Skip to content

Instantly share code, notes, and snippets.

@AnnoyingTechnology

AnnoyingTechnology/Firefox-Lighttpd-TLS1.3.md

Created December 7, 2018 09:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AnnoyingTechnology/cc0130e6eaf347812a3fc4509e135b9e to your computer and use it in GitHub Desktop.
Save AnnoyingTechnology/cc0130e6eaf347812a3fc4509e135b9e to your computer and use it in GitHub Desktop.
Download ZIP
Secure Connection Failed with Firefox and Lighttpd SSL/TLS
Raw
Firefox-Lighttpd-TLS1.3.md

So apparently, Firefox and lighttpd 1.4.45 (current version on Debian 9/stable) dont get along very well.

You will have connexion issue, and a message "Secure Connection Failed".

It would seem that Firefox and Lighttpd/Openssl are negociating a TLS 1.3 connexion (a new RFC), which fails to establish. A workaround/solution is to disable TLS 1.3 in lighttpd ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1.2" but that option requires lighttpd 1.4.48.

You can get it and compile it from source (currently you get 1.4.53). Follow the guide https://redmine.lighttpd.net/projects/lighttpd/wiki/InstallFromSource It goes smoothly on debian.

apt-get build-dep lighttpd

./configure --with-openssl --prefix=/usr/local

make

make install

You can also try it, without installing it thusly (from the src folder of the cloned git) :

./lighttpd -f /etc/lighttpd/lighttpd.conf -m /tmp/lighttpd1.4/src/.libs/

@AnnoyingTechnology
Copy link
Author

AnnoyingTechnology commented Dec 7, 2018
edited

Here is a backport for Debian 9/stable https://github.com/AnnoyingTechnology/lighttpd-backport-debian-9-stretch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment