Is diroot.org having license issues?
from kixik@lemmy.ml to fediverse@lemmy.ml on 27 Feb 2024 00:18
https://lemmy.ml/post/12458121

disroot.org provides several decentralized federated services, as email and xmpp, besides other cloud services as well… But not sure if asking here is right or not, but don’t know anywhere to ask either…

Is it having a license issue, does anyone know about it? Any status updates?

Websites prove their identity via certificates. LibreWolf does not trust this site because it uses a certificate that is not valid for disroot.org. The certificate is only valid for p1lg502277.dc01.its.hpecorp.net.
 
Error code: SSL_ERROR_BAD_CERT_DOMAIN

But also:

disroot.org has a security policy called HTTP Strict Transport Security (HSTS), which means that LibreWolf can only connect to it securely. You can’t add an exception to visit this site.

The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.

I also tested with ungoogled chromium and pretty similar thing…

Anyonea aware, and also about disroot saying on this?

Edit (sort of understood already, no issue with disroot at all): The issue only shows up under the office VPN. It seems like disroot is not recognizing the office’s cert…

Edit: Solved. Yes it’s the office replacing the original cert with its own, as someone suggested. Thanks to all.

#fediverse

threaded - newest

poVoq@slrpnk.net on 27 Feb 2024 00:40 next collapse

You mean TLS certificate issues? Looks ok in Firefox here.

kixik@lemmy.ml on 27 Feb 2024 01:47 collapse

Ohh, thanks for that… I noticed when under the office’s VPN, it doesn’t work, :( Which is really bad to me, since it then block any services from it, :(

It seems like disroot doesn’t like the office’s cert when connected through VPN…

Thaks for replying !

johannes@lemmy.jhjacobs.nl on 27 Feb 2024 05:08 collapse

Your office is inspecting the network traffic, and replacing the original certificate with its own certificate.

The problem is with your office firewall most likely :)

kixik@lemmy.ml on 27 Feb 2024 09:36 next collapse

understood, thanks !

kixik@lemmy.ml on 27 Feb 2024 09:40 collapse

Yeap, thanks a lot !

delirious_owl@discuss.online on 27 Feb 2024 04:07 next collapse

Sounds like your network is doing something evil. Try it in TAILS.

lemmyvore@feddit.nl on 27 Feb 2024 05:13 next collapse

Their company is attempting to hijack TLS connections to eavesdrop on their browsing.

It only works with websites that also offer a non-TLS version (which the hijacker uses to fetch content and then re-encrypts with their own certificate after they’ve snooped). But it doesn’t work if the website doesn’t have a non-TLS version and/or specifies it should only be used with TLS.

Another way for it to work is for the company to get their own certificates on the machine, which is very easy if it’s a work-issued machine. But I’m guessing OP is not using a work machine.

kixik@lemmy.ml on 27 Feb 2024 09:36 collapse

Yeap, got it. Thanks a lot !

slazer2au@lemmy.world on 27 Feb 2024 08:07 collapse

Your work is essentially doing a man in the middle on your traffic which is something you agreed to in your employment contract.

For security reasons companies will inspect user traffic for to make sure they are not accessing anything they shouldn’t be.

This doesn’t mean someone is actually looking at what you are doing, it just means that if something is trying to sneak in via a TLS session it will be picked up

kixik@lemmy.ml on 27 Feb 2024 09:40 collapse

Thanks !