Open Chilledheart opened 8 months ago
And the OS information
PS C:\> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.22621.2506
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.22621.2506
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
PS C:\> gwmi win32_operatingsystem | fl Caption, Version, BuildNumber
Caption : Microsoft Windows 11 Pro
Version : 10.0.22631
BuildNumber : 22631
See more at Let's Encrypt Chain of Trust page.
Strange. According to Microsoft's Trusted Root Program, ISRG Root X1, ISRG Root X2 and many other root certificates are on the list.
Perhaps the list you get from powershell stores which trusted root certificates have been used/found. If that's the case, then if you use HTTPS to access a web page with a certificate provided by letsencrypt, the ISRG root certificate will appear on the list.
By installing the cumulative update, the problem was resolved. Not sure how it might affects naiveproxy users. But that's an issue (maybe not so large).
Oh, I did not see that.
By installing the cumulative update, the problem was resolved. Not sure how it might affects naiveproxy users. But that's an issue (maybe not so large).
Oh, I did not see that.
Yes. It only happens on some installations of windows 11, but not all. And in some installation, cumulative update will fix this issue. I recommended use gci Cert:\LocalMachine\Root
(powershell) to validate if you have the same issue.
And it (missing ISRG X1 Root) also happens to some old Android release prior to 7.1.1 according to this post https://www.webmasterworld.com/webmaster/5015781.htm
It is an OS-related issue, not naiveproxy's.
For most of forwardproxy users, it is likely to use Let's Encrypt Root for free SSL ceritificates. However, in the some latest Windows 11 installation, the CA (named ISRG) is missing. For my case, I created a new Windows 11 VM from Parallels Desktop inside a m3 macbook and found the ISRG CA missing in ROOT certificate store.
I did something like in PowerShell:
You can find the ISRG CA is missing. For naiveproxy, it will prevent TLS connection from establishing with the forwardproxy server. And I also tried Windows 11 23H2 iso in a physical machine, it also produced the same SSL error.
By installing the cumulative update, the problem was resolved. Not sure how it might affects naiveproxy users. But that's an issue (maybe not so large).