So I've been struggling with getting TLS working right on my gitlab-pages, all the errors I got were some ~weird~ handshake errors.

140658708418368:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:769:

And querying with curl really didn't offer many clues as to what might be wrong.

* error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
* Closing connection 0 curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

So after a lot of searching here and there (ok, I've honestly only been playing with it for 3 days, so probably not .. a lot ..), I saw some subtle hints that it might be something to do with the ssl library.

So I upgraded the entire host from debian8 to debian9 which cause the ssl library to be upgraded to OpenSSL 1.1.0f 25 May 2017, and of course a lots of other things to be upgraded.

And lo and behold, this blog is now reachable using a Let's Encrypt certificate.

Given that the blog is public information, there's no content being transferred that really warants work being done to encrypt it, the ability to enter the blog unencrypted seems quite fine, and as far as I can see it actually makes to that anything I click is directed towards the secure edition of the site.


comments powered by Disqus