SSL error no cypher overlap

[Titillating]

In case you missed the other thread check out this article
Here's the same problem from that same akamai.net ( 2 and 1/2 years ago)
http://www.zdnet.com/article/akamais-https-fail-sets-a-bad-example/


ironically just started seeing this error now again
The certificate is only valid for the following names: a248.e.akamai.net, *.akamaihd.net, *.akamaihd-staging.net, *.akamaized.net, *.akamaized-staging.net

Been following this thread, as well as the other. I've escalated this matter up to our network guys, who are looking into it. Progress has been slow, since we haven't been able to reproduce these, but we've been working with our CDN on it.

 

[Titillating]

For those of you getting the invalid certificate error (not the SSL error, which appears to have been resolved):

Next time you run into these, please ping forums.anandtech.com and let me know what IP address is returned. As @KillerBee pointed out, this is most likely an Akamai issue (and not an uncommon one at that) where some users are hitting the non-secure servers for whatever reason.

 

[KillerBee]

Just happened again.
forums.anandtech.com uses an invalid security certificate. The certificate is only valid for the following names: a248.e.akamai.net, *.akamaihd.net, *.akamaihd-staging.net, *.akamaized.net, *.akamaized-staging.net

Error code: SSL_ERROR_BAD_CERT_DOMAIN

Then did 3 quick pings in a row ...I
The IP changes quick so not sure how valid a test that is for which IP caused it.

23.55.57.8
23.55.57.10
23.55.57.25


------------------------------------------------------------------------
C:\Users\joe>ping forums.anandtech.com

Pinging e12200.e12.akamaiedge.net [23.55.57.8] with 32 bytes of data:
Reply from 23.55.57.8: bytes=32 time=17ms TTL=57
Reply from 23.55.57.8: bytes=32 time=16ms TTL=57
Reply from 23.55.57.8: bytes=32 time=16ms TTL=57
Reply from 23.55.57.8: bytes=32 time=16ms TTL=57

Ping statistics for 23.55.57.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms

C:\Users\joe>ping forums.anandtech.com

Pinging e12200.e12.akamaiedge.net [23.55.57.10] with 32 bytes of data:
Reply from 23.55.57.10: bytes=32 time=15ms TTL=57
Reply from 23.55.57.10: bytes=32 time=15ms TTL=57
Reply from 23.55.57.10: bytes=32 time=15ms TTL=57
Reply from 23.55.57.10: bytes=32 time=16ms TTL=57

Ping statistics for 23.55.57.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 16ms, Average = 15ms

C:\Users\joe>ping forums.anandtech.com

Pinging e12200.e12.akamaiedge.net [23.55.57.25] with 32 bytes of data:
Reply from 23.55.57.25: bytes=32 time=19ms TTL=57
Reply from 23.55.57.25: bytes=32 time=31ms TTL=57
Reply from 23.55.57.25: bytes=32 time=23ms TTL=57
Reply from 23.55.57.25: bytes=32 time=15ms TTL=57

Ping statistics for 23.55.57.25:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 31ms, Average = 22ms

-------------------------------------------------------------------------

 

[KillerBee]

note: Be sure to check you don't already have an Exception for the certificate in your browser

 

[Titillating]

Alright, we believe we've identified the problem, and a fix was pushed live a few moments ago. Many thanks to @KillerBee for the assistance

If either of these errors come up again (SSL or invalid certificate), please let me know right away.

 

[nakedfrog]

Still none of the cypher errors on my front, and I haven't seen the Akamai one at all.

 

[KillerBee]

The error showed up again today.

forums.anandtech.com uses an invalid security certificate. The certificate is only valid for the following names: a248.e.akamai.net, *.akamaized.net, *.akamaihd-staging.net, *.akamaihd.net, *.akamaized-staging.net

Error code: SSL_ERROR_BAD_CERT_DOMAIN

----------------------------------------------------
Same name but different IP

C:\Users\joe>ping forums.anandtech.com

Pinging e12200.e12.akamaiedge.net [204.237.142.26] with 32 bytes of data:
Reply from 204.237.142.26: bytes=32 time=12ms TTL=57

-------------------------------------------------------------
C:\Users\joe>date
The current date is: Sun 09/18/2016
Enter the new date: (mm-dd-yy)

C:\Users\joe>time
The current time is: 12:09:44.95
Enter the new time:

---------------------------------------------------

 

[KillerBee]

... followed by another 20 minutes later (same error) with new IP


C:\Users\joe>ping forums.anandtech.com

Pinging e12200.e12.akamaiedge.net [72.37.164.245] with 32 bytes of data:
Reply from 72.37.164.245: bytes=32 time=17ms TTL=57

 

[Spacehead]

I just got this too maybe 5 minutes ago.

forums.anandtech.com uses an invalid security certificate. The certificate is only valid for the following names: a248.e.akamai.net, *.akamaized.net, *.akamaihd-staging.net, *.akamaihd.net, *.akamaized-staging.net Error code: SSL_ERROR_BAD_CERT_DOMAIN

Here's the ping info:
C:\Documents and Settings\xxx>ping forums.anandtech.com

Pinging e12200.e12.akamaiedge.net [65.202.184.170] with 32 bytes of data:

Reply from 65.202.184.170: bytes=32 time=51ms TTL=60
Reply from 65.202.184.170: bytes=32 time=50ms TTL=60
Reply from 65.202.184.170: bytes=32 time=52ms TTL=60
Reply from 65.202.184.170: bytes=32 time=65ms TTL=60

Ping statistics for 65.202.184.170:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 65ms, Average = 54ms

I'm using Firefox 47.0.1 if it matters

 

[Titillating]

Ack. Thanks, guys. I'll bring this up during today's meeting. Appreciate you guys including the ping results.

