Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LibTLS: support strong ECDSA-based TLS 1.2 cipher suites #14160

Closed
Seirdy opened this issue May 31, 2022 · 4 comments
Closed

LibTLS: support strong ECDSA-based TLS 1.2 cipher suites #14160

Seirdy opened this issue May 31, 2022 · 4 comments
Labels
enhancement New feature or request

Comments

@Seirdy
Copy link

Seirdy commented May 31, 2022

Currently, the following websites fail to load in LibWeb due to a lack of supported cipher suites:

My site supports the following TLSv1.2 cipher suites:

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	[ECDH: X25519 (253 bits)]
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	[ECDH: secp521r1 (521 bits)]
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	[ECDH: secp521r1 (521 bits)]

This cipher suite selection is fairly common, since it's the strongest set of ECDSA-based TLS 1.2 cipher suites.

Here's the log of my attempt to connect to seirdy.one in the browser. It looks more or less the same for the other two websites I listed.

19.617 WebContent(41:41): ResourceLoader: Starting load of: "https://seirdy.one/"
19.702 RequestServer(43:43): We were alerted of a critical error: 40 (HandshakeFailure)
19.706 RequestServer(43:43): Possible failure cause(s):
19.706 RequestServer(43:43): - No cipher suite in common with seirdy.one
19.706 [#0 NetworkTask(7:7)]: handle_tcp: unexpected flags in CloseWait state (10)
19.710 RequestServer(43:43): Consumed an error: -1
19.710 RequestServer(43:43): consume error: -1
19.710 RequestServer(43:43): Possible failure cause(s):
19.710 RequestServer(43:43): - No one knows.
19.710 RequestServer(43:43): ConnectionCache: Connection to https://seirdy.one/ failed: HandshakeFailure
19.717 RequestServer(43:43): Request with a null socket finished for URL https://seirdy.one/
19.728 WebContent(41:41): ResourceLoader: Starting load of: "https://seirdy.one/favicon.ico"
19.747 RequestServer(43:43): We were alerted of a critical error: 40 (HandshakeFailure)
19.758 RequestServer(43:43): Possible failure cause(s):
19.762 RequestServer(43:43): - No cipher suite in common with seirdy.one
19.762 RequestServer(43:43): Consumed an error: -1
19.766 RequestServer(43:43): consume error: -1
19.766 RequestServer(43:43): Possible failure cause(s):
19.766 RequestServer(43:43): - No one knows.
19.769 RequestServer(43:43): ConnectionCache: Connection to https://seirdy.one/favicon.ico failed: HandshakeFailure
19.769 RequestServer(43:43): Request with a null socket finished for URL https://seirdy.one/favicon.ico
19.773 [#0 NetworkTask(7:7)]: handle_tcp: unexpected flags in Closed state (10)
19.773 WebContent(41:41): ResourceLoader: Failed load of: "https://seirdy.one/", Error: Load failed, Duration: 156ms
19.779 WebContent(41:41): ResourceLoader: Starting load of: "file:///res/html/error.html"
19.780 WebContent(41:41): ResourceLoader: Finished load of: "file:///res/html/error.html", Duration: 1ms
19.788 WebContent(41:41): ResourceLoader: Starting load of: "file:///res/icons/32x32/msgbox-warning.png"
19.788 WebContent(41:41): ResourceLoader: Finished load of: "file:///res/icons/32x32/msgbox-warning.png", Duration: 0ms
19.795 WebContent(41:41): ResourceLoader: Failed load of: "https://seirdy.one/favicon.ico", Error: Load failed, Duration: 66ms
@Lubrsi
Copy link
Member

Lubrsi commented Jun 2, 2022

Work was started on it here, but went stale and was auto-closed: #13163
I tested it locally and it still works, except that it's missing ECDSA certificate handling since we merged in certificate verification after that PR was opened.

@msvisser
Copy link
Contributor

Since #21212 was merged all of the websites above do load now. So I think we can close this issue?

@ADKaster
Copy link
Member

Confirmed fixed, except that hexavalent.org gives a DNS resolution error. even on linux from my location.

@Seirdy
Copy link
Author

Seirdy commented Nov 26, 2023

Confirmed fixed, except that hexavalent.org gives a DNS resolution error. even on linux from my location.

Yeah, the site is gone. The project wound down.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants