Table des matières
3 billet(s) pour janvier 2026
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Pb Icedove / Thunderbird
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/196058
You can restore the windows border with these steps:
- Close Thunderbird
- Edit the file ~/.mozilla-thunderbird/xyz1234.default/localstore.rdf
- Search the entry
<RDF:Description RDF:about=“chrome:messenger/content/messenger.xul#messengerWindow”
width="800"
height="600"
sizemode="normal"
screenX="5"
screenY="5" />
# Change the width, height and screenXY entries to the ones you see here
- Restart Thunderbird and it should have its borders again.
Pb HTTPS OCSP certificat SSL/TLS révoqué
Voir 23 000 certificats HTTPS Digicert supprimés après la fuite de clés privées
Avec Firefox
SEC_ERROR_REVOKED_CERTIFICATE
Avec Chromium
NET::ERR_CERT_REVOKED
Contexte :
Le certificat de l'entreprise a été révoqué par le fournisseur SSL/TLS suite à une fuite de clés privées (recommandation du CAB Forum ?).
Solution de contournement pour Firefox
Solution de contournement pour ne pas vérifier la révocation
about:config
security.OCSP.enabled;0 security.ssl.enable_ocsp_stapling;false
Pour info : security.OCSP.enabled;0 revient à décocher Query OCSP responder servers to confirm the current validity of certificates
Pb https Handshake failed
Voir http://shaarli.guiguishow.info/?zHR4uQ
Sur Firefox
SSL_ERROR_NO_CYPHER_OVERLAP
Sur Chromium
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
$ curl --verbose --show-error https://www.2shared.com/file/P6RHTpy6/LG_Root.html * Trying 156.154.175.30:443... ^C $ curl https://www.2shared.com/file/P6RHTpy6/LG_Root.html curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
$ openssl s_client -debug -connect www.2shared.com:443 ^C $ openssl s_client -debug -connect www.2shared.com:443 ... 140021219538240:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1543:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 307 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- read from 0x556020bbf0a0 [0x556020bb52d0] (8192 bytes => 0 (0x0))
$ gnutls-cli www.2shared.com:443 Processed 129 CA certificate(s). Resolving 'www.2shared.com:443'... Connecting to '156.154.175.30:443'... ^C $ gnutls-cli www.2shared.com:443 Processed 129 CA certificate(s). Resolving 'www.2shared.com:443'... Connecting to '156.154.175.30:443'... *** Fatal error: A TLS fatal alert has been received. *** Received alert [40]: Handshake failed
Diag
Connaître les algos de chiffrements pris en charge
openssl ciphers
gnutls-cli -l
Pb HTTPS - Peer's certificate issuer is not recognized - NSS error -8179
Peer's certificate issuer is not recognized
curl --show-error --verbose https://www.acme.fr * About to connect() to www.acme.fr port 443 (#0) * Trying 46.18.134.141... connected * Connected to www.acme.fr (192.168.12.12) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Peer's certificate issuer is not recognized: 'CN=GlobalSign Extended Validation CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE' * NSS error -8179 * Closing connection #0 * Peer certificate cannot be authenticated with known CA certificates curl: (60) Peer certificate cannot be authenticated with known CA certificates More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option
Solution
yum install ca-certificates
Pb hostname FQDN return simple name
La commande hostname -f retourne le nom simple
# hostname -f srv1
Mais hostnamectl retourne bien le FQDN
# hostnamectl |grep hostname
Static hostname: srv1.acme.local
Solution
Le FQDN doit être en première position juste après l'IP dans le /etc/hosts
- /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 #192.168.10.10 srv1 srv1.acme.local 192.168.10.10 srv1.acme.local srv1