Public bug reported:
[2022-02-17 08:50] <eMTee> I am getting TLS error accessing sf.io/version.xml
and geoip files hosted there with DC++'s httpconnection. Do any of you? Web
browsers seem to work well.
[2022-02-17 09:33] <iceman50> i get a tls error as well
[2022-02-17 10:22] <eMTee> Well, most of the old DC++ versions don't work
anymore due to https/TLS 1.2+ requirement of sf but this is unexpected. If it
isn't a bug at sf's side then we're in trouble.
...
[2022-02-18 12:42] <eMTee> For
dcdebug("TLS error: call ret = %d, SSL_get_error = %d, ERR_get_error = %d\n,
ERR_error_string = %s", ret, err, sys_err, _error.c_str());
I get
TLS error: call ret = -1, SSL_get_error = 1, ERR_get_error = 336151568,
ERR_error_string = error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure
when connecting to sf.io
[2022-02-18 12:42] <eMTee> This is actually SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE
in the OpenSSL defines list.
...
[2022-02-18 15:53] <eMTee> Well, SF is behind cloudflare so I thought it worth
checking another cloudflare protected server. E.g. https://dcbase.org/ gives
the same error. Wtf?
[2022-02-18 19:15:10] <iceman50>
https://stackoverflow.com/questions/36370656/solving-sslv3-alert-handshake-failure-when-trying-to-use-a-client-certificate
[2022-02-19 08:36] <eMTee> Yeah, I've seen that but wasn't sure how is it
related to this problem. But yeah it can also be a certificate issue.
[2022-02-19 08:40] <eMTee> It must be some server configuration change, which
happened along with a server sofware update or indeed new certs.
[2022-02-19 15:39] <eMTee> It doesn't seem to be cloudflare related, either. I
tried ~50 random domains, mix of web pages I frequently visit and the most
known big tech, social and global media, streaming and IT manufacturer
companies' homepages even ovh.com itself. Found 6 more stes that give the same
error with DC++ but nothing much common in between them...
[2022-02-19 15:41] <eMTee> Sites I found not working with DC++ are: dcbase.org,
www.espn.com, www.shutterstock.com, forums.mydigitallife.net, www.wsj.com,
formula1.com and acer.com .
[2022-02-19 15:48] <eMTee> Whatever is this we possibly lost the upgrade nag
feature of DC++ for all the recently released versions as well which will cause
substantially less usage of any future releases for a longer period of time.
...
[2022-02-23 16:41:53] <eMTee> Checked AirDC++ with downloading
sf.io/version.xml, it seems to work fine in it. So again, wtf.
...
[2022-03-01 16:15:32] <eMTee>
https://sourceforge.net/p/forge/site-support/23234/ shows a similar
problem/error message to our issue. At least some more bits of information/log
like how 'sslv3 alert handshake failure' can happen and also "What changed is
now we are forwarding the sourceforge.io traffic through cloudflare."
...
[2022-03-17 15:14:56] <eMTee> Okay, so I started investigating myself the SSL
issue. I started checking what AirDC++ has committed regarding crypto recently
(https://github.com/airdcpp/airdcpp-windows/commits/master/airdcpp/airdcpp/CryptoManager.cpp
) and I think I found our problem. It is actually a standout in the commit
list :
https://github.com/airdcpp/airdcpp-windows/commit/5e4a58982efa3b1d0086a04601cff5fe027f6c26
- [2022-03-17 15:16:55] <eMTee> The openssl issue linked inside the committed
code ( https://github.com/openssl/openssl/issues/7147 ) is perfectly fitting to
the phenomenon what we see in DC++.
** Affects: dcplusplus
Importance: High
Status: Confirmed
** Tags: https sslsocket tls
--
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1965620
Title:
Secure HTTP connection stopped working for certain servers, including
sourceforge.io
Status in DC++:
Confirmed
Bug description:
[2022-02-17 08:50] <eMTee> I am getting TLS error accessing sf.io/version.xml
and geoip files hosted there with DC++'s httpconnection. Do any of you? Web
browsers seem to work well.
[2022-02-17 09:33] <iceman50> i get a tls error as well
[2022-02-17 10:22] <eMTee> Well, most of the old DC++ versions don't work
anymore due to https/TLS 1.2+ requirement of sf but this is unexpected. If it
isn't a bug at sf's side then we're in trouble.
...
[2022-02-18 12:42] <eMTee> For
dcdebug("TLS error: call ret = %d, SSL_get_error = %d, ERR_get_error = %d\n,
ERR_error_string = %s", ret, err, sys_err, _error.c_str());
I get
TLS error: call ret = -1, SSL_get_error = 1, ERR_get_error = 336151568,
ERR_error_string = error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure
when connecting to sf.io
[2022-02-18 12:42] <eMTee> This is actually
SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE in the OpenSSL defines list.
...
[2022-02-18 15:53] <eMTee> Well, SF is behind cloudflare so I thought it
worth checking another cloudflare protected server. E.g. https://dcbase.org/
gives the same error. Wtf?
[2022-02-18 19:15:10] <iceman50>
https://stackoverflow.com/questions/36370656/solving-sslv3-alert-handshake-failure-when-trying-to-use-a-client-certificate
[2022-02-19 08:36] <eMTee> Yeah, I've seen that but wasn't sure how is it
related to this problem. But yeah it can also be a certificate issue.
[2022-02-19 08:40] <eMTee> It must be some server configuration change, which
happened along with a server sofware update or indeed new certs.
[2022-02-19 15:39] <eMTee> It doesn't seem to be cloudflare related, either.
I tried ~50 random domains, mix of web pages I frequently visit and the most
known big tech, social and global media, streaming and IT manufacturer
companies' homepages even ovh.com itself. Found 6 more stes that give the same
error with DC++ but nothing much common in between them...
[2022-02-19 15:41] <eMTee> Sites I found not working with DC++ are:
dcbase.org, www.espn.com, www.shutterstock.com, forums.mydigitallife.net,
www.wsj.com, formula1.com and acer.com .
[2022-02-19 15:48] <eMTee> Whatever is this we possibly lost the upgrade nag
feature of DC++ for all the recently released versions as well which will cause
substantially less usage of any future releases for a longer period of time.
...
[2022-02-23 16:41:53] <eMTee> Checked AirDC++ with downloading
sf.io/version.xml, it seems to work fine in it. So again, wtf.
...
[2022-03-01 16:15:32] <eMTee>
https://sourceforge.net/p/forge/site-support/23234/ shows a similar
problem/error message to our issue. At least some more bits of information/log
like how 'sslv3 alert handshake failure' can happen and also "What changed is
now we are forwarding the sourceforge.io traffic through cloudflare."
...
[2022-03-17 15:14:56] <eMTee> Okay, so I started investigating myself the SSL
issue. I started checking what AirDC++ has committed regarding crypto recently
(https://github.com/airdcpp/airdcpp-windows/commits/master/airdcpp/airdcpp/CryptoManager.cpp
) and I think I found our problem. It is actually a standout in the commit
list :
https://github.com/airdcpp/airdcpp-windows/commit/5e4a58982efa3b1d0086a04601cff5fe027f6c26
- [2022-03-17 15:16:55] <eMTee> The openssl issue linked inside the committed
code ( https://github.com/openssl/openssl/issues/7147 ) is perfectly fitting to
the phenomenon what we see in DC++.
To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1965620/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~linuxdcpp-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~linuxdcpp-team
More help : https://help.launchpad.net/ListHelp
