Adding SearXNG as search engine in Firefox Android fails

[utzer]

When I try to add SearXNG as a search engine in Firefox (latest version) for Android it fails. It immediately states that 'name' could not be connected, "Error when connecting to utzer" or so.

This is the fault in German.

The SearXNG Appication is installed and available publicly, but I guess something of Yunohost is interfering the connection.

Same happens when I add it with a short URL that does not contain the search settings.

It works when I get a random SearXNG instance URL, but I'd like to use mine instead.

Any way to trick Firefox to allow it to add the search engine? Or maybe even a solution to the problem?

[mh4ckt3mh4ckt1c4s]

Hi, thanks for your report. I experimented the same problem with my instance and Firefox Android, but when I debugged it I thought is was a Firefox bug related to my url being too long. If you have the problem too I'd like to debug with your instance too to see if they are the same problems.
A few questions :

• Did you already manage to add your instance as a search engine elsewhere (e.g., in Firefox on PC) ?
• Do you mind sharing the exact url you tried to input into the configuration of Firefox Android ?

[utzer]

thought is was a Firefox bug related to my url being too long.

I thought that too, but it is not I assume.

• Did you already manage to add your instance as a search engine elsewhere (e.g., in Firefox on PC) ?

Firefox Linux using at as standard search engine, no problem when I added it, but the process is different, it uses Open Search or something like that.

• Do you mind sharing the exact url you tried to input into the configuration of Firefox Android ?

Would prefer not to share it publicly, one week life time here it is.
Password: SearXNG

Had a public instance before, it got overloaded often after the URL was linked in some places.

So basic info from that zerobin, I tried the long URL that contained the whole search config, but I also tried the short URL that is https://search.example.com/searxng/search?q=%s, which also didn't work. So I think it is not the URL length.

Also I tried another public SearXNG with the long link and it worked and still works to add it again in FF Android.

From the Zerobin:

Tried this long URL:

https://suche.example.com/searxng/?preferences=eJx1V8mS4zYM_Zr4ohpXtqpUDj6lkvxA7iqIhCWMSELDxbL66wNqsSir-9BqEwRAEHhYqCBiy54w3Fp06MFcDLg2QYs3SJEvhhUYvGm85KViOxiMsk6qz38tX8gKcz14fk63_3zCi8XYsb79-_d_lwB3DAhedbefL7FDi7dAWcXFY0gmhppd7XCsIzS3f8AEvGimWjbZPNDfGGR5Zd9eFrE6xMmslil0EX0Nhlpn5fcqD_oBTqGu13MX6o-EfqrJ1ZGiKJjtJHcnR1GUKs_GrJyLWLZLLb6ZRJNBFRehjmOPUxCH3EEucNEUoDFyHLqWnLjxzxbaug6sCExlURP89Otf4ByEKiumB9b1nQyGTB76ypL37Eua3LOSbxUi-5LZgWKnoa4pyrIhQ_mvrh-kkcNMio3EBOPGMjR1vYY1L6Omtt0Vyq1D8HgXaxWh-GyhjfpBEpFCcMLhbVnNQQ9yzvx_JUoghZS_WVPyhrCU04gfErDapkBqXocIkUSEBRo-U3RbiWNzVIhdKIVRDCNdsL4AeDy2oI8ImXmXWVxrYRB2-Watlr_TkIO0c_3yLK51157zsZvP7h6xCnyPI3isNHkBRobI4vC7J9cTqEJBK3iDZt1XrLFB367LlrkVgwYDU2VZvB6KYFpBn88YIjW7Ytc4sNalHztoPOTPqrYDwYBfvDITyOpmvx85KI4hJz-JU9j1fafQ8c7fk-ohhN0HgjsPfqpycAKVG9yEiFe_nQsfZvKkCtVSGkAN4FYGO9rGlFF2g1233ASwa2Y9BcTCbB7QeRy4OH2Qa0NLYUP_4NfSUx7wIp4RvG8tp3wudgDbkJqrxsd64MKRY1zlzwsTYCG7DF9sFlwkVQXVsQFfpp8khI9DrqfF4ZH7iSNLUPrsue2-MdstOiC97ImHQI_UTKUeqeNPcNpnsO_UkXo6XCoTAiev8J0tDKhmkO4GZ7IU6kDxcNTIZrn30JWZ9dtvfzz3C-ik0e27AT8c2FKLJCdif6RIlgxkOO5yDh45G3Ymn5qpRbuh0CcBWYmdkZ_Us5PIVWFy7CaLpRXY-2OUF9IJLwt5w8pLe_g-XIexvNejzUgtJLPTrBS5Q1FN1pppl5IUexwCIBDaM2uJT5fiXkkOcO3ba8sFNC146U4Cw0PoB8lG80mO7OTCERd0x0Y37xty6VnlC2057wXaxV3BP-lRIqYRCCqww14UsvRag4tmRa59X59jMFMPwZopp6Aopb7Fx1v9yLjFQpnq8N5z9sUWBOlhXsyejl3sQZK_cs9CVHMuuVWXtkqf76QhHq60t6bPqWezozh6OqAA42TZidcLyN6NVGhfdgh0VBZ0WccMkAUqFHczlw5UHrD2pJOnV_rB1yvtZPZK_6S-det5a1tqU2l20YpeqgxaO0k5tTbloWAuPsfRauFIAf1Xe9Il4ld7WbN457z98W1tc-e-x3cRc5LUoXSQxKR9HOJtQSY4ze4L417bHYROivknHPRUhpMu-ifIfIFbo88gBhlBMtACxkNh3vakRQk8YJ2njvshyjQTZRLaxqFBN1gyDTLtyiC87VIeuDGUwB9y5hbxmtfX2dzd6oG8DDMNFL4Us2wWLM6ahq2G_BglwUpPzoQj9hbSCaYL-YRIDwKsqpEZMpSTk7hOUzz5PUiLga0u7oWdk1SuYzykX6uepZDcDY9bBQx9apKLaYN59pqTmrpM_591_TSgT-EVV3n8kJax0i_I_Kzh775JLsgAGbpyFofu2A9mwtF_E6eYmrItviiv-RzISLXJ0CnYHmSRy24qla5h7sP7tPAjcfx6hDiQ8xFzqu2ji4wVPL0NQpmaE1agfD1FXpOKH-wOAlZau5XxvIoeXDACwuIFMSD6NxfMAJDtPr-ARmxK78CxDeT1GX4je-2o3w-RuhvlPTPP628oG8GYTpq8K-Vj9Fdyb2PA-bIL-QTzhXzsh_H34sm3YrCiPQL7C3YwSTp7uGXkP6_r6tpJ9ZS5DOVRLjhb8HpgYKiXN_vo5TH9GhO-0JaRuixOiuSZfZcn-p1PO5ILtXRn1Z93_PzYqeWxKRbYnIoXmZeltt3-B2RQXgk=&q=%s

