SSL Issue

[taplar]

There appears to be an SSL issue with the code.jquery.com site.

Your connection is not private
Attackers might be trying to steal your information from code.jquery.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

[ABonner]

In particular, looks related to the CDN that is being used behind the scenes:

The certificate is only valid for the following names: *.ssl.hwcdn.net, ssl.hwcdn.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN

[dmethvin]

The provider is investigating.

[mleibowitz]

It looks like this has been resolved.

[stefannilsson]

Looks ok now!

[2018-04-19 22:59:25 CEST] [stefannilsson@XXXX ~]$ curl -v https://code.jquery.com
Thu Apr 19 22:59:27 CEST 2018
* Rebuilt URL to: https://code.jquery.com/
*   Trying 69.16.175.42...
* TCP_NODELAY set
* Connected to code.jquery.com (69.16.175.42) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=code.jquery.com
*  start date: Apr 11 21:41:10 2018 GMT
*  expire date: Jul 10 21:41:10 2018 GMT
***  subjectAltName: host "code.jquery.com" matched cert's "code.jquery.com"**
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: code.jquery.com
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Thu, 19 Apr 2018 20:59:27 GMT
< Connection: Keep-Alive
< Accept-Ranges: bytes
< ETag: 1523843310
< Cache-Control: max-age=31207743
< Content-Length: 18678
< Content-Type: text/html; charset=UTF-8
< Last-Modified: Mon, 16 Apr 2018 01:48:30 GMT

[dmethvin]

Our CDN provider also reports this as having been resolved.

[kborchers]

The provider is investigating the cause now and we will report back here when we know more but we should be up and running as usual.

[kborchers]

Below is the outcome of our CDN provider StackPath's investigation into the issue. We are very appreciative of the support and services that StackPath provides to our projects, their quick response in these situations, and their willingness to report back and update systems and processes to avoid future issues.

While processing a support request for the jQuery team, an SSL configuration was inadvertently changed, which resulted in an incorrect SSL certificate returning for asset requests through our CDN. On notification, our team immediately reversed the configuration changes, which restored proper SSL functions.

The StackPath team takes this issue very seriously and apologizes for the inconvenience this caused. We have updated internal support processes to ensure similar issues do not occur in the future. We are also working on feature improvements to automate a SSL change confirmation process to prevent potential future human error.