Darren Tucker
2021-Oct-11 08:13 UTC
ssh proxy connection used to work with Firefox, now doesn't
On Mon, 11 Oct 2021 at 18:54, Chris Green <cl at isbd.net> wrote:> > I used to use the following ssh command to set up a socks5 proxy to > use with Firefox:- > > ssh -fC2qTnN -D 8080 chris at cheddar.halon.org.uk8080 is more often used for http proxies whereas 1080 is the registered port for SOCKS. Which are you using?> I'm pretty certain it's nothing to do with certificates etc. at > cheddar.halon.org.uk.It's serving up at least some expired certificates: $ openssl s_client -debug -connect cheddar.halon.org.uk:443 CONNECTED(00000003) [...] depth=0 CN = *.halon.org.uk verify error:num=10:certificate has expired notAfter=Dec 8 16:21:36 2016 GMT verify return:1 depth=0 CN = *.halon.org.uk notAfter=Dec 8 16:21:36 2016 GMT verify return:1 -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Chris Green
2021-Oct-11 08:40 UTC
ssh proxy connection used to work with Firefox, now doesn't
On Mon, Oct 11, 2021 at 07:13:37PM +1100, Darren Tucker wrote:> On Mon, 11 Oct 2021 at 18:54, Chris Green <cl at isbd.net> wrote: > > > > I used to use the following ssh command to set up a socks5 proxy to > > use with Firefox:- > > > > ssh -fC2qTnN -D 8080 chris at cheddar.halon.org.uk > > 8080 is more often used for http proxies whereas 1080 is the > registered port for SOCKS. Which are you using? >Well the command above is exactly what I have in my script for doing this, so I was using 8080. Firefox allows you to specify what port to use so I just set 8080 there too. I can certainly try 1080 instead.> > I'm pretty certain it's nothing to do with certificates etc. at > > cheddar.halon.org.uk. > > It's serving up at least some expired certificates: > > $ openssl s_client -debug -connect cheddar.halon.org.uk:443 > CONNECTED(00000003) > [...] > depth=0 CN = *.halon.org.uk > verify error:num=10:certificate has expired > notAfter=Dec 8 16:21:36 2016 GMT > verify return:1 > depth=0 CN = *.halon.org.uk > notAfter=Dec 8 16:21:36 2016 GMT > verify return:1 >I just have a user login at cheddar.halon.org.uk, it's not my site. However I have also tried isbd.uk which is my own virtual server and the certificates there are up to date. It produces exactly the same error when I try to use it as a proxy. I don't believe this is a certificate problem, I think it's something that has changed in Firefox that needs something different/more to allow it to work. -- Chris Green