browser can't be downloaded because of invalid SSL certificate

[mkshevetskiy]

Trying to start torbrowser for the first time produce the following message

The SSL certificate served by https://www.torproject.org is invalid!
You may be under attack.

After that the program terminate. Running it from terminal results in the
following console output:

Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.2.6
https://github.com/micahflee/torbrowser-launcher
Downloading over Tor
Downloading and installing Tor Browser for the first time.
Downloading https://dist.torproject.org/torbrowser/update_2/release/Linux_x86_64-gcc3/x/en-US
Download error: [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]>] <class 'twisted.web._newclient.ResponseNeverReceived'>

[anarcat]

I have seen this as well. Restarting the launcher fixed the problem.

I can see many problems with this bug:

1. users will not know this is a possibly transient failure (e.g. compromised exit node) and that there is an easy workaround (restarting the browser)
2. users may assume they are under an individually targeted attack, which is probably not the case here
3. it makes it possible to "DOS" (Denial Of Service) users out of starting tor completely by jamming the communication channel - presumably this could fail if key entry points are censored as well
4. it doesn't identify the rogue exit node so there is no way for tor operators to fix the issue

I am particularly concerned that the user is being informed that he/she "may be under attack". I think this is a mischaracterisation of how tor works: if the user able to build a circuit (which seems to be the case here), then the exit node is not supposed to know who he/she is, unless the tor network is compromised in a novel way, or some very powerful actor is running a correlation attack. It is way more likely this is a rogue exit node.

I recommend the following measures be taken:

1. use a hidden service address to download the tarball to avoid exit node MITM (I can't find the address right now, but i seem to recall torproject.org setup exit nodes for all services)
2. failing that, at least try another circuit if the first one is compromised
3. report which exit node is (presumably) was in use when the verification failed
4. do not report that the user may be individually under attack ("you are under attack") and instead report the problem more factually (e.g. "there was a problem looking for updates, one relay in the tor network may be compromised")
5. ultimately, do not allow a rogue exit nodes to random DOS torbrowser-launcher users: let the user launch a potentially out of date version of the software and maybe warn the user about the problem

Regarding the last point: in my case, my torbrowser was up to date. Failing to start was a mistake, in this specific case: I had it started the day before and it was unlikely to be out of date in the first place. It was better, in my case, to start with an older version than to completly crash. I should note that torbrowser-launcher is the first piece of software I have seen that completely fails to start when out of date. This kind of "time bomb" technique is generally frowned upon, for good reasons: up to date is good, but it should degrade correctly.

Also keep in mind warning fatigue is a problem. We keep making the mistake to tell users "they are under attack", and our users have come to ignore those warnings, with good reasons sometimes. Anyone that has actually been attacked by a fellow human being will, at the best of times, laugh at those ridiculous warnings, and rightly so ignore them. At the worst of times, they will relive, for an instant, that traumatic moment and hate our software for reminding them of that terrible moment.

Note that this was also reported in the Debian BTS (#845989).

[micahflee]

I can't reproduce. Is this still an issue?

[Floppyjoe]

micahflee, I get this error on Ubuntu 16.04 32 bit architecture and on Windows bash Ubuntu 16.04 64 bit architecture. No matter how many times I uninstall and reinstall or retry it I always get this error. It is possible however to install the Tor Browser bundle directly from the website using other methods in both Ubuntu 16.04 32 bit and Windows 10 Bash Ubuntu.

[anarcat]

I can still reproduce this in Debian Jessie (see above BTS link), but maybe this could be considered a Debian-specific issue at this point... :/

[amalmurali47]

For those who are still facing the issue, run this:

gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir/" --refresh-keys --keyserver pgp.mit.edu

And restart torbrowser-launcher, it should work.

[diego-treitos]

For me the only thing that worked was this:

SSL_CERT_FILE="$(python -m certifi)" torbrowser-launcher --settings

[nonlin-lin-chaos-order-etc-etal]

gpg --homedir "$HOME/.local/share/torbrowser/gnupg_homedir/" --refresh-keys --keyserver pgp.mit.edu
gpg: refreshing 1 key from hkp://pgp.mit.edu
gpg: keyserver refresh failed: No data

SSL_CERT_FILE="$(python -m certifi)" torbrowser-launcher --settings
/usr/bin/python: No module named certifi
[…]

lsb_release -d
Description:	Ubuntu 18.04.1 LTS

[nonlin-lin-chaos-order-etc-etal]

