search

librespeed / speedtest-go

Go backend for LibreSpeed
GNU Lesser General Public License v3.0
733 stars 157 forks source link

tls doesn't get enabled #42

Closed budachst closed 2 years ago

budachst commented 2 years ago

Description

Although tls is enabled in the settings and the required cert/key files are also present in the app directory, tls doesn't get enabled. It seems like the options for enabling tls are ignored, since removing the cert/key files will also not raise any errors, although speedtest-go should try to open them.

Server

Server is a simple CentOS 7VM, nothing special about it.

Client

Tried several clients like, Safari and FF on macOS.

Steps to reproduce

Expected behaviour

HTTPS/TLS working using the provided cert/key files

settings.toml

`

bind address, use empty string to bind to all interfaces

bind_address=""

backend listen port

listen_port=80

proxy protocol port, use 0 to disable

proxyprotocol_port=0

Server location

server_lat=-10.1 server_lng=53

ipinfo.io API key, if applicable

ipinfo_api_key=""

assets directory path, defaults to assets in the same directory

assets_path=".assets"

password for logging into statistics page

statistics_password="dontgimmethat"

redact IP addresses

redact_ip_addresses=false

database type for statistics data, currently supports: none, memory, bolt, mysql, postgresql

if none is specified, no telemetry/stats will be recorded, and no result PNG will be generated

database_type="bolt" database_hostname="" database_name="" database_username="" database_password=""

if you use bolt as database, set database_file to database file location

database_file="speedtest.db"

TLS and HTTP/2 settings. TLS is required for HTTP/2

enable_tls=true enable_http2=true

if you use HTTP/2 or TLS, you need to prepare certificates and private keys

tls_cert_file="cert.pem" tls_key_file="privkey.pem" `

When trying to connect to port 80 using openssl, this is the result:

` openssl s_client -connect arpguard-sensor-jvmn.jvm.de:80 -crlf CONNECTED(00000005) 8628868780:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/AppleInternal/Library/BuildRoots/b6051351-c030-11ec-96e9-3e7866fcf3a1/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/ssl/ssl_pkt.c:386:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 5 bytes and written 0 bytes

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1653206557 Timeout : 7200 (sec) Verify return code: 0 (ok)

`

yas-nyan commented 2 years ago

Hi. I implemented the TLS option for speedtest-go at #39. Can you tell me a little more about your execution environment? Note that the TLS option has not yet been applied to the released version; If you want to use the TLS feature, you need to build manualy from the latest master branch source code.

masx200 commented 2 years ago

Why is the new version not released? Was the last released version last year?

budachst commented 2 years ago

Hi. I implemented the TLS option for speedtest-go at #39. Can you tell me a little more about your execution environment? Note that the TLS option has not yet been applied to the released version; If you want to use the TLS feature, you need to build manualy from the latest master branch source code.

Ahh, yes - that may be the cause. I only used the release version, which I deployed on some Linux hosts. I see, that you have released a new version some days ago - I will check that out.

maddie commented 2 years ago

v1.1.5 released 15 days ago, just before @masx200 asked about it.