Corewala / Buran

Gemini browser for Android
GNU General Public License v3.0
107 stars 10 forks source link

TLS 1.3 capsule giving a Server Error: Handshake failed #46

Open acidus99 opened 1 year ago

acidus99 commented 1 year ago

In Buran 1.12, I'm getting the following error when trying to access a capsule:

Error
Bad response: Server Error:
Handshake failed

The URL is gemini://gemini.locrian.zone/gemlog/darkmode.gmi, but I get the same error for any page on that Capsule.

This capsule works fine in other clients like Lagrange. I assume there is a problem with the TLS library/support that Buran has. I used openssl s_client -connect gemini.locrian.zone:1965 to see more about the TLS handshake:

CONNECTED(00000005)
depth=0 CN = gemini.locrian.zone
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN = gemini.locrian.zone
verify return:1
---
Certificate chain
 0 s:CN = gemini.locrian.zone
   i:CN = gemini.locrian.zone
   a:PKEY: ED25519, 256 (bit); sigalg: ED25519
   v:NotBefore: Dec  4 20:35:43 2022 GMT; NotAfter: Dec  4 20:35:43 2023 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBUDCCAQKgAwIBAgIRAOOnMbTyI5ypHG2Mj3TUzG0wBQYDK2VwMB4xHDAaBgNV
BAMTE2dlbWluaS5sb2NyaWFuLnpvbmUwHhcNMjIxMjA0MjAzNTQzWhcNMjMxMjA0
MjAzNTQzWjAeMRwwGgYDVQQDExNnZW1pbmkubG9jcmlhbi56b25lMCowBQYDK2Vw
AyEA8iJz0LjhdK9mJZpkYTNVDoCvavccx3JBKMskAsDVAXSjVTBTMA4GA1UdDwEB
/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB4GA1Ud
EQQXMBWCE2dlbWluaS5sb2NyaWFuLnpvbmUwBQYDK2VwA0EArEy6sqzS9X2sKJXo
iFNXBgal9RLXt08YjiuHYsQPVzGEE27cNMHiOiF0cIA1XvQAPh2zTxVVMQPM6E7V
fVCSDw==
-----END CERTIFICATE-----
subject=CN = gemini.locrian.zone
issuer=CN = gemini.locrian.zone
---
No client certificate CA names sent
Peer signature type: Ed25519
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 688 bytes and written 385 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_128_GCM_SHA256
    Session-ID: 25AC10AD9A84E9D3F61487E5956538DFBDA2D20E1DA8C773F19D5E89B85A9EDF
    Session-ID-ctx: 
    Resumption PSK: 3D2C4C61E98086285EE763ED1F657C9F63D740867729AE385576BB04792A489A
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 604800 (seconds)
    TLS session ticket:
    0000 - bf 5f 20 94 99 3a 0a a8-03 a0 fa d2 21 f1 ef 64   ._ ..:......!..d
    0010 - da 41 af fe 12 54 45 ed-16 1f 98 0c d1 c8 97 77   .A...TE........w
    0020 - 52 b8 07 ad a4 93 0f f9-07 b3 dd 3f ca 98 1a 28   R..........?...(
    0030 - e2 65 fc 67 bf f1 31 7d-07 cb 00 3a c4 09 fe 43   .e.g..1}...:...C
    0040 - e6 d6 16 a9 f2 f7 2b d6-c6 e0 90 50 64 37 6e cb   ......+....Pd7n.
    0050 - 34 16 48 e9 7a c0 ea 92-67 55 53 a8 ea 54 bc dd   4.H.z...gUS..T..
    0060 - 94 6b 83 55 e1 2b 6e 5b-13 f2 40 67 68 c8 e8 5d   .k.U.+n[..@gh..]
    0070 - fd                                                .

    Start Time: 1692703689
    Timeout   : 7200 (sec)
    Verify return code: 18 (self-signed certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
acidus99 commented 1 year ago

Here is another capsule which gives the same Handshake error: gemini://ibannieto.info/stuff/links.gmi

Interestingly enough the Certificate/TLS settings are very different:

