On 2020/01/06 17:51, Theo Buehler wrote: > Apparently, this moved from www.math... to faculty..., but the www.math > page still serves some (completely unrelated) stuff. > > Generally, people seem to want to move to https if possible, but I'm > unsure if this also holds if the server only supports TLSv1.0 with a > legacy cipher: > > $ nc -v -c -Tnoverify -Tprotocols="tlsv1" -Tciphers=legacy > faculty.missouri.edu 443 > Connection to faculty.missouri.edu (128.206.9.90) 443 port [tcp/https] > succeeded! > TLS handshake negotiated TLSv1/ECDHE-RSA-AES256-SHA with host > faculty.missouri.edu > Peer name: faculty.missouri.edu > Subject: /C=US/postalCode=65211/ST=Missouri/L=Columbia/street=1100 Carrie > Francke Dr/O=University of Missouri/OU=MU/CN=faculty.missouri.edu > Issuer: /C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA > Server CA > Valid From: Fri Aug 11 02:00:00 2017 > Valid Until: Tue Aug 11 01:59:59 2020 > Cert Hash: > SHA256:a26eb946d44ee29fee50e494965e73bb188e9e435964694865f95fd0465c81b8 > OCSP URL: http://ocsp.usertrust.com > > Index: Makefile > =================================================================== > RCS file: /var/cvs/ports/x11/xkbset/Makefile,v > retrieving revision 1.18 > diff -u -p -r1.18 Makefile > --- Makefile 12 Jul 2019 20:51:29 -0000 1.18 > +++ Makefile 6 Jan 2020 12:34:44 -0000 > @@ -5,15 +5,15 @@ COMMENT-gui= GUI for xkbset > > DISTNAME= xkbset-0.5 > PKGNAME-main= xkbset-0.5 > -REVISION-main= 3 > +REVISION-main= 4 > PKGNAME-gui= xkbset-gui-0.5 > -REVISION-gui= 2 > +REVISION-gui= 3 > CATEGORIES= x11 > # BSD > PERMIT_PACKAGE= Yes > > -HOMEPAGE= http://www.math.missouri.edu/~stephen/software/\#xkbset > -MASTER_SITES= http://www.math.missouri.edu/~stephen/software/xkbset/ > +HOMEPAGE= https://faculty.missouri.edu/~stephen/software/\#xkbset > +MASTER_SITES= https://faculty.missouri.edu/~stephen/software/xkbset/ > > MAKE_FLAGS= X11BASE="${X11BASE}" > FAKE_FLAGS= X11PREFIX="${PREFIX}" \ >
MASTER_SITES needs http, their certificate chain is broken in webserver config. GUI browsers can find it anyway (via AIA in the cert) but ftp(1) can't. $ ftp -o- https://faculty.missouri.edu/~stephen/software/xkbset/ Trying 128.206.9.90... SSL failure: certificate verification failed: unable to get local issuer certificate I don't mind either http or https for HOMEPAGE. All nice and up-to-date... Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
