**** BEGIN LOGGING AT Sun May 09 03:00:50 2021 May 09 06:40:05 Build [#83](https://buildbot.openwrt.org/master/images/#builders/64/builds/83) of `realtek/generic` failed. May 09 08:33:37 russell--: can you check https://patchwork.ozlabs.org/project/openwrt/patch/658203b8-b037-3e5e-53f0-66e5d4df9fe0@birger-koblitz.de/ ? May 09 08:54:30 ynezz: i confirmed on the mailing list May 09 09:22:38 russell--: Is that Tested-by? May 09 11:40:14 ynezz: you can add a Tested-by on the gs108t May 09 13:39:02 should we activate luci-ssl in openwrt 21.02 by default? May 09 13:40:30 the initramfs for ath79 is 2.2kB bigger, the ipkgs luci-ssl and px5g-wolfssl are togther 6.2KByte May 09 13:40:40 where is this setting done? May 09 13:49:52 Hauke: as far as I can remember, the question of self-signed certificate was not resolved May 09 13:50:42 do you mean forcing HTTPS by default, or providing both HTTP and HTTPS? May 09 13:51:15 zorun: no not forcing it by default May 09 13:52:31 when someone is using http without TLS, it should stay there. The web server will just be avalibale under https in addition May 09 13:52:35 fine with me May 09 13:54:04 Is the question with certificates a real one or an imaginary problem? May 09 13:54:33 modern browsers get cranky May 09 13:54:47 How cranky? I couldn't notice anything bad about it lately. May 09 13:54:56 browsers do not like self signed certificates May 09 13:55:21 i will say, i have *not* tried it recently May 09 13:55:28 The thing is, at my job we run OpenBMC web ui and it works only over https, so the generated self-signed certificates are getting tested by different browsers our networking folks using. May 09 13:55:30 * russell-- not a habitual luci user May 09 13:55:42 And I do not remember that being problematic at all. May 09 13:56:18 browsers are cranky when using insecure old algorithms May 09 13:56:21 With chromium as shipped by Debian it's just one additional click to proceed working with the web server. May 09 13:56:52 self-signed with reasonable algorithms should still be working ok May 09 13:57:26 So we just need to check that uhttpd is using reasonable algorithms and default to https then :) May 09 13:57:29 OpenWrt 21.02 use TLS 1.3, so algorithems are not the problem May 09 13:58:22 Hauke: so did you observe any browser lately that wasn't happy with it? May 09 13:58:27 Or did anyone? May 09 13:59:01 some browser forget about the allowed self signed certificate after some time May 09 13:59:23 safari does not allow certificates which are valid more than 2 years May 09 13:59:23 I think it's not only about the transport but it's also about the hash algorithm used for signatures, including the Root CA. May 09 14:00:17 I use chromium incognito mode exclusively, it doesn't seem to be an issue if it forgets I trusted some server, I just press the "proceed to the website" link again, trivial, not problematic. May 09 14:00:59 Doesn't allow at all, even for self-signed? May 09 14:03:45 I would like to add support for https server to 21.02 and keep the automatic redirect switched off like it is since this commit: https://git.openwrt.org/0cf3c5dd7257dff1c87b61c5e53e5b1787ab7015 May 09 14:03:54 but I do not know where this is configured in the build bots May 09 14:04:09 My question is why the automatic redirect is considered to be bad. May 09 14:04:34 then everyone will see the scarry warning about the self signed certificate May 09 14:04:55 leave the choice to the user May 09 14:05:24 The warning is not scary, it's expected and reassuring, you see the warning and you know that the right thing is happening. May 09 14:09:05 I will go outside now, it is the hottest day since 6 months now May 09 15:13:08 Hauke: Re: TLS, see https://github.com/openwrt/luci/pull/4659 and https://github.com/openwrt/luci/pull/4660 May 09 16:24:24 Hi does any one know why a Iphone would not connect to my r7800? May 09 16:24:37 I have androids in my house and they work just fine. May 09 16:25:09 A friend has stoped by and can't get on to the network. I don't know what to try. May 09 16:26:20 could it be Coverage cell density? May 09 17:38:20 updated openwrt/upstream, https://sdwalker.github.io/uscan/index.html May 09 18:15:32 Tapper: there've been reports that disabling "allow legacy b rates" has such an effect, maybe it's that May 09 18:16:21 Thanks dhewg I will try it out. May 09 23:12:20 ynezz: thanks for the links May 09 23:12:28 this functionality would be nice May 09 23:15:11 should we make luci-theme-openwrt-2020 the default? **** ENDING LOGGING AT Mon May 10 02:59:56 2021