I am trying view this URL, but can't even get an index page with Konqueror: https://devtalk.nvidia.com The certificate and other details of SSL here are valid. This uses sha256, and is signed and valid. So far as I know DigiCert (the signer) is one which is not banned (though Google sold this off). The certificate is valid from Sept. 11, 2018 (it is now Sept. 15, 2018) until Sept. 12, 2020 (the date range is valid). This does not seem to be a case of rejecting weaker protocols and despite 100% validity in the chain, the site is refused with: ERR_INSECURE_RESPONSE It looks like konqueror has a bug parsing this. Konqueror should not mark this as invalid. Since the ERR_INSECURE_RESPONSE is the only thing the browser gives as information the only debugging I can perform is to report this as a bug. It would be much more helpful if such an error message had the ability to give verbose details of why a site is rejected (e.g., if it said the CA is not accepted, then I would not need to report a bug...but if it says it is only SHA1, then I could guarantee it is a bug). All components of the Linux host (Fedora 27) are kept up-to-date, including SSL and OpenSSH libraries. All other browsers I've tried from Linux accept this site and suggest the certificate is authentic. The issue seems to be a bug in konqueror, and not one of the certificate. SHA-256 fingerprint: 90:49:6B:CE:BE:D5:1F:0E:57:CE:40:8C:A3:E1:A1:B0:5B:B2:CA:68:76:19:44:2B:A1:B0:5F:A2:56:05:EE:03 SHA1 fingerprint: 25:91:64:E5:DC:18:07:89:9C:F1:66:C2:46:84:99:42:37:E8:87:25 Perhaps the existence of a SHA1 fingerprint is causing Konqueror to not look for SHA256? Is it forbidden to have SHA1 signature even when a valid SHA256 signature is in place?
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version? If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
I no longer have a Fedora system to test from.
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!