-
Notifications
You must be signed in to change notification settings - Fork 434
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connecting to Linkedin SSL error #253
Comments
Sorry, but can't reproduce. Can you try switching circuits? If this happens all the time for you, can you post a screenshot of a typical circuit? In which country are you? |
Hmm, how do i switch circuits on mobile, or even see the current circuit (that was my first guess, but couldn't find an option to do so)? I wouldn't like to disclose my country of origin publicly, but i can do so in a PM if you don't mind.
This was also something that came to my mind, as i know a thing or two about SSL, but again, it shouldn't matter if desktop works (unless there's a specific faulty exit node for some reason). |
PS. I tested it with both mobile and desktop devices being on the same LAN [at home], so it's unlikely to do with my country of origin. |
Open another website which works, then tap the onion icon in the top right.
Ok, nevermind.
These two things aren't in any way connected. You most probably don't ever use the same exit node on both devices. The real question is: Is this behaviour persistent in Onion Browser?
You mean, because it worked on desktop Tor browser? Most probably not. Your country shouldn't be able to mess with entry nodes, besides blocking them completely. Are you sure you use the same configuration on both devices? Esp. important: Do you use (the same) bridges on both devices? (Or none on both?) You should definitely try changing to a bridge. Another possibility: Maybe LinkedIn uses a faulty certificate in the region, the exit node is served from? |
could also be a difference between Tor Browser's CA certificate trust and iOS/Safari's? does this error happen in Safari on the same iOS device? (We just set up securedrop again at work and noticed a weird issue where our naked domain I don't see anything unusual on their end:
SSL Labs' test seems to show so could be some weird interaction between our TLS requirements and the way their servers are responding. |
The reason i access Linkedin via Tor is that it's blocked in my country :), so no way to test that.
None on both.
Tried both obfs4 and meek-azure, none of it helped.
There's no way of knowing it, because the cirquit isn't established. Each tab in OB has its own cirquit right?
Well, it is persistent for me :). I'm trying linkedin.com for two days now without success. |
Oookay, seems there's something wrong with my device, as it also works from other phones. Is there a way to diagnose it, maybe check OB's internal logs or something? |
What version iOS and what device model? (In the Settings app -> General -> About: Software Version, Model Name, and Model Number would be the most useful.) |
iPhone 6s (A1688) |
It works for me. I would think, the root CAs are the same on iOS on every device, aren't they? And the cert I see in Onion Browser looks pretty much like the one you posted.
Well, Tor normally creates circuits per domain. Typically, the entry node stays the same, though. There's a UI issue in your edge case, as OB doesn't show the circuits, as long as the page doesn't load at all. :-/
In that case, it definitely has nothing to do with the exit nodes, because they would have changed by now. Just make sure that the entry node changes. Browse to a working website, tap the onion icon, press "New circuit for this page". Actually, all circuits will be removed and fresh ones created on the next request.
Nope, sorry. But this points in another direction: Did you somehow manage to change the list of trusted root CAs? Is your device under company device management? |
I certainly have some corporate profiles installed, which contain certificate chains for EAP-TLS authentication. You think it might somehow alter the list of root CAs? Is it possible to check this list out in iOS? Right, so it seems to definitely be on my end and will likely happen with any HTTPS url i try to open: But opening https://repo.maven.apache.org/maven2/ in Safari on iOS works! Can't help but notice the error message could be improved as to actually show what SSL error occurred, so we wouldn't have had to guess - is this to do with my phone, or with CA chains, or with the way OB works with iOS retrieving certificates. |
Unfortunately, the buit-in root CA list cannot be seen on iOS. At least, not with onboard resources. This all looks, like you should avoid that device as much as possible. There's something going on and I bet it's about trying to listen in on your secure connections. The error message you see comes from iOS itself. So we can't do much about it. I never saw that error message, and it isn't even recognized as a TLS error. (Because then, it would have given you the option to ignore it. - For folks surfing to self-signed sites...) However, I added some code which adds the error code and domain on unknown errors, so after the next release, you can send in more informative screenshots. :-) I'll close this now, as I don't see how we could improve any more here. Thanks for your insights and keep yourself secure! |
Oh, i see, i guess there's not much for you to do indeed, it's likely not an issue with OB anyway. Thanks for great help and for being patient and friendly :).
Come on, can't be that bad! Maybe the root issue lies in the fact that even though the device itself is rather new, the iOS image travelled with me since 2008 (i've never done a fresh start on a new device, just restored old iOS backups), who knows what garbage it accumulated for all that time. |
You're welcome!
AFAIK, system stuff is not dragged along, but freshly reinstalled. Just settings, apps and user data are copied from backups. If that's a company device and you have some device management running from your company, this device is not safe for private use! This fact is valid for everybody in every country. Don't use it for private things! |
Connecting to https://linkedin.com gives an SSL error (see screenshot). It works with desktop Tor browser, so i suppose it's not a Linkedin issue?
I tried to reduce security levels to 1 and also downgrade TLS in the settings, but nothing helped.
iOS 13.3.1
OnionBrowser 2.5.0
The text was updated successfully, but these errors were encountered: