Dart has issues dealing with servers that offer TLS1.3

[RAYs3T]

Whenever an API request is made to the backend it seems like it is not using SNI (could be related to a Dart setting)

This causes the issue that whenever you host multiple services (domains) on the same webserver and port, that the webserver does not know what certificate it should serve. Since the traffic is encrypted with TLS, the server can not see what the calling domain name is. This leads to the issue that you will not be able to access the API since the clients will get served a wrong certificate and therefore terminate the TLS connection.

10-07 14:51:40.127  9185  9214 E flutter : [ERROR:flutter/lib/ui/ui_dart_state.cc(157)] Unhandled Exception: HandshakeException: Handshake error in client (OS Error:
10-07 14:51:40.127  9185  9214 E flutter :      CERTIFICATE_VERIFY_FAILED: Hostname mismatch(handshake.cc:354))

This breaks the entire API communication.

Update: Seems to be an issue with TLSv1.3

• https://github.com/dart-lang/sdk/issues/41061
• https://github.com/CometTools/LunaSea/issues/171

The default logging output isn't that great. But I'll setup a build environment for the Flutter app in the next days and try to get some more information out of it.

[nicooo7875]

hi, there is indeed a photoprism-mobile issue with TLS 1.3. my photoprism instance is behind cloudflare and when i enforce "minimum TLS version = 1.3", photoprism mobile cannot fetch pictures. if i lower it to 1.2, it's working well.