Many of us are seeing NS_ERROR_NET_INADEQUATE_SECURITY
or similar browser error when going to https://$HOSTNAME:3808
, which is where webpack assets are served. This is happening on new devel boxes.
I looked into this today and was able to come up with a hacky workaround:
My understanding is we are using HTTP/2 and the certs used don’t have the TLS requirements for HTTP/2 required by the browser. Switching to HTTP/1.1, which the above change does, “fixes” it.
It looks like webpack uses katello’s apache certs, assuming it’s still using $WEBPACK_OPTS
from .env
. However, even the self-signed ones that are generated by webpack are causing the same error (when you remove the cert arguments from webpack-dev-server but keep --https
it will generate it’s own self-signed certificate).
I’m not sure what exactly changed - Did we start using HTTP/2 for webpack somehow? Something changed in the installer? Something expired in 2021?
This is where my investigation ends, but maybe someone has an idea of how to debug further so we can permanently fix this in the dev environment!