But I also tried a short one like this:

https://suche.example.com/searxng/search?q=%s

It works with a random SearXNG in FF Android:

https://www.gruble.de/?preferences=eJx1V0uP4zYM_jXNxdig2y1Q9JBTgV5boHs3aImxuZZErx5xPL--lB-xPJ45jCeiSIoiPz6kIGLLnjDcWnTowVwMuDZBizcwsmAFBm_oLpAiK7aDwYg3nVSf_1q-kBXeevD8nG7ffcKLxdixvv37z3_fLwHuGBC86m6_XmKHFm-Bso6Lx5BMDDW72uFYR2huf4MJeNFMtWyyeaC_Mcjyyr69LGJ1iJOYk225KHQRfQ2GWmfl9yoP-gFOoa7Xcxfqz4R-qsnVkaIomA0ldydHUZQqz8YsxEUqm6UW10yiyKCKy3bHsccp3DTeQey_aArQGDkNXUtOvPhnC21dB1YEprKoCX757S9wDkKVFdMD6_pOBkMmD31lyXv2JU2uWcm3CpF9yexAsdNQ1xRl2ZCh_FfXD9LIYSbFRmKCcWMZmrpeo5qXUVPb7gqVUl_io5AXL4Tg8S7mK0Lx4UIb9YMkQoWmCYd3y2pGQZCD5_8rUQIrpPzNmpI3hKWcRnyTANY2BVLzOkSIJCIsUPGZottKPJ2jROxCKYxiGOmC9YXIarlQcbFi72BSQR8RsqJd3xIHC4OwyzefaPkHDTmiO1eUmE-HS319Fk64e8Qq8D2O4LHS5AVHGVFLfO6eXE-gSoFpKu7UClahWblb5lYsGgxMGR5hD2S5Y1mCVd7dCop9xiKp2YOvo9qBtS7d30HjIX_WAzsQLPnFYTOBbJt8oYEcFAeRk5_EKXxM2075QaHj_YoCYg9-qrIDAxWXMtyEiFe_HQ5vZvKkCk1SZ0AN4FYGO9rGlJFwg1233ASwa2Y9BcTCSh7QeRy4OH2Qu0NLYUulwa9lrDzgRTyjf9_awPiR2AGMQ2quGh_rgZ5jlJrGEj7GIiMWScUaq_x5IQksZFduhIAWXCRVBdWxAV-mdOR-4sgShj47b7tyzKYLO6TS2JK6GhqtbnaDRmqmUkC6xROc9jlLdurIZrFx6A70r9--_fHcbQj45sCWDJJziP2RIggfyHDcjXDwyEjemXxqphbtBp4B0cfUlEGfS7OI97m4jdgUWxOow5Xy-hxinwRvpcaRn9SzkyBWYXLsJotl3LD3x4AvpJPehXyqYeHHcB1GV2h8tBm0heRIPVmplQfbk7VmOuTbnlOBk1fYpbiXmANQ-_ba8gbKC7pjp5shbMilZ5VP3vLUP-lRwq0RNCiww564mXuto0V3Ite-X5-dM1MPXpwpJ2_llBZIBCxkVYf3nnMKb86QluTFyunYlB4kqQM-FqKacymsurQV43wFDfFwg72bHPpUnCw7cVMBhrv2nHvXBvu7IdWXlVXEqSyabS4FvEWJ4m5ILgIN-vbQJMrz1-Zw8uRKP_hypZ28udI_qCXdet7aH8rC0MudIJQVHa2dpGpZm3I_z9a8G5MWjhTQf7YnRTp-tpc1i5_O229f1i5T2LK2Hb6LmJNECqVvJFrt4xBbCzKNaXafGPfa7iB0UjI_4NCvPkVPZTjpopGBjAG4td0MXZBJIcMr4Hydl7u3PekVAhlYh6LjfogydEQZWba5ZdC58O1Mg8ywMt5uu5SnaAwl3IecnkX85_V1Nne3eiAvo0UDhVdlolDiCXIanzsQxFib1RUWTMNWLn6Okmylp2fCEZYL6YTghXwCqweZOKpGxsNQTjfiUE3xFJcgrQS21r4XW05StI5RktlU9SxF5W543Ipd6FOTXExbBmRfOplLlkn_g4QJaUCfwivaIVeaIb-gCh_I44e0DIp-gfPm3uSCzHihK6ds6I41eyYc3Tdxetf7XpTX5A1kpExlPBVsD7LIZYOTonfQLIQsMmfWPg9I4ksmCjKvp5BpUvGN3eGyVvqklaG4ih5cMIKpw1Svseh5I3vtqC_mb-Z4z3jzp8iO8nztZC5wZYeM0V-pUChV4HGwZiacDV_IJ6wt5GM_ir9vb6z9cTiYJD0z3DLQntd1de2kmMm4g_Lclbgu8DgwMNTLa3j08kw9bQtCamlqqn-15k_OyZhZFicd8ra9y7P4zmftfp7_a3m2iQU2I_8io6MUmNv_nzoecA==&q=%s

