search

matrix-org / matrix.to

A simple stateless privacy-protecting URL redirecting service for Matrix
http://matrix.to
Apache License 2.0
886 stars 189 forks source link

SSL Error #296

Closed elibroftw closed 1 year ago

elibroftw commented 1 year ago

https://matrix.to/ https://matrix.to/#/#ethxmrswap:matrix.org

Invite links are SSLed too

Firefox desktop, firefox mobile, chrome mobile

See https://github.com/matrix-org/matrix.org/issues/1576

t3chguy commented 1 year ago

Please share the actual error you are seeing.

elibroftw commented 1 year ago

My bad

Screenshot_20221128-082535__01.jpg

This is what happens when a user clicks a matrix invite link without matrix installed. Yesterday the link didn't even open in matrix but today it finally let's me open in the app. That's besides the point because this is an invite link so it should not break on phones without matrix installed.

t3chguy commented 1 year ago

Works fine on my phone, seems like it is something specific to your device and/or network.

image

elibroftw commented 1 year ago

I'm using Firefox not Chrome

elibroftw commented 1 year ago

even on Edge mobile it fails

elibroftw commented 1 year ago

Even on Edge desktop it fails

elibroftw commented 1 year ago

image

t3chguy commented 1 year ago

It is blocked on your network by Plume, as per your last screenshot. I suggest unblocking it. https://support.plume.com/hc/en-gb/articles/360009803373-How-do-I-approve-unblock-a-website-#:~:text=From%20the%20Home%20page%2C%20tap,enter%20the%20server%20IP%20address.

elibroftw commented 1 year ago

According to https://www.thesslstore.com/blog/ssl_error_rx_record_too_long/,

  • You’ve got the listening port misconfigured – If you want your website to establish secure connections you must configure it to use Port 443.
  • You don’t support an adequate TLS version – This problem arose ten years ago with the advent of TLS 1.2 and is appearing again with TLS 1.3.
elibroftw commented 1 year ago

I don't have plume

elibroftw commented 1 year ago

Seems like it works with VPN so I'll check again Thanks.

t3chguy commented 1 year ago

I don't have plume

Then where would that graphic in your latest screenshot come from?

You’ve got the listening port misconfigured – If you want your website to establish secure connections you must configure it to use Port 443.

It is. https:// default to 443, if there's no :port section then it will use 443.

You don’t support an adequate TLS version – This problem arose ten years ago with the advent of TLS 1.2 and is appearing again with TLS 1.3.

It is using TLS 1.3.


t3chguy@Michael-t3chguy-MBP ~> curl https://matrix.to:443 -vv
*   Trying 2606:4700:3033::6815:32cd:443...
* Connected to matrix.to (2606:4700:3033::6815:32cd) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ```
elibroftw commented 1 year ago

I'm wondering this too, no one in my family knows about Plume. I'll get to the bottom of it.