After some updates suddenly all the post I shared from Jetpack for WordPress had no valid Twitter card.
After some mail exchanges with Jetpack support they assured me that all is good from their part.
As instructed by them I was able to see that indeed Jetpack was correctly generating the Twitter Card.
<!-- Jetpack Open Graph Tags -->
<meta property="og:type" content="article" />
<meta property="og:title" content="Voina Blog#fintech Resources for understanding #SwiftMT and #ISO #payment messages" />
<meta property="og:url" content="https://blog.voina.be/fintech-resources-for-understanding-swiftmt-and-iso-payment-messages/" />
<meta property="og:description" content="Swift MT and ISO messages are the basic message formats used all across the financial world in most of the payment systems. Yes there are notable exceptions like NACHA or some country specific mess…" />
<meta property="article:published_time" content="2021-02-15T08:56:04+00:00" />
<meta property="article:modified_time" content="2021-02-15T08:58:06+00:00" />
<meta property="og:site_name" content="Voina Blog" />
<meta property="og:image" content="https://i0.wp.com/blog.voina.org/wp-content/uploads/2021/02/diagram.jpg?fit=1024%2C415&ssl=1" />
<meta property="og:image:width" content="1024" />
<meta property="og:image:height" content="415" />
<meta property="og:locale" content="en_US" />
<meta name="twitter:creator" content="@voinageo" />
<meta name="twitter:site" content="@voinageo" />
<meta name="twitter:text:title" content="#fintech Resources for understanding #SwiftMT and #ISO #payment messages" />
<meta name="twitter:image" content="https://i0.wp.com/blog.voina.org/wp-content/uploads/2021/02/diagram.jpg?fit=1024%2C415&ssl=1&w=640" />
<meta name="twitter:card" content="summary_large_image" />
<!-- End Jetpack Open Graph Tags -->
Still checking the post with the Twitter Card validator was returning the infamous error:
ERROR: Fetching the page failed because other errors.
Nobody likes to see the “other errors” phrase 🙂
To investigate more I activated the DEBUG level on the apache server. Under the .conf file of the website I added:
LogLevel debug
After a restart of the httpd server:
systemctl restart httpd.service
in the web server error log I could see:
[ssl:info] [pid 2718265:tid 2718436] [client 199.16.157.181:48076] AH01998: Connection closed to child 66 with abortive shutdown (server blog.voina.in:443)
The IPs 199.16.157.* belong to the twitter robot according to this post on twitter developers. The error AH01998 is an indication that the client aborts the connection. This can be only if the client is not able to negotiate an SSL connection with the server.
Digging on the Internet I stumbled upon this post from twitter community. In there someone having the same issue found the blame on the ciphers used by Twitter Robot.
As you can see in the image bellow they are quite weak.
I know that I am actively disabling any AES_128 cipher so I had to check just the rest.
Looking into my .conf file of the webserver:
SSLCipherSuite !ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA25
There it is !ECDHE-RSA-AES256-GCM-SHA384 . This is in fact the OpenSSL notation for IANA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.
So yes I was actively disabling all the weak ciphers used by Twitter Robot 🙁
After allowing the cipher:
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA25
and after a restart of the httpd server twitter card validator logs like this:
INFO: Page fetched successfully
INFO: 27 metatags were found
INFO: twitter:card = summary_large_image tag found
INFO: Card loaded successfully
Hi, I have also experienced the same problem. Which is “ERROR: Fetching the page failed because other errors.”
Then I came across this on Twitter. https://twitter.com/twitterapi/status/1154057692723519494?lang=en
So I went to Cloudflare and my webserver which is OpenLiteSpeed and changed the TLS settings to a minimum of 1.2 instead of 1.3 previously. And it worked.
Btw, this is a great blog.
Thank you !
I still find it odd that Twitter does not support TLS 1.3 which is in fact the latest recommended by all security advisors. I understand that support for TLS 1.2 is kept to be able to be compatible with older websites but to not be compatible with the newer version that is in production (not a beta release) is weird.