From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 8DD8221F8D5 for ; Sun, 26 Jul 2015 02:11:28 -0700 (PDT) Received: by wicgb10 with SMTP id gb10so75168736wic.1 for ; Sun, 26 Jul 2015 02:11:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=OESEZNrIqHQYyz9SnmiT+1O/MU/AavnUBdkw88KCbWc=; b=Y+uwbDjIGltBxaWjwdmAxM5SxQUeaIWMMwzyfeVktWa3fXEhX8JtTUo6sU2ok7fg7n Q3CLHy/GAf5qMMUQPiWGR6AjYyNB34voI8Oom82a6E7C1PakeLKri+4OIeLN790ak1j4 tlkgYc0kX1NrYEl7d5SPTPCogAPCRFGfthfd3lkecrTr9ZMQwEPzaKgVSJ5uZ8ebWonA qUjZGmtKg+QnvH1K2q3U/lJhXpSowB2kblCR5Lvppiwqlxr2hzafKGBCxYMKOggjZbPL cn+BEGs8EQ6QopFW1KCjKiihjxfoKkbWHzJy/Rt6GlSiZDYpt4kHjNXpsKmqQzynWBfk C51Q== X-Received: by 10.194.176.201 with SMTP id ck9mr42956055wjc.108.1437901886155; Sun, 26 Jul 2015 02:11:26 -0700 (PDT) Received: from volcano.localdomain (host-89-243-101-59.as13285.net. [89.243.101.59]) by smtp.googlemail.com with ESMTPSA id w8sm21575682wja.15.2015.07.26.02.11.24 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 26 Jul 2015 02:11:24 -0700 (PDT) To: Alec Robertson References: <2BE70C89-86F7-43F8-8AFE-FFA524189408@gmx.de> <1437857897145.8e4f82eb@Nodemailer> From: Alan Jenkins Message-ID: <55B4A43B.7050204@gmail.com> Date: Sun, 26 Jul 2015 10:11:23 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Cc: "cake@lists.bufferbloat.net" Subject: Re: [Cake] How to test Cake on TP-Link WDR3600 X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jul 2015 09:11:57 -0000 >> Quick sub-question (off-topic so my apologies), this firmware I’m using that I linked to previously, has HTTPS enabled which means every time I go to Luci I get a security error in Chrome. How do I disable HTTPS? > I would say you do not disable it, but rather look why chrome complains (it might be that chrome dislikes self-signed certificates) and try to convince chrome to accept the certificate nevertheless. Or you could try firefox ;) Firefox is the definitely the simplest browser for this, it's the only one I've used. Just click through the instructions. A "permanent exception" is the default, which should actually help security. Feels ironic as I remember Firefox moving first on this & hence complaints about the scary warning messages etc. Searching instructions for Chrome on Linux ("ssl exception" OR "self signed certificate") they use a certutil command. Internet Explorer will use the Windows cert store, same with Chrome on Windows. (If you can add to the store using IE, that may be simplest & will cover both). Additional requirement for those methods should be that the cert CN matches the URL you access. Not sure about Chrome, but for general paranoia you should check that CN / common name / "issued to" doesn't say "*" i.e. "everywhere". Access the router using `http://hostname` matching the router hostname (as per /etc/config/system). dnsmasq will let that work. If you've changed the hostname, re-gen the cert by removing it and restarting. rm /etc/uhttpd.crt /etc/uhttpd.key /etc/init.d/uhttpd restart Alan