 

[dualsmp]

My browser flip flops from partially encrypted to fully encrypted depending on which page I'm on.

This very thread the first two pages are shown as partially encrypted, however the 3rd page (the page I'm responding on now) shows fully encrypted.

Edit: Maybe the first two pages show partially encrypted because both have images on them linked from other domains?

 

[Spacehead]

Edit: Maybe the first two pages show partially encrypted because both have images on them linked from other domains?

Yeah, that's it. It had me confused for a little while too till i realized. If someone posts images from a https hosting site you won't get the mixed content alert.

 

[Eug]

I was getting this on Win 7 and Chrome last week. iOS 10.0.1 was fine but I just upgraded to 10.1 beta and Safari now gives me this. Not sure if it's related.

 

[renz20003]

I was getting this on Win 7 and Chrome last week. iOS 10.0.1 was fine but I just upgraded to 10.1 beta and Safari now gives me this. Not sure if it's related.

Same issue.

iPhone 5 with iOS 9.3.2

 

[Pulsar]

Same issue. Chrome.

This server could not prove that it is forums.anandtech.com; its security certificate is from a248.e.akamai.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

 

[nakedfrog]

+1, Firefox, seeing this error:

forums.anandtech.com uses an invalid security certificate. The certificate is only valid for the following names: a248.e.akamai.net, *.akamaized.net, *.akamaihd-staging.net, *.akamaihd.net, *.akamaized-staging.net Error code: SSL_ERROR_BAD_CERT_DOMAIN

 

[Ken g6]

+1, Firefox, seeing this error:

forums.anandtech.com uses an invalid security certificate. The certificate is only valid for the following names: a248.e.akamai.net, *.akamaized.net, *.akamaihd-staging.net, *.akamaihd.net, *.akamaized-staging.net Error code: SSL_ERROR_BAD_CERT_DOMAIN

I finally added a permanent security exception for this on my desktop.

 

[allisolm]

Got the invalid security certificate thing yesterday and again today.

 

[Anubis]

 

[KillerBee]

I finally added a permanent security exception for this on my desktop.

It seems to work for me too after adding it.
At least now when I get banned again I can blame it on the disgruntled Akamai ex-employee posting in my name after intercepting my password

Thankfully none of my banking sites seem to use Akamai

 

[Titillating]

Many apologies for the long, long wait on this.

We're fairly certain that all these invalid cert issues should now be resolved. The Akamai staff have taken a number of steps internally (the issue was on their end) and assure us that this should not happen again. If it does though, please let us know and we'll go right back to yelling at them about it

 

[KillerBee]

Many apologies for the long, long wait on this.

We're fairly certain that all these invalid cert issues should now be resolved. The Akamai staff have taken a number of steps internally (the issue was on their end) and assure us that this should not happen again. If it does though, please let us know and we'll go right back to yelling at them about it

Oh well, it's still happening - after reloading the page (was using the 'new posts' link at the time ) a couple times it works again.

forums.anandtech.com uses an invalid security certificate. The certificate is only valid for the following names: a248.e.akamai.net, *.akamaized.net, *.akamaihd-staging.net, *.akamaihd.net, *.akamaized-staging.net Error code: SSL_ERROR_BAD_CERT_DOMAIN

10/22/2016 @10:12 AM EST
23.55.57.147
23.55.57.115

10/22/2016 @10:50 AM EST
23.43.165.203

 

[balloonshark]

I'm getting this error today.

 

[iCyborg]

Same error here:

C:\Users\***>ping forums.anandtech.com

Pinging e12200.e12.akamaiedge.net [209.148.192.75] with 32 bytes of data:
Reply from 209.148.192.75: bytes=32 time=17ms TTL=59
Reply from 209.148.192.75: bytes=32 time=19ms TTL=59
Reply from 209.148.192.75: bytes=32 time=17ms TTL=59
Reply from 209.148.192.75: bytes=32 time=14ms TTL=59

Ping statistics for 209.148.192.75:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 19ms, Average = 16ms

 

[Spacehead]

I just got warning from Firefox:

Your connection is not secure

The owner of forums.anandtech.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
forums.anandtech.com uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe.
Advanced info: SSL_ERROR_NO_CYPHER_OVERLAP
(Not secure) Try loading forums.anandtech.com using outdated security

Ping results:
Pinging e12200.e12.akamaiedge.net [65.151.23.144]
(i assume that's all the info you need?)

I was in OT at the time reading the "What do you guys do on the weekend?" & clicked to go to page 2 when it happened.