Follow

Apparently, Let's Encrypt changed their CDN provider from Akamai to Cloudflare in order to be able to terminate TLS sessions in their own infrastructure. This seems to have exposed a couple of client errors with case handling in HTTP requests and -headers that were previously hidden by CDN magic, see issues attached to community.letsencrypt.org/t/ne
Old versions of Dehydrated and acme.sh seem to be affected, in particular (and cPanel).

· SubwayTooter · 1 · 28 · 8

@galaxis Note that it was fixed in dehydrated *before* but not always deployed github.com/lukas2511/dehydrate

"JWS has no anti-replay nonce"

@bortzmeyer Thanks for pointing to that L'E change in your previous post - I'm almost certain to run into trouble with this in some of my special installations of very old software...

(They also hinted at planning to tighten down their cipher suite selection, which is probably going to pose a host of new problems...)

Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!