search

Bitcoin-ABC / ElectrumABC

Mirror of https://reviews.bitcoinabc.org/source/bitcoin-abc/browse/master/electrum/
https://bitcoinabc.org/electrum
Other
32 stars 16 forks source link

CashFusion server fusion.tokamak.cash:8788 SSL/TLS cert expired #296

Open gasull opened 1 year ago

gasull commented 1 year ago 
$ openssl s_client -connect fusion.tokamak.cash:8788
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = fusion.tokamak.cash
verify error:num=10:certificate has expired
notAfter=May  1 14:31:35 2023 GMT
verify return:1
depth=0 CN = fusion.tokamak.cash
notAfter=May  1 14:31:35 2023 GMT
verify return:1
---
Certificate chain
 0 s:CN = fusion.tokamak.cash
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISBAO/D8Al+hZ6BKEYImXD3wawMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAxMzExNDMxMzZaFw0yMzA1MDExNDMxMzVaMB4xHDAaBgNVBAMT
E2Z1c2lvbi50b2thbWFrLmNhc2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCldmJdZ13uCoS8tEB9IseV9EuV8/L/BHpYifrsYICjofBhyCCeLZJsomqP
SDXqNy6gvCr2Mt4b046eFpaflCGWUvrExTyh4Wnxbe8kkPyTTNOm3QigQxzOUN+z
0Y7m7i20c12ddsM1zo9gSyDUCq8eZipRhy8HNQh6GibCgYl6stdfKxjr+iNfHgyE
w1UbFGRti3QCdRoevsgcBKo/9YO7OJVoAFfyRDXYW0CP57nqbqB5/yrPXEgrGvtu
2EVNKXz56YfFZQ0i/EIAAIrLhGVnivyZ0xdusmsJOW+tCyzGyiNln0yqbRGRYpfT
OOygu8ddsYpD8L+tNKXQo70WdGl7AgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFDQvKF9Zl3OOdTsrGl2yDuEfK0NpMB8GA1UdIwQYMBaAFBQusxe3
WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0
cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5j
ci5vcmcvMB4GA1UdEQQXMBWCE2Z1c2lvbi50b2thbWFrLmNhc2gwTAYDVR0gBEUw
QzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDov
L2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQB6
MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYYIdHlaAAAEAwBGMEQC
ICQHszgTeomeyp5Nf4mrGFuez2EtNEnqFc0bvbjzhnfLAiBC/HXRjmAszjiAgg6/
5sJAMH32T2OUuMdqiPNmxOYdkwB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nh
d31tBr1uAAABhgh0eTgAAAQDAEgwRgIhAKw+LlQRHjVymLqn0QrnS4EZqJnDyigU
XG6WzAvAPIP0AiEAhYVlTlcd6hKZNVSFYoywUJjNUOGM2DRtA3WhOsAOPQYwDQYJ
KoZIhvcNAQELBQADggEBADlLS3yvmiqz6nf6jPxGNDVfw7/UAsvcIDDzj2NybTXs
/XHQgnykor2vivGw2yepk/VSdGo1WebsBXmRwV3ZU3/fkPGAhZFJUFc6hPURSE/g
NamsYraih8fJx2ZVXipjjOQGJg80k0X1Uq8QF0wnawO56EVjHiVlbqTqDBVxe4AS
PsOv/xK2MHWtq5DnKPqq0FTxCadTQ5F0DpclB+i/evMvghLEfms66ECfy18Pjz86
ZM7MAE0Afy0UgrKROdQ8a6hU9vz/TLMMCO/qmlR5sag2oz/XMPbuTNANaQgnNrap
/+o7g+Sav7GGwCioZzrvcqsN0gS+yv5+h1h7umZDg8g=
-----END CERTIFICATE-----
subject=CN = fusion.tokamak.cash

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4580 bytes and written 391 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 6BB6233B23024970802A2F4D26A0DE3CB1219C902806D6C6FC397D2A4DED5535
    Session-ID-ctx: 
    Resumption PSK: 9F7103AF209E6A05EC9D536126588713EFA0F68ADC156A0160CF42750514DB5C107BCC79F916B67C656DB6C24ADB0944
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - 06 cb a6 a5 78 34 27 61-fe 24 5d 27 97 e8 db 5b   ....x4'a.$]'...[
    0010 - 2d 9d 27 2a b1 5b 8a 0b-07 18 f1 f8 01 77 7e ec   -.'*.[.......w~.

    Start Time: 1684149877
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 6C8A4881CA30D53632B6A3C2E2C68C1D11130DC6341EF8801C8E91604ABF2732
    Session-ID-ctx: 
    Resumption PSK: A5C89B4FBF7B3A9745644714D68127AE55AE0059793EDA7C458260DC7FCC4443D2A807F8CA404A197C5A8090321673CA
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - 4d 44 75 f8 35 fa 87 b3-2e 81 21 ce 11 84 c9 13   MDu.5.....!.....
    0010 - 92 77 e2 b0 2b 9a 1b d8-88 bd 82 75 22 c5 bb f5   .w..+......u"...

    Start Time: 1684149877
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed
gasull commented 1 year ago

This seems to happen frequently. See #212 and #281.

Is there any workaround for the next time, like disabling TLS checking? (Far from ideal, I know).

Thanks.

<insert Bernie meme "I'm once again asking you... to update your TLS cert" />