[mh4ckt3mh4ckt1c4s]

Thanks for sharing your config. I investigated again and found out that the error is the same for my and your site, so this is indeed YNH-related.

What is strange is, I debugged Firefox Android to find what's wrong, and when the query is made to add the search engine, Firefox seems to throw an error named SSL_ERROR_PROTOCOL_VERSION_ALERT. This makes me think that it is a bug on Firefox's side as the YNH SSL/TLS configuration is surely correct and works in most cases. Furthermore, adding the YNH SearXNG engines on Firefox desktop, even with the "%s" method (that can be made available in advances settings), is working.

However, the bug should be fixable on YNH side (YNH core though, as it is in YNH core that the SSL/TLS termination is handled I guess). We "just" need to understand which TLS parameters needs to be modified for Firefox Android no to throw an error, assuming this is indeed TLS-related. My current debugging setup does not allow me to inspect TLS traffic, so I will try again later with decrypting traffic and taking a look at the TLS handshake.

[utzer]

Thanks, let me know if I can help with looking into some log on the server or something like that.

[mh4ckt3mh4ckt1c4s]

Finally found the "bug"! Thing is, YunoHost is configured to accept TLSv1.3 only. And for some reason, Firefox does not (attempt to) use TLSv1.3 but only TLSv1.2... Which makes YNH refuse the connection.

A workaround on YNH side is to modify the nginx configuration to let it accept TLSv1.2. For this you have two ways :

• Using YNH options (easy way, but didn't work for me) : in the admin panel, go to Tools > YunoHost settings > NGINX (web server) and switch the nginx compatibility from Modern to Intermediate. This should enable TLSv1.2 and make the bug disappear. You can see what the different options do with this file. Changing the option in the admin panel did not work for me because YNH told me that The configuration file '/etc/nginx/conf.d/security.conf.inc' has been manually modified and will not be updated, which I effectively did when experimenting on the bug. If you try this option please let me know how it went for you.
• Patching the file yourself : ssh on your server as root, then edit the file at /etc/nginx/conf.d/security.conf.inc and change the line

ssl_protocols TLSv1.3;

To

ssl_protocols TLSv1.3 TLSv1.2;

then restart your nginx server with nginx -s reload. This did the trick for me.

To check if your server is currently supporting (or not) TLSv1.2, you can use this site : https://www.ssllabs.com/ssltest

I'll conclude this by saying this is more a bug on Firefox's side IMO. Firefox in its latest version should definitely not be stuck on not supporting TLSv1.3, even for some advanced options. I'll make a report to Firefox when I find the time and I will put the link here once posted.

[mh4ckt3mh4ckt1c4s]

Bug to Firefox reported here

[utzer]

• Using YNH options (easy way, but didn't work for me) : in the admin panel, go to Tools > YunoHost settings > NGINX (web server) and switch the nginx compatibility from Modern to Intermediate.

This worked for me! Amazing that you figured this out!

[mh4ckt3mh4ckt1c4s]

Happy to help. According to the bug report in Firefox, this is gonna be fixed in Firefox 124, which should be released on March 19, 2024. You would try to set your settings back to "Modern" then and see if it works. I'm gonna close this but feel free to reopen if you still encounter the bug with FF 124.