Project

General

Profile

Actions

Bug #10655

closed

ntopng fails with letsencrypt ECC certificates

Added by Howard Holm over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
ntop
Target version:
-
Start date:
06/11/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.5-p1
Affected Plus Version:
Affected Architecture:

Description

Configuring ntopng to use letsencrypt certificates (via the Acme package) works with default RSA 2048 bit certificates. However if the certificate is configured with a 384 bit ECDSA certificate the ntopng server returns a Handshake error to all web browsers trying to connect. While the work-around to use RSA certificates isn't horrible, finding the source of the error is relatively difficult. I've seen the error reported on the web in a number of places with no resolution (google ntopng "ERR_SSL_VERSION_OR_CIPHER_MISMATCH") and only one relatively hidden reference from a year and a half ago that led to a solution. (https://forum.netgate.com/topic/116404/ntopng-and-let-s-encrypt-certificates) I didn't see an open bug report for this.

Actions #1

Updated by Viktor Gurov over 1 year ago

It seems ntopng 3.8 issue, is the same error ERR_SSL_VERSION_OR_CIPHER_MISMATCH with EC-256 certificate

but there is no any errors on pfSense 2.5 snapshot with ntopng 4.0

Actions #2

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Resolved

If it works on the latest ntopng then it's already been fixed upstream. It may also be fixed by the newer OpenSSL on 2.5.0. Either way there is nothing to do here, those changes have already been implemented in master.

Actions

Also available in: Atom PDF