Re: [Fed-Talk] [Non-DoD Source] Re: Can't connect to some secure .mil web sites on Sierra
Re: [Fed-Talk] [Non-DoD Source] Re: Can't connect to some secure .mil web sites on Sierra
- Subject: Re: [Fed-Talk] [Non-DoD Source] Re: Can't connect to some secure .mil web sites on Sierra
- From: "Gordon, Robert D (Bob (macman)) JR CTR DTRA J6 (US)" <email@hidden>
- Date: Wed, 21 Sep 2016 18:41:18 +0000
- Thread-topic: [Non-DoD Source] Re: [Fed-Talk] Can't connect to some secure .mil web sites on Sierra
I was under the impression that before you could attach any mac to a DoD
network the OS had to be STIG¹ed. I know the STIG for 10.12 is not out
yet?
-------------------------------------
Unclassified
Robert Gordon Jr (macman)
Senior Systems Administrator of all Things Mac
Defense Threat Reduction Agency
Support Contractor (Leidos)
703-767-0580
On 9/21/16, 2:22 PM,
"fed-talk-bounces+robert.d.gordon46.ctr=email@hidden on behalf
of Blumenthal, Uri - 0553 - MITLL"
<fed-talk-bounces+robert.d.gordon46.ctr=email@hidden on behalf
of email@hidden> wrote:
>All active links contained in this email were disabled. Please verify
>the identity of the sender, and confirm the authenticity of all links
>contained within the message prior to copying and pasting the address to
>a Web browser.
>
>
>
>
>----
>
>Could it have anything to do with the tighter enforcements that Sierra
>implements, compounded by the old OpenSSL (Sierra upholds the Apple
>tradition of shipping only OpenSSL 0.9.8, does it not?) that does not get
>some of the newer things (like Certificate Policy Mapping)?
>
>P.S. I¹m toying with the idea of putting OpenSSL-1.0.2 over OS X system
>installation, eradicating the old 0.9.8. Waiting for a test machine to
>try it.
>--
>Regards,
>Uri Blumenthal
>
>
>
>
>
>
>
>On 9/21/16, 13:21, "fed-talk-bounces+uri=email@hidden on
>behalf of Joe Wicentowski"
><fed-talk-bounces+uri=email@hidden on behalf of
>email@hidden> wrote:
>
>>Hi Dave,
>>
>>> I'll save the details for now, but is anyone else seeing this with
>>>e.g. DMDC on 10.12?
>>>
>>> Caution-https://www.dmdc.osd.mil
>>>
>>> Safari Can't Open the Page
>>> Safari can't open the page "Caution-https://www.dmdc.osd.mil"; because
>>>Safari can't establish a secure connection to the server
>>>"Caution-www.dmdc.osd.mil"
>>
>>I'm seeing this using 10.12:
>>
>>Safari can't verify the identity of the website
>>"Caution-www.dmdc.osd.mil"
>>The certificate for this website is invalid. You might be connecting
>>to a website that is pretending to be "Caution-www.dmdc.osd.mil", which
>>could
>>put your confidential information at risk. Would you like to connect
>>to the website anyway?
>>
>>Chrome presents a similar warning though:
>>
>>Your connection is not private
>>Attackers might be trying to steal your information from
>>Caution-www.dmdc.osd.mil (for example, passwords, messages, or credit
>>cards).
>>NET::ERR_CERT_INVALID
>>Caution-www.dmdc.osd.mil normally uses encryption to protect your
>>information.
>>When Google Chrome tried to connect to Caution-www.dmdc.osd.mil this
>>time, the
>>website sent back unusual and incorrect credentials. This may happen
>>when an attacker is trying to pretend to be Caution-www.dmdc.osd.mil, or
>>a
>>Wi-Fi sign-in screen has interrupted the connection. Your information
>>is still secure because Google Chrome stopped the connection before
>>any data was exchanged.
>>You cannot visit Caution-www.dmdc.osd.mil right now because the website
>>sent
>>scrambled credentials that Google Chrome cannot process. Network
>>errors and attacks are usually temporary, so this page will probably
>>work later.
>>
>>A server-side issue, perhaps?
>>
>>Joe
>> _______________________________________________
>>Do not post admin requests to the list. They will be ignored.
>>Fed-talk mailing list (email@hidden)
>>Help/Unsubscribe/Update your Subscription:
>>
>>This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden