Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Validating link in post-inspector linkedin in gives server error

Tags:

facebook-opengraph

linkedin-api

When i try to validate the following page in the post inspector: https://www.cicomcopier.nl/nieuws/cicom-copier-levert-bijdrage-aan-de-ontwikkeling-en-realisatie-van-bellenschermen-tegen-verzilting-a-dam-rijnkanaal-en-noordzeekanaal/

I get the error: We encountered a server error while trying to inspect the URL.

and on the URL redirect trail i get: 0 undefined

I have no idea where to start debug this, is this a error on our side or linkedin side? when i debug the URL using the facebook graph debugger everything seems to be right.

like image 792
Ronald Werkhoven Avatar asked Oct 28 '25 22:10

Ronald Werkhoven

2 Answers

The problem in the end was the server from where I did the request wasn't setup correctly. Because from my side the site had a ssl installed and needed to do a ssl handshake with the LinkedIn server.

LinkedIn is made in java, and java has a more strict policy in validating the handshake. Because from my server setting the hostname for the ssl was not communicated correctly to LinkedIn there server did not validate the ssl and therefore could not connect to our server and receive a response. This ending in a unknown error on LinkedIn end of the site.

like image 190
Ronald Werkhoven Avatar answered Nov 01 '25 14:11

Ronald Werkhoven

To fix this "0 undefined" error I had to change two things in my Nginx configuration.

  1. My webserver had hardened TLS settings and only supported TLS 1.3, but the Post Inspector gave me the mentioned error. I ran tcpdump through Wireshark to find that the client demanded TLS 1.2, and enabling TLS 1.2 fixed the issue.

Config before:

ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;

Config after:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;

Don't forget to nginx -s reload.

I tried to report this via HackerOne as a security issue (because it forces me to loosen my security settings), but they don't care.

  1. Then I got a 400 error, because Nginx was complaining that the "client sent too long header line". I had to change large_client_header_buffers 2 1k; to large_client_header_buffers 4 3k; and now LinkedIn can properly parse my post.
like image 37
Beurtschipper Avatar answered Nov 01 '25 13:11

Beurtschipper
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!