Open sindastra opened 2 years ago
KitsuneRal
commented
1 year ago Since OpenSSL is necessary to build libQuotient with E2EE support, I guess bundling OpenSSL with Quaternion is the way to go, as much as I hate it (because it means that I'm supposed to refresh that bundle every time OpenSSL gets a CVE fix...)
aaronraimist
commented
1 year ago macOS Ventura (released at the end of October) ships with LibreSSL 3.3.6
My understanding is that should mean TLS 1.3 is supported now (https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.0-relnotes.txt) however I set my homeserver to use only TLS 1.3 and still got the SSL handshake failed error
KitsuneRal
commented
1 year ago Not having macOS I can't check if the problem is still around; but from what I gather, it all boils down to the question of OpenSSL that Qt is built with and also the encryption mechanism chosen by Qt at runtime.
Quaternion used to use the official build of Qt from its FTP server; I think they used OpenSSL 1.1 until Qt 6.4.x (the version used as of this writing). I have no idea if OpenSSL is actually used at runtime though: Qt documentation says that Secure Transport is prioritised on macOS if it's available. Secure Transport, in turn, is considered legacy and Apple discourages its use; and it doesn't support TLS 1.3. I'm not really sure if it's possible to force usage of the OpenSSL backend but one way to check if that actually causes problems is to put away the Secure Transport plugin that comes in the Quaternion bundle and see if that helps matters (provided that the OpenSSL plugin is around, of course).
Description
Using Quaternion on macOS 11, I cannot connect to a home server that uses TLS 1.3 exclusively.
Steps to reproduce
Logs
Additional Info
You probably use the built-in macOS libraries, right? Nowadays, macOS uses LibreSSL, which does not support TLS 1.3! The only remedy, I'm aware of, is to build and bundle OpenSSL with Quaternion.
Version information
0.0.95.1 downloaded from GitHub releases