DonnyJohnny
Very Senior Member
To test need OpenSSL 1.1.1 and pc?
pixelserv pixelserv - A Better One-pixel Webserver for Adblock
- Thread starter kvic
- Start date
No, it's not required for TLS <= 1.2. It works on your good old routers.
I'm actively thinking how to enable people to try TLS 1.3 with OpenSSL 1.1.1 on existing routers. Not yet available.
DonnyJohnny
Very Senior Member
What I mean was to test tls 1.3, u need OpenSSL 1.1.1 and a pc right?
I just up a request in entware to notice them about OpenSSL 1.1.1 update. Hope they pick up and update soon.
PC with a general Linux distribution, OpenSSL 1.1.1 should be available earlier.
For example, last time around, it took Arch Linux about 5 months (if I don't remember wrong) from the release date of OpenSSL 1.1.0 to complete the migration of all dependent packages. Test library package should be available earlier.
DonnyJohnny
Very Senior Member
Seems like openwrt are already on it... hope they will be able to compile them successfully.
https://github.com/openwrt/openwrt/pull/965
Great news. I think you should go and add one comment or request. Ask OpenWRT to enable the flag...checkout #44 that I filed on Entware. Once it gets in OpenWRT. Naturally it'll trickle down
M
M@rco
Guest
Probably not much of challenge to you @kvic, but my padlock is broken I don't know what caused it, as I installed the latest release of pixelserv-tls today, updated Firefox to the latest stable version and updated my routers firmware to 384.7 beta 1, all today before I discovered it. Firefox no longer trusts access to https://router.asus.com:8443. It's throwing error MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT at me.
I removed the certificate in Firefox, re-added it after downloading it from the pixelserv IP, cleaned my cache, restarted Firefox, but to no avail. It keeps complaining about the certificate with the error mentioned before. Any suggestions what else I can try? I bypassed it making an exception, but that's not how it is supposed to work, is it? Any help would be appreciated.
I don't know what caused it, as I installed the latest release of pixelserv-tls today, updated Firefox to the latest stable version and updated my routers firmware to 384.7 beta 1, all today before I discovered it. Firefox no longer trusts access to https://router.asus.com:8443. It's throwing error MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT at me. I removed the certificate in Firefox, re-added it after downloading it from the pixelserv IP, cleaned my cache, restarted Firefox, but to no avail. It keeps complaining about the certificate with the error mentioned before. Any suggestions what else I can try? I bypassed it making an exception, but that's not how it is supposed to work, is it? Any help would be appreciated.
Probably not much of challenge to you @kvic, but my padlock is broken
I removed the certificate in Firefox, re-added it after downloading it from the pixelserv IP, cleaned my cache, restarted Firefox, but to no avail. It keeps complaining about the certificate with the error mentioned before. Any suggestions what else I can try? I bypassed it making an exception, but that's not how it is supposed to work, is it? Any help would be appreciated.
It's a huge problem for me as I don't have latest firmware. I checked on 380.66. It's fine: https://i.imgur.com/u3NnVwN.png
I think you've done the necessary but just in case: 1) you haven't imported the server cert itself. If you did, pls remove it from FF. 2) you've imported the pixelserv CA (only this matters..)
I have the pixelserv CA imported but if I don't add the exception I still get the same error as M@rco.
on FF 62 and 384.6
Phew..this one is easier.
You should access your WebUI with "xxx.ddns.net" (even you're on LAN) because you chose to generate a cert for that domain when you run config-webgui.sh so that it works on LAN and from WAN. If you only intend to access WebGUI from LAN (including through VPN server on router), you should pick "router.asus.com" instead.
So either you run the script again to generate a new cert or always access with xxx.ddns.net
M
M@rco
Guest
Been through it all, but no luck
@Makaveli, did you notice the change recently? Yesterday my padlock was still shiny green.
btw...the certificate expired already on August 12, 2018 in your screenshot. That's a bit weird since any cert generated from config-webgui.sh will be valid for 10 yrs.
I suspect something changed on FW side. Perhaps try to run config-webgui.sh to generate a new server cert. Bounce httpd or reboot router. And see if it just works.
Worth simply re-generate the certificate but no need to re-import anything..
Makaveli
Very Senior Member
Been through it all, but no luck
@Makaveli, did you notice the change recently? Yesterday my padlock was still shiny green.
I made alot of changes last night to fix the diversion pixelserv issue but I'm pretty sure it was fine on the previous version of FF.
But then again after reading Kvic's post when I go into the router on the DDNS tab i'm noticing the Server cert does show 2018/08/12 so that date is old.
I notice that too. However, if we're on TLS 1.2, everything should be same as before. So I'm busy looking for an explanation at the same time..
EDIT:
Note that the logging is MUCH faster in rc.2. So unless you have lots of messages even on LEVEL 2..then tav now will be smaller.
Protik
Senior Member
I see. will be looking forward for an explanation.
M
M@rco
Guest
Bingo! Running config-webui.sh fixed my issue, without the need to re-import the certificate. Not sure what happened, but glad it's fixed. Padlock is shiny green again
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| C | Diversion Pixelserv replacement | Asuswrt-Merlin AddOns | 2 | |
| L | Is Diversion better than NextDNS, PiHole or AdGuard Home? | Asuswrt-Merlin AddOns | 10 |
Similar threads
-
-
Is Diversion better than NextDNS, PiHole or AdGuard Home?
- Started by Logi
- Replies: 10