openssl s_client -connect ibannieto.info:1965
CONNECTED(00000005)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = ibannieto.info
verify return:1
---
Certificate chain
 0 s:CN = ibannieto.info
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug  1 16:12:15 2023 GMT; NotAfter: Oct 30 16:12:14 2023 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGmTCCBYGgAwIBAgISA/n4I2yKcKSrWcJkmtutw7DsMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA4MDExNjEyMTVaFw0yMzEwMzAxNjEyMTRaMBkxFzAVBgNVBAMT
DmliYW5uaWV0by5pbmZvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
0V9Mp7z/7yTILi2HQnug4DImSu4q+w6aKggv6mKLQ1cAKXjK8ZzbmQMUyv8W0xI9
9jVl1t56wRgdjadznAHwcTg3kqL3l5JVDEHH+Z5HlkpW7ZjtZExOlarQKM1DjbdJ
7dQkSsSntYNAdPHIt+OvHBxDHl7TWA4WG4A5puzHdbaIB8m4A/kUza1iQO7TWr4J
+ohAEPHEx2aiPyV1Vf/9+RW6LIyMtu7ujE3yzejfEprskIthMnq8k+yAdwuNarsD
VbBf0coJzPecqnKdj8GU6T/Z2xYovhSITJ26cCvkwRJjP9QD/s61qw3GeO3YW4Zv
wjmrMeH/5wI3Nu5wOkDHuxGxuQVXsOupHD30IhFiX8fRvzoFbPftS8Qm1VwBMLk/
ssAWEoX/nKTsb1OGGtXdGHhpcoRDPPD1v6ABpFSPEgXjzHDyQuazLOo3h4a15gQB
ZcqFpdU6NQHITQuDIAFstB+Jv3JQrZifnCQVgGkk+9xEH2/rVncUiKM2oY/CO3/4
xcj/5ehb6ySGiXLcOKwT0VfGpmLHPV5tMJIIJCbF8BEz80X7RYuPN0rI39KSnSE9
ejusZKauE0ZQQlpducYdOvTFWo/M/M7ywA655mcpDgBC7DzIZDiZAzWWuVeX89l/
aUtKOV8wUWBo3+m17LGmS9kcGlwOrqys7mY8hylOXpMCAwEAAaOCAsAwggK8MA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUMEzSq4kBYvriutJdeXHjoqXKKL8wHwYDVR0j
BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
Ly9yMy5pLmxlbmNyLm9yZy8wgckGA1UdEQSBwTCBvoIQOS5pYmFubmlldG8uaW5m
b4IVYnR3ZG4xLmliYW5uaWV0by5pbmZvghVmb3NzaWwuaWJhbm5pZXRvLmluZm+C
FWdlbWluaS5pYmFubmlldG8uaW5mb4ISZ2l0LmliYW5uaWV0by5pbmZvgg5pYmFu
bmlldG8uaW5mb4IWam91cm5hbC5pYmFubmlldG8uaW5mb4IVd2ViZGF2LmliYW5u
aWV0by5pbmZvghJ3d3cuaWJhbm5pZXRvLmluZm8wEwYDVR0gBAwwCjAIBgZngQwB
AgEwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQB6MoxU2LcttiDqOOBSHumEFnAy
E4VNO9IrwTpXo1LrUgAAAYmyFgaqAAAEAwBGMEQCIFov2GIMyXaN7ky8rDMzKHRQ
XB6lBzkAjMuWsvYhwwrMAiBYssKfDJoj0cnlUjpUx+xkzqMjTQMdhwkIknzdVRYJ
VwB2AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABibIWBsIAAAQD
AEcwRQIhAMZwtPeaC53Y6OpfLgQWoFaWbtAF/k2a9L0eyjjMkWdAAiADQWQsHVuf
d0iTGYpZqqC6ZEJi4d02jh1y1gjxIbna8DANBgkqhkiG9w0BAQsFAAOCAQEAnaTJ
532WvM05GJ0ybtAzOkEBEOeOpBUVPJfo9Bt4ZV7qiBH0Gy3nFDsbgEB2jyz9LOxG
3eyuyt30uB2Gu6ITdOtVuBCGNQl2C+E2QH3LNI3hcMjVFlk4n5HIwrjWZGXAJQ35
orOdiGXXvAL5jGhjI4uhScQ73tci28Brcj2082ijJRPYZArB0bZvPmAh/EL/M72z
2Zv2ZpYLlW9wqqZZZnh4pqsepFO3TcLsj6NflPcC4o8jQFK/g4xRmHAb82LYAAlB
+0/EJpla0641t8fyeBN3bG1Gr5QlSnZdv4kvJB+Ezul9D6xcZRVS/qd7B52cPk1O
h4ISvixm54UDHGiy5A==
-----END CERTIFICATE-----
subject=CN = ibannieto.info
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Requested Signature Algorithms: RSA-PSS+SHA512:RSA+SHA512:ECDSA+SHA512:RSA-PSS+SHA384:RSA+SHA384:ECDSA+SHA384:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA256
Shared Requested Signature Algorithms: RSA-PSS+SHA512:RSA+SHA512:ECDSA+SHA512:RSA-PSS+SHA384:RSA+SHA384:ECDSA+SHA384:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA256
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5258 bytes and written 426 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

RSA is for the cert used instead of EC. The TLS cipher family is similar to the other capsule, but the sizes of the key and hash are different. This seems to imply a bigger issue than the TLS library that Buran is using not supporting a single TLS configuration.

acidus99 commented 1 year ago

I suggest ensuring that you are using the latest version of whatever TLS library you. Also check the documentation to see if you need to do certain things to enable the appropriate/modern TLS ciphers