site does not have an https webpage,
> continue to http site instead?" -- along with a tremendous slow-down in
> connecting to the 'net in general. But by simply refreshing the page, the proper
> https site does comes up. That's strange.
>
> Trying to find some solution or explanation for the slow-down itself, I've
> lately been researching Cloudflare (the global DNS provider)-- and the odd
> problems it is causing with some websites and servers. It's all too technical
> for me to understand, but I wonder: Do the POV-ray newsgroups use the Cloudflare
> service?
>
> Or maybe my internet provider does, I don't know. But I have a gut feeling that
> something about Cloudflare's workings might be the culprit here.

It looks like the IP address of
new.povray.org is
203.29.75.35

( https://www.nslookup.io/domains/news.povray.org/webservers/ )
so maybe try using that directly and see if it works better for you.

Chris Cason will have to provide details about how all the rest of it works.


Post a reply to this message

From: Kenneth
Subject: Re: SSL error
Date: 21 Nov 2024 16:40:00
Message: <web.673fa681dc45172991c33a706e066e29@news.povray.org>
"Bald Eagle" <cre### [at] netscapenet> wrote:
>
> It looks like the IP address of
> new.povray.org is
> 203.29.75.35
>
> ( https://www.nslookup.io/domains/news.povray.org/webservers/ )
> so maybe try using that directly and see if it works better for you.
>

[Sorry for the long delay; real-life reared its head again...]

I gave that IP address a try; the results are...interesting:

The first page that comes up (a Firefox page, probably) says:

"Secure sight not available, continue to http instead?" Like what I had seen
before, on occasion.

By simply refreshing the page, this more ominous warning appears:
"Warning: Potential Security Risk Ahead"

I've tried it multiple times on different days; same result.

So I went to the nslookup.io site. Under "all DNS records", the info is:

news.povray.org
hosted by NETPLEX,  in the U.S (New York)
iPv4 (not iPv6)
Hallam Oaks Pty. Ltd
("Some DNS servers may return different IP addresses based on your location.")

Cloudflare is mentioned in this line:
povray.org.  1800  SOA andronicus.ns.cloudflare.com. dns.cloudflare.com

Anyway, it was a curious result, since the hosting site *seems* legitimate(?).
Although, I didn't follow through with connecting to  203.29.75.35  because of
the warning.

But as to my own wifi-signal slowdown, I'm thinking that it might instead be due
to my older wifi USB dongle (which I've been using on my desktop Windows 10
machine for years.) I get my wireless signal from my landlord's modem in his
house next door, and he gets true 'hi-speed' throughput.  My own signal
*strength* seems adequate, but my 'receive' speed tops out at about 500 Mbps
now. On a *good* day. That's *bits*, not bytes. :-(

This is a relatively new development; mine used to be *much* faster. Earlier
this year, the cable company had to install some new (and upgraded) equipment
outside the landlord's house; a lightning strike apparently fried something
important. But maybe the change resulted in my wifi dongle being technically
out-of-date now.


Post a reply to this message

From: Kenneth
Subject: Re: SSL error
Date: 21 Nov 2024 17:40:00
Message: <web.673fb60fdc45172991c33a706e066e29@news.povray.org>
"Kenneth" <kdw### [at] gmailcom> wrote:
>
> my 'receive' speed tops out at about 500 Mbps
> now. On a *good* day. That's *bits*, not bytes. :-(
>

Oops, that's 500Kbps :-( :-(  Morse-code speed over telegraph lines.


Post a reply to this message

From: Chris Cason
Subject: Re: SSL error
Date: 22 Nov 2024 07:57:26
Message: <67407fb6$1@news.povray.org>
On 12/11/2024 06:01, Kenneth wrote:
> Trying to find some solution or explanation for the slow-down itself, I've
> lately been researching Cloudflare (the global DNS provider)-- and the odd
> problems it is causing with some websites and servers. It's all too technical
> for me to understand, but I wonder: Do the POV-ray newsgroups use the Cloudflare
> service?

Yes. And this will generally provide a speedup, not slowdown (it's the entire purpose
of using cloudflare in the first place). Overall I'd be surprised if you are
encountering problems with cloudflare itself as it's pretty solid.

-- Chris


Post a reply to this message

From: Chris Cason
Subject: Re: SSL error
Date: 22 Nov 2024 08:00:51
Message: <67408083@news.povray.org>
On 12/11/2024 04:20, Bald Eagle wrote:
> I've been getting the following error lately:

You or your internet provider are using a service called "Netskope" to filter access
to websites. It picked up the fact that our SSL config was not providing the full
chain of certificates leading up to the root issuer.

I have reconfigured the server to include the full chain, so this message should go
away.

-- Chris


Post a reply to this message

From: Chris Cason
Subject: Re: SSL error
Date: 22 Nov 2024 08:09:10
Message: <67408276$1@news.povray.org>
On 22/11/2024 08:35, Kenneth wrote:
> "Secure sight not available, continue to http instead?" Like what I had seen
> before, on occasion.
> 
> By simply refreshing the page, this more ominous warning appears:
> "Warning: Potential Security Risk Ahead"

This is common when you access an SSL server by something other than the configured
names in the certificate. It is rarely an actual security risk.

In this case you hit the news server SSL directly via IP address rather than name. The
certificate served by the news server is good for povray.org but not for a raw IP
address. Hence the cert does not mention the IP as being valid and your browser notes
this fact and issues the warning. This is as designed; you need to use the DNS name.

-- Chris


Post a reply to this message

From: Bald Eagle
Subject: Re: SSL error
Date: 22 Nov 2024 08:50:00
Message: <web.67408ae5dc4517294cc51b5c25979125@news.povray.org>
Chris Cason <del### [at] deletethistoopovrayorg> wrote:

> You or your internet provider are using a service called "Netskope" to filter access
to websites.

Correct.

> It picked up the fact that our SSL config was not providing the full chain of
certificates leading up to the root iss
uer.

I guessed that it was something like that.

> I have reconfigured the server to include the full chain, so this message should go
away.

And so it has.
Thanks, Chris - for making all of this fully and smoothly functional.

- BW


Post a reply to this message

From: Kenneth
Subject: Re: SSL error
Date: 22 Nov 2024 11:45:00
Message: <web.6740b3c6dc45172991c33a706e066e29@news.povray.org>
Thanks for the excellent explanations, Chris. I have learned some new things
today!


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.