-
-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: unexpected message #316
Comments
Thanks for finding this. Can confirm the bug with version:
This seems to be an upstream bug with Go's TLS library. Or perhaps not a bug at all, but an issue with the server, and other non-Go clients are more forgiving of it. Related Go issues:
This capsule uses the bespoke blizanci server. Maybe the issue is there, maybe not. Would require some testing and reading into its code. |
working theory is that we're hitting the following missing feature / bug of the underlying server-side TLS implementation: erlang/otp#5950 Is the amfora TLS client trying to use a TLS version earlier than TLS v1.3? |
TLS 1.3 is used. Amfora supports both 1.3 and 1.2. |
Aha! I shall have to check this out by installing Amfora. The Erlang/OTP people will be interested to hear what on earth is going on here. |
@mk270 thanks looking into this! Let me know how things go. Once this is confirmed to be a server-side problem I'll close this issue, but you can still put updates here.
Can confirm. |
Thanks. does Amfora default to TLS v1.2 though? |
I've checked this with |
The problem is recurring for me with gemget, I'd be surprised if it didn't. Maybe you're using an older version, and something in Go's TLS lib changed somewhat recently that is causing this bug? Strange...
This is handled by the Go TLS lib. The only setting I've made related to versions is that TLS 1.2 is the minimum supported version, so TLS 1.0 will never be used. I would assume that the client uses the highest version that the server supports. Can't find an RFC or code snippet to support this right now, but it would be weird for it to do anything else. So the answer is that Amfora will use TLS 1.3 if the server supports it, and otherwise use TLS 1.2. |
It looks like upstream has just put a lot of work into fixing this. Let's re-test in due course. |
amfora gemini://gemini.ucant.org/
-> URL Fetch Error: Failed to connect to the server: local error: tls: unexpected message.The capsule works in other clients.
I'm using:
The text was updated successfully, but these errors were encountered: