Interesting.. Using openssl/s_client looks like AES256.. ¿where did you get Camellia 256?. Maybe they use som kind of loadbalancer and some of their real servers are misconfigured?
$ openssl.exe s_client -connect disqus.com:443 CONNECTED(00000003) [...] --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 29930C5A0E13DDB7507A0584F9B70BCC3C93A8193355CF2565FD044A10FA50F4 Session-ID-ctx: Master-Key: 1546D5A8E418DC50FF08C096C96A13537B043E41A350A352C7FC5A62B5E78349D1DA7F95E864982F7D537350C696728E Key-Arg : None Start Time: 1369679851 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) On Mon, May 27, 2013 at 5:10 PM, Joe Dluzen <jdlu...@gmail.com> wrote: > It appears that Disqus is using Camellia 256 CBC. I don't think Mono has a > managed implementation of it, I did a quick search through the Github repo. > > Message: 3 >> Date: Mon, 27 May 2013 23:39:56 +1000 >> From: Daniel Lo Nigro <li...@dan.cx> >> To: Alberto Le?n <leontis...@gmail.com> >> Cc: "mono-list@lists.ximian.com" <Mono-list@lists.ximian.com> >> Subject: Re: [Mono-list] SSL/TLS issue with Disqus.com >> Message-ID: >> < >> cab1r_+vcugcbp9ggrxtft8byugmo-olrbeduxsjoe+xjafq...@mail.gmail.com> >> Content-Type: text/plain; charset="iso-8859-1" >> >> >> I have other apps connecting via HTTPS fine (including the Twitter API, I >> believe). I'm only having issues with Disqus. >> >> >> On Mon, May 27, 2013 at 11:37 PM, Alberto Le?n <leontis...@gmail.com> >> wrote: >> >> > I find similar problem in Mono 3.0.4 in OpenSuse each time I used >> > LinqToTwitter or any library that connects with https >> > >> > But in Debian with Mono 3.0.3 I never found this problem. >> > >> > I suppose is at configuration level, but I don't have idea what is >> > necesary to change >> > >> > >> > 2013/5/27 Daniel Lo Nigro <li...@dan.cx> >> > >> >> Hi, >> >> >> >> My code is trying to connect to the Disqus API (https://disqus.com/), >> >> but I have started getting an "Invalid certificate received from >> server" >> >> error. I've tried running mozcerts --sync to load the latest Mozilla >> >> root CAs, and connecting to other SSL/TLS works fine. I am using Mono >> >> 3.0.7, but I encounter the same issue on Mono 3.0.10. Strangely, >> running >> >> tlstest doesn't output anything apart from the URL: >> >> >> >> 23:21 daniel@dan /tmp >> >> % mono tlstest.exe https://disqus.com/ >> >> >> >> https://disqus.com/ >> >> >> >> But it works fine for other servers: >> >> 23:22 daniel@dan /tmp >> >> % mono tlstest.exe https://google.com/ >> >> >> >> https://google.com/ >> >> [Subject] >> >> CN=*.google.com, O=Google Inc, L=Mountain View, S=California, C=US >> >> ...etc... >> >> >> >> Below is the exception I'm getting: >> >> System.Net.WebException: Error getting response stream (Write: The >> >> authentication or decryption has failed.): SendFailure >> >> ---> System.IO.IOException: The authentication or decryption has >> failed. >> >> ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate >> >> received from server. Error code: 0xffffffff800b010a >> >> at >> >> >> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates >> >> (Mono.Security.X509.X509CertificateCollection certificates) [0x0009b] >> in >> >> >> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:218 >> >> at >> >> >> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 >> >> () [0x00054] in >> >> >> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:105 >> >> at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () >> >> [0x00037] in >> >> >> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake/HandshakeMessage.cs:105 >> >> at (wrapper remoting-invoke-with-check) >> >> Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process () >> >> at >> >> Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage >> >> (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00039] in >> >> >> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs:81 >> >> at >> >> Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback >> >> (IAsyncResult asyncResult) [0x00123] in >> >> >> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:397 >> >> --- End of inner exception stack trace --- >> >> at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback >> >> (IAsyncResult asyncResult) [0x0002a] in >> >> >> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:100 >> >> --- End of inner exception stack trace --- >> >> at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult >> asyncResult) >> >> [0x00065] in >> >> >> /usr/local/src/mono-3.0.7/mcs/class/System/System.Net/HttpWebRequest.cs:926 >> >> at System.Net.HttpWebRequest.GetResponse () [0x0000e] in >> >> >> /usr/local/src/mono-3.0.7/mcs/class/System/System.Net/HttpWebRequest.cs:932 >> >> at ServiceStack.Text.WebRequestExtensions.GetStringFromUrl >> >> (System.String url, System.String acceptContentType, System.Action`1 >> >> responseFilter) [0x00000] in <filename unknown>:0 >> >> at ServiceStack.Text.WebRequestExtensions.GetJsonFromUrl >> (System.String >> >> url, System.Action`1 responseFilter) [0x00000] in <filename unknown>:0 >> >> at Daniel15.BusinessLayer.Services.DisqusComments.Sync () [0x0001e] >> in >> >> c:\Users\Daniel\Documents\Visual Studio >> >> >> 2010\Projects\dan.cx_dotnet\Daniel15.BusinessLayer\Services\DisqusComments.cs:58 >> >> at Daniel15.Cron.CronRunner.Run (System.String operation) [0x00021] >> in >> >> c:\Users\Daniel\Documents\Visual Studio >> >> 2010\Projects\dan.cx_dotnet\Daniel15.Cron\CronRunner.cs:24 >> >> at Daniel15.Cron.CronRunner.Main (System.String[] args) [0x00000] in >> >> c:\Users\Daniel\Documents\Visual Studio >> >> 2010\Projects\dan.cx_dotnet\Daniel15.Cron\CronRunner.cs:11 >> >> >> >> Any ideas? >> > -- >> > https://twitter.com/AlbertCSharpMan >> > http://stackoverflow.com/users/690958/alberto-leon >> > > _______________________________________________ > Mono-list maillist - Mono-list@lists.ximian.com > http://lists.ximian.com/mailman/listinfo/mono-list > >
_______________________________________________ Mono-list maillist - Mono-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-list