this post was submitted on 27 Feb 2024
13 points (78.3% liked)

Fediverse

17683 readers
9 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 4 years ago
MODERATORS
deadsuperhero@lemmy.ml
wakest@lemmy.ml
13
Is diroot.org having license issues? (lemmy.ml)
submitted 8 months ago* (last edited 8 months ago) by kixik@lemmy.ml to c/fediverse@lemmy.ml
10 comments fedilink hide all child comments
 

https://disroot.org provides several decentralized federated services, as email and xmpp, besides other cloud services as well... But not sure if asking here is right or not, but don't know anywhere to ask either...

Is it having a license issue, does anyone know about it? Any status updates?

Websites prove their identity via certificates. LibreWolf does not trust this site because it uses a certificate that is not valid for disroot.org. The certificate is only valid for p1lg502277.dc01.its.hpecorp.net.
 
Error code: SSL_ERROR_BAD_CERT_DOMAIN

But also:

disroot.org has a security policy called HTTP Strict Transport Security (HSTS), which means that LibreWolf can only connect to it securely. You can’t add an exception to visit this site.

The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.

I also tested with ungoogled chromium and pretty similar thing...

Anyonea aware, and also about disroot saying on this?

Edit (sort of understood already, no issue with disroot at all): The issue only shows up under the office VPN. It seems like disroot is not recognizing the office's cert...

Edit: Solved. Yes it's the office replacing the original cert with its own, as someone suggested. Thanks to all.

top 10 comments
sorted by: hot top controversial new old
[–] delirious_owl@discuss.online 6 points 8 months ago (2 children)

Sounds like your network is doing something evil. Try it in TAILS.

[–] lemmyvore@feddit.nl 4 points 8 months ago

Their company is attempting to hijack TLS connections to eavesdrop on their browsing.

It only works with websites that also offer a non-TLS version (which the hijacker uses to fetch content and then re-encrypts with their own certificate after they've snooped). But it doesn't work if the website doesn't have a non-TLS version and/or specifies it should only be used with TLS.

Another way for it to work is for the company to get their own certificates on the machine, which is very easy if it's a work-issued machine. But I'm guessing OP is not using a work machine.

[–] kixik@lemmy.ml 2 points 8 months ago

Yeap, got it. Thanks a lot !

[–] slazer2au@lemmy.world 4 points 8 months ago (1 children)

Your work is essentially doing a man in the middle on your traffic which is something you agreed to in your employment contract.

For security reasons companies will inspect user traffic for to make sure they are not accessing anything they shouldn't be.

This doesn't mean someone is actually looking at what you are doing, it just means that if something is trying to sneak in via a TLS session it will be picked up

[–] kixik@lemmy.ml 2 points 8 months ago

Thanks !

[–] poVoq 3 points 8 months ago (1 children)

You mean TLS certificate issues? Looks ok in Firefox here.

[–] kixik@lemmy.ml 2 points 8 months ago* (last edited 8 months ago) (1 children)

Ohh, thanks for that... I noticed when under the office's VPN, it doesn't work, :( Which is really bad to me, since it then block any services from it, :(

It seems like disroot doesn't like the office's cert when connected through VPN...

Thaks for replying !

[–] johannes@lemmy.jhjacobs.nl 5 points 8 months ago (2 children)

Your office is inspecting the network traffic, and replacing the original certificate with its own certificate.

The problem is with your office firewall most likely :)

[–] kixik@lemmy.ml 1 points 8 months ago

understood, thanks !

[–] kixik@lemmy.ml 1 points 8 months ago

Yeap, thanks a lot !