Subtle changes, bugs and feedback

Brought this up on the mods thread a few days ago. I'm still unable to see most images on the site. It makes the Classifieds difficult to use, and the funnies less funny. Anyone else having problems? Using chrome on a macbook.

I don't know of any issue that should be affecting you.

Are you accessing over https ?
Does the site logo load ?
Can you grab console output from Chrome Developer Tools for pages in which it fails ?
Can you generate a HAR file and send it to me at david@buro9.com for a page in which the images are failing ?

Yes, https.

The site logo was failing to load until recently but seems to be working again now. On this page, only tester's avatar has failed. Most images in classifieds still failing.

I have followed the instructions and emailed you an HAR file.

I have this image problem in Opera. Started happening a couple of weeks ago.

If I get the direct link for an image an open it in a new tab I get:

"Secure connection: fatal error (40) from server.

https://lfgss.microcosm.app/api/v1/files/912dd7046eb750484ca753880b2a59ee9b65ab04.JPG

Failed to connect to server. The reason may be that the encryption methods supported by the server are not enabled in the security preferences."

In the security preferences I have every single option enabled. If I get rid of the s from https in the url, then the image will load.

According to Opera12.17, https://microcosm.app/ has no certificate.

That's the version that I'm on. Does that mean that there's no way around this?

I gave up trying to get lfgss to function in Opera and now have a Firefox window open for this site.

I just remembered that I have the same problem with Firefox 35.0.1 at work too.

Do I really need to use IE?

I don't have that problem* with FF35, is your work machine connecting through some sort of firewall/proxy?

*I have other issues with FF which mean Opera is still my default browser and I only use FF as a failover for badly designed websites.

Just to update, all images are currently failing, including logo.

The HAR file contained nothing to help indicate the issue.

It may be that the above issue described by sanddancer is the same one you're seeing.

If you access https://lfgss.microcosm.app/api/v1/files/912dd7046eb750484ca753880b2a59ee9b65ab04.JPG directly, does it give you an error message?

I suspect this is to do with the fact that some web browsers and version do not support SNI.

https://sni.velox.ch

My work proxy knackers up the security certificates on Firefox which causes images, avatars, etc on here to screw up

does it give you an error message?>

Yes, Chrome says

This webpage is not available The webpage might be temporarily down or it may have moved permanently to a new web address.
Error code: ERR_CONNECTION_CLOSED

and Safari says

The certificate for this website is invalid, it may be another website pretending to be this website.

Edit, it turns out I can see most of the pictures on the Photo of the Day thread. Not sure what's different about them.

it turns out I can see most of the pictures on the Photo of the Day thread. Not sure what's different about them.

Embedded images are hosted on other servers. Avatars and attachments are hosted on miscroco.sm, which is where the problem lies.

I'm going to have to purchase a new wildcard SSL cert and IP address for the cert to solve this.

It's going to cost LFGSS an extra £200 per year for the cert, and an additional £20 per year for the IP address for it.

The root cause is that either the operating system or browser doesn't support SNI.

The background to this is that SSL requires a fully encrypted conversation, which means talking to a server and encrypting the connection before the browser has actually made a HTTP request. The issue here is that the browser resolves microcosm.app and talks to the IP address to encrypt the traffic without yet saying "Oh, and this is for microcosm.app so use that SSL cert for the encryption".

SNI allows a browser to talk to a web server and during the initial part of securing the communication channel it adds "This is for microcosm.app". Which means a web server that also supports SNI can actually run multiple SSL sites on the same IP address.

This is a big deal because the IPv4 address space has been so exhaustively used up that it is now harder to just get an IP address.

To reduce costs after Microcosm failed, I moved LFGSS and Microcosm behind CloudFlare's Universal SSL. This uses SNI, and so it requires that the browsers and operating systems connecting to us support it.

The list of supported browsers and operating systems can be viewed here: https://www.digicert.com/ssl-support/apache-secure-multiple-sites-sni.htm

Desktop Browsers

• Internet Explorer 7 and later
  
• Firefox 2
  
• Opera 8 with TLS 1.1 enabled
  
• Google Chrome:
  
  • Supported on Windows XP on Chrome 6 and later
    
  • Supported on Vista and later by default
    
  • OS X 10.5.7 in Chrome Version 5.0.342.0 and later
    
• Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later).
  
• Note: No versions of Internet Explorer on Windows XP support SNI
  
  

Mobile Browsers

• Mobile Safari for iOS 4.0
  
• Android 3.0 (Honeycomb) and later
  
• Windows Phone 7
  
  

I had looked at my stats (Google Analytics) and could not see any significant usage of unsupported browsers (though I know that GA is incomplete as you may have adblockers installed that block GA).

But as you clearly are affected, I'll purchase the custom cert and will use that instead... and yes, CloudFlare support custom certs too but it's normally a further $200 per month though as an employee I thankfully get this for free.

So... I'll buy a custom wildcard cert for microcosm.app, will have my CloudFlare account upgraded, and will install it everywhere. This will take a couple of days as the SSL provider don't accept PayPal, so I need to withdraw the LFGSS funds for this to my personal account and pay using a debit card.

But Opera is fine with TLS SNI Test Site: *.sni.velox.ch

Great! Your client [Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.17] sent the following TLS server name indication extension (RFC 6066) in its ClientHello (negotiated protocol: TLSv1, cipher suite: DHE-RSA-AES256-SHA):
sni.velox.ch
In your request, this header was included:
Host: sni.velox.ch

so I'm not sure why it isn't working with https://lfgss.microcosm.app at all, and I can only get it to connect to https://lfgss.com by telling Opera to masquerade as Firefox or Internet Explorer

Currently links from email are getting an error
400 Bad Request

The plain HTTP request was sent to HTTPS port
nginx/1.7.9

I assume there is some sort of proxy issue?

Soz if this was reported from one of the other threads. Do you need a HAR file?

I clicked the link in the email notification for that comment, and ended up here.

Is there a specific link in a specific type of email notification that is broken for you?

Nope, every link from both types of email (replies to my own posts and any post to the forums I have notifications set up for).

It is now working, however.

Hmm, maybe http://www.mailgun.com/ had a temporary error.

Makes sense. for the record this was the type of link that was failing http://email.microcosm.app/c/ZD02NjQzJmk9MjAxNTAyMTcxNzQzNDYuODI2NS4xOTUyNyU0MG1pY3JvY28uc20maD02NTNjODVlMDQ1ZGY3OGJmOTdhYmEyODM1Y2NlY2EyZiZsPWh0dHAlM0ElMkYlMkZ3d3cubGZnc3MuY29tJTJGdXBkYXRlcyUyRiZyPWpvZS5tYXJ0aW4lNDBnbWFpbC5jb20 a refresh of the same === no problem so yeah you are probably right.

I have to admit I don't really understand much of that. So, it is going to cost $20 a year? How many others are there with this problem, I notice one or two in the thread.

I am using either Safari 5.1.0 or the latest Chrome on OSX 10.6.8, So should be supported according to the list. Thanks for your work sorting this out.

Total cost per year to support the few % of users who are having trouble with SNI is £220.

It will be done soonish, the CloudFlare account has been upgraded... and that may resolve it as it will allocate some IPs. But if it does not resolve it, then I'll buy the custom cert.

All the pictures are back!

Anyone else having problems with embedded utube videos?

On iPhone, see picture, but click and it gives the "oops something wrong", but the link above opens app and works, Vimeo works fine too.