Closed derek-storj closed 10 months ago
is this still an issue? @ferristocrat do you know what's the priority of this one?
I just rechecked with Archiware P5 on Synology. Got "Generic S3: ssl connect failed: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error, so still an issue. (BTW https://www.archiware.com/request-a-trial-key)
For context on Synology they're the only GUI'ed 3rd party generic S3-compliant backup tool in the Synology Package system. Synology's built in tool is criticized as slow so I hoped this would work for us. Seems to be an issue across platforms (previously tested on a Mac, I think).
I verified to myself that we require SNI, and that failing to provide SNI results in a TLS internal error (80) alert:
% openssl s_client -connect gateway.storjshare.io:443 CONNECTED(00000005) 8602607104:error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error:/AppleInternal/Library/BuildRoots/c2cb9645-dafc-11ed-aa26-6ec1e3b3f7b3/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/ssl/tls13_lib.c:129:SSL alert number 80
vs
% openssl s_client -connect gateway.storjshare.io:443 -tls1_2 -servername gateway.storjshare.io CONNECTED(00000005) depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1...
Using Wireshark I can see that Archiware P5 sends a TLSv1.2 Client Hello and immediately receives a TLSv1.2 Alert Internal Error (80), rather than the expected Server Hello The Client Hello does not send the "server_name" SNI extensions information packet.
Is the solution to relax the SNI requirement or update Archiware/Synology client-side request to include?
Archiware implemented SNI recently
Archiware (https://www.archiware.com/products/p5-archive) is a backup software that allows its end-users to configure cloud service providers to be a backup target. They provide a "Generic S3" option that when tested at IBC in 2022, it worked with Storj. But since retesting on March 1st, 2023, the connectivity test to Storj fails.
Expected Behavior
The end-user within Archiware P5 Archive is able to test the S3 connectivity to a Storj bucket through gateway.storjshare.io
Current Behavior
During the "Test Connection" step of configuring a cloud service provider backup target, an error is encountered:
ssl connect failed: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
Email from Archiware developer:
Possible Solution
The timing of Archiware functionality no longer working appears to be around when we implemented self-signed certificate support (purely speculation from me, Derek Raebel)
Steps to Reproduce
Steps can be seen in a thread within the #solutions-engineering channel
Context (Environment)
Archiware is a potential alliance partner in the backup/archive market
Detailed Description
Unknown what the solution would entail
Possible Implementation
Unknown