search

ptpb / pb

pb is a formerly-lightweight pastebin and url shortener
Other
553 stars 52 forks source link

TLS 1.0 Not available on upstream https://ptpb.pw? #154

Closed phora closed 8 years ago

phora commented 8 years ago

Just tested with https://www.ssllabs.com/ssltest/analyze.html?d=ptpb.pw&s=104.130.253.219

It says that TLS 1.0 isn't available, but TLS 1.2 is. This wasn't a problem I caught when developing the API updates for AndroPTPB against my Lollipop Android VM.

But on some Android versions (like my LG Volt), it's causing https://github.com/phora/AndroPTPB to give the following error that prevents creating pastes with specifically this:

javax.net.ssl.SSLException: SSL handshake aborted: ssl=0x617f6b70: I/O error during system call, Connection reset by peer
buhman commented 8 years ago

It says that TLS 1.0 isn't available, but TLS 1.2 is

Correct. This configuration is deliberate. At one point, ptpb.pw had an A+ on ssllabs, but the requirements for this become increasingly strict--I think the 2048-bit intermediate keypairs are what's causing the low key exchange score.

But on some Android versions

I am aware of this--ssllabs suggest you need at least Android 4.4, which seems reasonably old by now.

phora commented 8 years ago

That's the thing - the LG Volt is running at least 4.4.2

See attachment.

Sent with K-@ Mail - the evolution of emailing.

buhman commented 8 years ago

Heh, I don't think github supports email attachments.

buhman commented 8 years ago

I realized Nginx now supports http/2, and due the cipher suite blacklist coincidentally including the cipher suites I previously used for NSS compatibility, I also enabled a few ECDHE-*-AES128-* cipher suites to both enable HTTP/2 and simultaneously keep compatibility with Firefox 42/NSS. This may or may not coincidentally fix your android 4.4 issue.

phora commented 8 years ago

Enabled those as in just recently?

Also, here's screen since it wasn't attached.

https://lut.im/UyF5maeVqq/Ra2rVzaFFFRswFeH

On Jan 26, 2016, Zack Buhman notifications@github.com wrote:

I realized Nginx now supports http/2, and due to 1 I enabled a few ECDHE--AES128- cipher suites to both enable HTTP/2 and simultaneously keep compatibility with Firefox 42/NSS. This may or may not coincidentally fix your android 4.4 issue.

Reply to this email directly or view it on GitHub: https://github.com/ptpb/pb/issues/154#issuecomment-175373711

Sent with K-@ Mail - the evolution of emailing.

buhman commented 8 years ago

Enabled those as in just recently?

As in 2 hours ago.

phora commented 8 years ago

@buhman : Woke up today. Still getting the same error under the LG Volt.

buhman commented 8 years ago

Welp, that's a shame.