Alex, Rob, So I advised to run through Qualsys’s SSL Test: https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com <https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com> It’s pretty much fine, I did manually run though LibreSSL 2.6.5 with OSX 10.14.6 and it errors out, but that’s usually an edge case. ____________ eric$ openssl s_client -connect coronavirustechhandbook.com:443 -showcerts -tls1_2 -crlf CONNECTED(00000006) 4526024300:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 40 4526024300:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1584736646 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Mar 20, 2020, at 4:34 PM, Alexandre Petrescu > <alexandre.petre...@gmail.com> wrote: > > please stop writing me private emails, thank you, with due politeness and > smiley :-) > > > > Alex, LF/HF 2 > Le 20/03/2020 à 19:40, Rob Pickering a écrit : >> >> >> On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu >> <alexandre.petre...@gmail.com <mailto:alexandre.petre...@gmail.com>> wrote: >> CA==Certificate Authority >> >> the browser makes me questions before allowing me to see the content, after >> I click the indicated URL >> >> LF/HF >> What root CA list are you using? >> >> I'm not at all involved in their hosting, but it looks like they are sitting >> behind Cloudflare SSL which is trusted by the default CA list of the browser >> vendor on my desktop. >> >> -- >> Rob Pickering, r...@pickering.org <mailto:r...@pickering.org>