Bug #10655
closedntopng fails with letsencrypt ECC certificates
0%
Description
Configuring ntopng to use letsencrypt certificates (via the Acme package) works with default RSA 2048 bit certificates. However if the certificate is configured with a 384 bit ECDSA certificate the ntopng server returns a Handshake error to all web browsers trying to connect. While the work-around to use RSA certificates isn't horrible, finding the source of the error is relatively difficult. I've seen the error reported on the web in a number of places with no resolution (google ntopng "ERR_SSL_VERSION_OR_CIPHER_MISMATCH") and only one relatively hidden reference from a year and a half ago that led to a solution. (https://forum.netgate.com/topic/116404/ntopng-and-let-s-encrypt-certificates) I didn't see an open bug report for this.
Updated by Viktor Gurov almost 4 years ago
It seems ntopng 3.8 issue, is the same error ERR_SSL_VERSION_OR_CIPHER_MISMATCH with EC-256 certificate
but there is no any errors on pfSense 2.5 snapshot with ntopng 4.0
Updated by Jim Pingle almost 4 years ago
- Status changed from New to Resolved
If it works on the latest ntopng then it's already been fixed upstream. It may also be fixed by the newer OpenSSL on 2.5.0. Either way there is nothing to do here, those changes have already been implemented in master.