As per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845989 :

openssl s_client -connect aus1.torproject.org:443
CONNECTED(00000003)
depth=0 ST = Klatch, L = Al Khali, O = torproject.org, OU = auto-CA, CN = listera.torproject.org, emailAddress = hostmaster@listera.torproject.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 ST = Klatch, L = Al Khali, O = torproject.org, OU = auto-CA, CN = listera.torproject.org, emailAddress = hostmaster@listera.torproject.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/ST=Klatch/L=Al Khali/O=torproject.org/OU=auto-CA/CN=listera.torproject.org/emailAddress=hostmaster@listera.torproject.org
   i:/ST=Klatch/L=Al Khali/O=torproject.org/OU=auto-CA/CN=auto-ca.torproject.org/emailAddress=torproject-admin@torproject.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgICBAQwDQYJKoZIhvcNAQEFBQAwgaAxDzANBgNVBAgTBkts
YXRjaDERMA8GA1UEBxMIQWwgS2hhbGkxFzAVBgNVBAoTDnRvcnByb2plY3Qub3Jn
MRAwDgYDVQQLEwdhdXRvLUNBMR8wHQYDVQQDExZhdXRvLWNhLnRvcnByb2plY3Qu
b3JnMS4wLAYJKoZIhvcNAQkBFh90b3Jwcm9qZWN0LWFkbWluQHRvcnByb2plY3Qu
b3JnMB4XDTE4MTExNDAwMDAwMloXDTE5MTExNDAwMDAwMlowgaIxDzANBgNVBAgT
BktsYXRjaDERMA8GA1UEBxMIQWwgS2hhbGkxFzAVBgNVBAoTDnRvcnByb2plY3Qu
b3JnMRAwDgYDVQQLEwdhdXRvLUNBMR8wHQYDVQQDExZsaXN0ZXJhLnRvcnByb2pl
Y3Qub3JnMTAwLgYJKoZIhvcNAQkBFiFob3N0bWFzdGVyQGxpc3RlcmEudG9ycHJv
amVjdC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwZoMUfJ0h
fgP2iqtTd2QbQHVN81UCBCYdoZiyZrO7I+UIHxXx1wNrvzUEBHEO3Wpx8hs+VwxR
q5WH/NLJt5pfi8282CxElyw9kBHOzlYrTeQSVteF1WRV26jeBi/+dvD0Gxgewmjt
9PnnacHF5CJCUevPY/Z+T0KBf/C9uvwKKy/HEh7W51CZ3NM9C6shG1zMa3uGDqIW
nZ2peryeUzJsafk8u9w2vutajDwxzmGSkFr2yvEHBzpPxbyg6rPRfmqloea+sSel
Czq4xDnUbAklxYzQSXSUsoswwdKZz7MMYJHg6bHw4EwfaiKrMxFMFc/C4rIgLNB+
MTfQvZoOPweZAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE
AwIGQDAqBglghkgBhvhCAQ0EHRYbdG9ycHJvamVjdC5vcmcgYXV0by1DQSBjZXJ0
MB0GA1UdDgQWBBRZ2Q3eKaHt4bCvUThhvv+8Fqmp0DCB1QYDVR0jBIHNMIHKgBTo
5w8b8+Mavi2Srk6R0tx595rGbqGBpqSBozCBoDEPMA0GA1UECBMGS2xhdGNoMREw
DwYDVQQHEwhBbCBLaGFsaTEXMBUGA1UEChMOdG9ycHJvamVjdC5vcmcxEDAOBgNV
BAsTB2F1dG8tQ0ExHzAdBgNVBAMTFmF1dG8tY2EudG9ycHJvamVjdC5vcmcxLjAs
BgkqhkiG9w0BCQEWH3RvcnByb2plY3QtYWRtaW5AdG9ycHJvamVjdC5vcmeCCQDZ
tSpHVIe2+DATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwDQYJKoZI
hvcNAQEFBQADggEBAHJ0++tYUqBASYTaX3wOFxTGa0jbyPJoJ3+ReCCED95wNGMo
3aNPqKck6UpYYXAGxHIRZBk9pGBlNWn5MN3DcJVIv9SMTWHfuJ7frbDcTa4hI8FE
bXqqGO8THK5kEFr8bthUMTu2fNiF3ApEhsAbWRslig0Onx1mh+PktdiASNXTdq93
KBvryci3GEdz437HIXzsrj5/WJxT3mB0Dpk5FQYlDW46coCQlxhVQyCnuUuDCFIa
YHMlQf5Vvcy6jwNYgsUgdlXW4pMgQYPoZe7m89bwUEklCGmu9XyXI+XRAhmc5Lki
OX9Lc8Xx+/fou/h5gfWNe/pe+GapiVogz7g+GHA=
-----END CERTIFICATE-----
subject=/ST=Klatch/L=Al Khali/O=torproject.org/OU=auto-CA/CN=listera.torproject.org/emailAddress=hostmaster@listera.torproject.org
issuer=/ST=Klatch/L=Al Khali/O=torproject.org/OU=auto-CA/CN=auto-ca.torproject.org/emailAddress=torproject-admin@torproject.org
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2011 bytes and written 302 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 1B922F3E22CDDD151BB686DAFE0BC722AC2772CDBC48EF162C905A7FC8102769
    Session-ID-ctx: 
    Master-Key: D841FB4939E1DF77B99FFAA5389ECCAD90BDD64581634734F1B861E780FC2C234C7BA40647514A84BE565B68968AB93C
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - fa 0e 73 88 ba 49 e4 58-61 b1 b4 ed 51 3d fb 42   ..s..I.Xa...Q=.B
    0010 - f5 ed 96 83 a8 b4 75 74-d8 ca 07 70 d0 3f 88 6c   ......ut...p.?.l
    0020 - d4 2f d5 4a 85 69 4a be-00 ff 7b d5 94 d2 bb 0c   ./.J.iJ...{.....
    0030 - 85 87 4e b2 f0 75 fd 0b-1c 3a 6c c3 52 c7 00 f1   ..N..u...:l.R...
    0040 - a6 a4 4f 57 19 96 ca 9f-2e 6d c7 be 90 96 a2 01   ..OW.....m......
    0050 - e7 a3 36 6a c3 6b cb 84-68 58 fc 3c 39 dc d1 1e   ..6j.k..hX.<9...
    0060 - 48 ff cc 03 b9 14 ce c7-94 82 dc e5 dd 80 b7 14   H...............
    0070 - 07 a0 a6 bb 98 40 b5 58-6b 22 8a 53 7f 67 4f 2e   .....@.Xk".S.gO.
    0080 - df c2 43 8d 5d 17 e7 41-ed 75 f0 2a 70 89 8a 90   ..C.]..A.u.*p...
    0090 - 9e c5 e8 99 75 90 9a 22-cc bc 61 79 db 46 db 45   ....u.."..ay.F.E
    00a0 - 8d 9e aa 15 31 a2 20 98-82 65 d1 3a 00 97 de 1b   ....1. ..e.:....
    00b0 - 92 f5 6f 6f b0 7c e9 08-ad 46 ab 45 9d 3a 20 2e   ..oo.|...F.E.: .

