keybase / client

Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
BSD 3-Clause "New" or "Revised" License
8.91k stars 1.23k forks source link

TLS Handshake error in Keybase from within corporate intranet #9207

Open ids-nick opened 7 years ago

ids-nick commented 7 years ago

Hi, I'm trying to proof-of-concept Keybase as a useful tool at work but cannot get it working within our network. It works fine on my non-work machines, and works fine on my work machine when using an outside network.

I've already asked the network infrastructure to whitelist api.keybase.io. Now that that is done, I can install and open keybase and sign in, but most functionality fails.

Most/all ui features show this error:

Error: API network error: doRetry failed, attempts: 6, timeout 11.390625s, last err: Get https://api.keybase.io/_/api/1.0/sesscheck.json: remote error: tls: handshake failure at l.t (file:///C:/Users/Dev/AppData/Local/Keybase/Gui/resources/app/desktop/dist/index.bundle.js:1:249154) at l (file:///C:/Users/Dev/AppData/Local/Keybase/Gui/resources/app/desktop/dist/index.bundle.js:1:249758) at s (file:///C:/Users/Dev/AppData/Local/Keybase/Gui/resources/app/desktop/dist/index.bundle.js:1:249449) at t.convertToError (file:///C:/Users/Dev/AppData/Local/Keybase/Gui/resources/app/desktop/dist/index.bundle.js:1:249636) at _rpcClient.invoke.e (file:///C:/Users/Dev/AppData/Local/Keybase/Gui/resources/app/desktop/dist/index.bundle.js:1:236528) at file:///C:/Users/Dev/AppData/Local/Keybase/Gui/resources/app/desktop/dist/index.bundle.js:11:249324 at e.t.Deferrals.e._call (file:///C:/Users/Dev/AppData/Local/Keybase/Gui/resources/app/desktop/dist/index.bundle.js:6:233825) at file:///C:/Users/Dev/AppData/Local/Keybase/Gui/resources/app/desktop/dist/index.bundle.js:6:233976 at s (file:///C:/Users/Dev/AppData/Local/Keybase/Gui/resources/app/desktop/dist/index.bundle.js:6:233605) at e.t.Deferrals.e._fulfill...

From keybase commandline I get a similar TLS error with a possibly useful error code of 1601:

C:\Users\Dev\AppData\Local\Keybase>keybase id chris

I will do a keybase log send and add the id. This may well be an issue on our side, but I need some guidance as to what to ask the network team to change, my network is otherwise usable and functional.

Keybase GUI Version: 1.0.33-20171003151350+ea019b3

ids-nick commented 7 years ago

Unsurprisingly, log send failed :(

C:\Users\Dev\AppData\Local\Keybase>keybase log send This command will send recent keybase log entries to keybase.io for debugging purposes only.

These logs don’t include your private keys or encrypted data, but they will include filenames and other metadata keybase normally can’t read, for debugging purposes.

Continue sending logs to keybase.io? (type 'YES' to confirm): yes Enter feedback (or ENTER to send): This goes to the github issue 9207 Enter feedback (or ENTER to send):

Let me know what if any logs you need.

ids-nick commented 7 years ago

By the by, I notice that (when coming from outside the corporate network) I get a self-signed cert error when trying to hit api.keybase.io from a browser. It could be our network gurus have some kind of rule to block traffic to https sites with self-signed certs?

From within our network I get SSL_ERROR_NO_CYPHER_OVERLAP, which seems to be the error Firefox throws when a site only supports RC4, which seems unlikely to be the case...

pipiche38 commented 6 years ago

I'm amazed that a problem from 2017 is still not addressed !

I have the same problem and cannot use Keybase due to that !

Vladx71 commented 4 years ago

it is still exists.... it seems keybase does not use OS certificate trust store, so cannot be used behind TLS inspection. Any chance to fix it?

maxtaco commented 4 years ago

This should work now if you enable proxy settings.

Vladx71 commented 4 years ago

This is a transparent proxy solution works for almost everything else

Pál, László vlad@vlad.hu

On 2020. Jan 10., at 16:19, Maxwell Krohn notifications@github.com wrote:

This should work now if you enable proxy settings.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/keybase/client/issues/9207?email_source=notifications&email_token=AB3RO2SBNA2SFQ43FGHZPUTQ5CGWZA5CNFSM4EATQTZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIUHJ2A#issuecomment-573076712, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB3RO2T4XHNSATQCGA3EQHDQ5CGWZANCNFSM4EATQTZA.