Project

General

Profile

Actions

Bug #10655

closed

ntopng fails with letsencrypt ECC certificates

Added by Howard Holm almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
ntop
Target version:
-
Start date:
06/11/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.5-p1
Affected Plus Version:
Affected Architecture:

Description

Configuring ntopng to use letsencrypt certificates (via the Acme package) works with default RSA 2048 bit certificates. However if the certificate is configured with a 384 bit ECDSA certificate the ntopng server returns a Handshake error to all web browsers trying to connect. While the work-around to use RSA certificates isn't horrible, finding the source of the error is relatively difficult. I've seen the error reported on the web in a number of places with no resolution (google ntopng "ERR_SSL_VERSION_OR_CIPHER_MISMATCH") and only one relatively hidden reference from a year and a half ago that led to a solution. (https://forum.netgate.com/topic/116404/ntopng-and-let-s-encrypt-certificates) I didn't see an open bug report for this.

Actions

Also available in: Atom PDF