Secure Connection Failed with Firefox and Lighttpd SSL/TLS

Firefox-Lighttpd-TLS1.3.md

So apparently, Firefox and lighttpd 1.4.45 (current version on Debian 9/stable) dont get along very well.

You will have connexion issue, and a message "Secure Connection Failed".

It would seem that Firefox and Lighttpd/Openssl are negociating a TLS 1.3 connexion (a new RFC), which fails to establish. A workaround/solution is to disable TLS 1.3 in lighttpd ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1.2" but that option requires lighttpd 1.4.48.

You can get it and compile it from source (currently you get 1.4.53). Follow the guide https://redmine.lighttpd.net/projects/lighttpd/wiki/InstallFromSource It goes smoothly on debian.

apt-get build-dep lighttpd

./configure --with-openssl --prefix=/usr/local

make

make install

You can also try it, without installing it thusly (from the src folder of the cloned git) :

./lighttpd -f /etc/lighttpd/lighttpd.conf -m /tmp/lighttpd1.4/src/.libs/

According to Olaf Van Der Spek the issue is that the openssl library provided by Sury's repository (providing PHP7.2 and PHP7.1 for debian) breaks lighttpd.

Regarding the servers on which the issue appeared, those are fairly stock webservers. With unattended-upgrades configured and Sury's repository for PHP 7.2.

Ah.. I hit the same issue recently. The updated openssl from his repo
breaks lighttpd.

Here is a backport for Debian 9/stable https://github.com/AnnoyingTechnology/lighttpd-backport-debian-9-stretch