OnionBrowser
Can’t access some SSL sites
When I try to access some SSL sites, I don't have issues. Others cause a NSURLErrorDomain -1200 response, for example https://docs.securedrop.org/en/stable/source.html is one. I included a screenshot. It doesn't seem to matter which TLS version I use, I still receive the error. No idea if this is normal/expected behavior.
Uh-oh. In another browser, I see, the cert is from Cloudflare, so their hosted behind Cloudflare's firewall / reverse proxy / CDN services.
I actually can't reproduce the problem, so that probably means, it's a configuration issue with one/some of Cloudflare's servers in some regions or a configuration issue between Cloudflare and SecureDrop.
Sorry, I'm afraid we actually can't do anything immediately in this case.
The only option I currently see is to offer a feature to ignore that error, but that would mean we would open you up to potential man-in-the-middle attacks.
I'm unsure, if that's a wise thing to do. We probably would need some UX work, to make sure users fully grasp what they're getting themselves into.
What's your opinion on this, @mtigas, @n8fr8, @m4mb01t4l14n0?
@aspenmayer We have long-term no-solution problems with Cloudflare as @tladesignz indicates. Can you perhaps provide us with a few more example sites where you experience this issue? If they turn out to be Cloudflare-hosted as well, then I'm afraid @tladesignz is right - not much we can do. If not, perhaps we have to look at this more deeply.
@aspenmayer We have long-term no-solution problems with Cloudflare as @tladesignz indicates. Can you perhaps provide us with a few more example sites where you experience this issue? If they turn out to be Cloudflare-hosted as well, then I'm afraid @tladesignz is right - not much we can do. If not, perhaps we have to look at this more deeply.
Yeah, I'll test this more and report back.
The following sites do not work with the same error as above:
Axios.com sent me to Cloudflare, which would not fully load hCaptcha unless I dropped from Level 1/Gold to Level 3/Bronze; when on Level 3, hCaptcha loaded and I was able to perform it, and I was redirected to Axios with some URL decorations on the end. I was able to return to Level 1 at this point and the site would reload successfully, but if I tried to browse in same tab to the base Axios domain, I was kicked back to Cloudflare hCaptcha.
The Axios URL, if relevant:
Sites I tried that did work:
https://www.washingtonpost.com
https://www.tumblr.com, but https://tumblr.com failed with same error as above, seemingly without being able to connect or perhaps unable to redirect me to the www version, which may be related to the issue?
To ensure I had correct/accurate links as far as whether the domain took the www prefix and to determine whether referrer had any impact, these were all tested by searching for the site on DuckDuckGo and clicking through to the sites above.
If you can think of any other sites for me to test I will happily do so.
Ok, besides Axios, none of these have a TLS cert from Cloudflare, but that doesn't mean, they aren't behind a Cloudflare proxy / CDN. They could still be.
With all of these sites, I have zero TLS problems. I typically get German or US-based exit nodes.
I'm at a loss here. When I can't even reproduce the issue, I only can do shotgun debugging. (see my first post.) Will need to talk about this at our next meeting.
The following sites do not work with the same error as above:
Axios.com sent me to Cloudflare, which would not fully load hCaptcha unless I dropped from Level 1/Gold to Level 3/Bronze; when on Level 3, hCaptcha loaded and I was able to perform it, and I was redirected to Axios with some URL decorations on the end. I was able to return to Level 1 at this point and the site would reload successfully, but if I tried to browse in same tab to the base Axios domain, I was kicked back to Cloudflare hCaptcha.
The Axios URL, if relevant:
Sites I tried that did work:
https://www.washingtonpost.com
https://www.tumblr.com, but https://tumblr.com failed with same error as above, seemingly without being able to connect or perhaps unable to redirect me to the www version, which may be related to the issue?
To ensure I had correct/accurate links as far as whether the domain took the www prefix and to determine whether referrer had any impact, these were all tested by searching for the site on DuckDuckGo and clicking through to the sites above.
If you can think of any other sites for me to test I will happily do so.
Same issue here but reddit.com
Hm. I could never reproduce the problem. No new information. Seems like a hickup todo with specific exit nodes or the like. Please reopen, if there's new information.