    Start Time: 1549223634
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---
closed

[nonlin-lin-chaos-order-etc-etal]

aptitude show -vvv torbrowser-launcher
Package: torbrowser-launcher             
Version: 0.2.9-2
[…]
Section: universe/python
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
[…]
Filename: pool/universe/t/torbrowser-launcher/torbrowser-launcher_0.2.9-2_amd64.deb
Checksum-FileSize: 215092
MD5Sum: 66205fffc5cb3377e2afdc612ee45590
SHA1: 7cc77fae72e1d2a2256df227177a990a41c1fcf4
SHA256: 43f5f4ab4b9af131540f8628e6c247b97d30daee0018700d30918a5e04007086
Archive: bionic
Depends: python:any (< 2.8), python:any (>= 2.7.5-5~), ca-certificates, gnupg, libdbus-glib-1-2, python-gtk2, python-lzma, python-parsley (>= 1.2), python-psutil, python-twisted, python-txsocksx
         (>= 1.13.0.1)
Recommends: tor
Suggests: apparmor, python-pygame
Conflicts: torbrowser-launcher:i386
Description: […]

Package: torbrowser-launcher
Version: 0.2.9-2
[…]
Section: universe/python
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
[…]
Depends: python:any (< 2.8), python:any (>= 2.7.5-5~), ca-certificates, gnupg, libdbus-glib-1-2, python-gtk2, python-lzma, python-parsley (>= 1.2), python-psutil, python-twisted, python-txsocksx
         (>= 1.13.0.1)
Recommends: tor
Suggests: apparmor, python-pygame
Conflicts: torbrowser-launcher:i386
Description: […]

[nonlin-lin-chaos-order-etc-etal]

I tried these https://github.com/micahflee/torbrowser-launcher instructions:

«
Installing from the PPA

If you want to always have the latest version of the torbrowser-launcher package before your distribution gets it, you can use my PPA:

sudo add-apt-repository ppa:micahflee/ppa
sudo apt-get update
sudo apt-get install torbrowser-launcher
»

The log is below:

torbrowser-launcher
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.3.1
https://github.com/micahflee/torbrowser-launcher

(python3:30434): Gtk-WARNING **: 04:08:28.202: /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/immodules/im-fcitx.so: cannot open shared object file: No such file or directory

(python3:30434): Gtk-WARNING **: 04:08:28.202: Loading IM context type 'fcitx' failed

(python3:30434): Gtk-WARNING **: 04:08:28.203: /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/immodules/im-fcitx.so: cannot open shared object file: No such file or directory

(python3:30434): Gtk-WARNING **: 04:08:28.203: Loading IM context type 'fcitx' failed

(python3:30434): Gtk-WARNING **: 04:08:28.206: /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/immodules/im-fcitx.so: cannot open shared object file: No such file or directory

(python3:30434): Gtk-WARNING **: 04:08:28.206: Loading IM context type 'fcitx' failed
Downloading Tor Browser for the first time.
Downloading https://aus1.torproject.org/torbrowser/update_3/release/Linux_x86_64-gcc3/x/en-US
Latest version: 8.0.5
Downloading https://dist.torproject.org/torbrowser/8.0.5/tor-browser-linux64-8.0.5_en-US.tar.xz.asc
Downloading https://dist.torproject.org/torbrowser/8.0.5/tor-browser-linux64-8.0.5_en-US.tar.xz
[…]

[averbuchnir]

I've had the same problem when I tried downloading it from an organization free wifi.
such as my work/university wifi.
when I tried to download it from my private network , it worked perfectly

[salemakowe]

I've had the same problem when I tried downloading it from an organization free wifi. such as my work/university wifi. when I tried to download it from my private network , it worked perfectly

Worked for me too