www.linuxfromscratch.org could be unavailable through Zscaler
by krown from LinuxQuestions.org on (#5P1SC)
Hi,
I work from home and my work laptop (Windows 10) has Zscaler installed, so all the web traffic is routed through it. Zscaler uses a technique of man in the middle (MITM) to check even encrypted HTTPS content. To make this MITM working properly it has the Zsacler certificate installed to all web browsers on my work laptop. I'm not allowed to uninstall or disable Zscaler on that work laptop.
When I try to open www.linuxfromscratch.org on Firefox (latest version) it fails with the following error:
Code:Secure Connection Failed
An error occurred during a connection to www.linuxfromscratch.org. A required TLS feature is missing.
Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSINGFortunately it works on Chrome on the same laptop. On my other computer that has no Zscaler Firefox is able to open www.linuxfromscratch.org properly.
After googling I've found this discussion of the similar problem with samba.org through Zscaler:
https://support.mozilla.org/bm/questions/1149911
It has an explanation of the problem:
Quote:
Also it has a workaround - disabling the security.ssl.enable_ocsp_must_staple in the about:config of Firefox.
This workaround works for me but I think it would be better to fix that OCSP "stapling" response of the www.linuxfromscratch.org instead of lowering security of the Firefox web browser. Most of other HTTPS sites work properly with Firefox + Zscaler on my work computer. So there should be something in the configuration of www.linuxfromscratch.org that makes it working incorrectly through Zscaler.
Is here any of the LFS maintainers who can check it and maybe fix it?
I work from home and my work laptop (Windows 10) has Zscaler installed, so all the web traffic is routed through it. Zscaler uses a technique of man in the middle (MITM) to check even encrypted HTTPS content. To make this MITM working properly it has the Zsacler certificate installed to all web browsers on my work laptop. I'm not allowed to uninstall or disable Zscaler on that work laptop.
When I try to open www.linuxfromscratch.org on Firefox (latest version) it fails with the following error:
Code:Secure Connection Failed
An error occurred during a connection to www.linuxfromscratch.org. A required TLS feature is missing.
Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSINGFortunately it works on Chrome on the same laptop. On my other computer that has no Zscaler Firefox is able to open www.linuxfromscratch.org properly.
After googling I've found this discussion of the similar problem with samba.org through Zscaler:
https://support.mozilla.org/bm/questions/1149911
It has an explanation of the problem:
Quote:
| This rare error message seems to mean there is a problem with the server's OCSP response: OCSP "stapling" -- inclusion of the verification of the non-revocation of the server's certificate -- is required but not provided. |
This workaround works for me but I think it would be better to fix that OCSP "stapling" response of the www.linuxfromscratch.org instead of lowering security of the Firefox web browser. Most of other HTTPS sites work properly with Firefox + Zscaler on my work computer. So there should be something in the configuration of www.linuxfromscratch.org that makes it working incorrectly through Zscaler.
Is here any of the LFS maintainers who can check it and maybe fix it?