serenity
serenity copied to clipboard
LibTLS: support strong ECDSA-based TLS 1.2 cipher suites
Currently, the following websites fail to load in LibWeb due to a lack of supported cipher suites:
- https://seirdy.one/ (my site)
- https://grapheneos.org/
- https://hexavalent.org/
My site supports the following TLSv1.2 cipher suites:
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 [ECDH: X25519 (253 bits)]
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [ECDH: secp521r1 (521 bits)]
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [ECDH: secp521r1 (521 bits)]
This cipher suite selection is fairly common, since it's the strongest set of ECDSA-based TLS 1.2 cipher suites.
Here's the log of my attempt to connect to seirdy.one in the browser. It looks more or less the same for the other two websites I listed.
19.617 WebContent(41:41): ResourceLoader: Starting load of: "https://seirdy.one/"
19.702 RequestServer(43:43): We were alerted of a critical error: 40 (HandshakeFailure)
19.706 RequestServer(43:43): Possible failure cause(s):
19.706 RequestServer(43:43): - No cipher suite in common with seirdy.one
19.706 [#0 NetworkTask(7:7)]: handle_tcp: unexpected flags in CloseWait state (10)
19.710 RequestServer(43:43): Consumed an error: -1
19.710 RequestServer(43:43): consume error: -1
19.710 RequestServer(43:43): Possible failure cause(s):
19.710 RequestServer(43:43): - No one knows.
19.710 RequestServer(43:43): ConnectionCache: Connection to https://seirdy.one/ failed: HandshakeFailure
19.717 RequestServer(43:43): Request with a null socket finished for URL https://seirdy.one/
19.728 WebContent(41:41): ResourceLoader: Starting load of: "https://seirdy.one/favicon.ico"
19.747 RequestServer(43:43): We were alerted of a critical error: 40 (HandshakeFailure)
19.758 RequestServer(43:43): Possible failure cause(s):
19.762 RequestServer(43:43): - No cipher suite in common with seirdy.one
19.762 RequestServer(43:43): Consumed an error: -1
19.766 RequestServer(43:43): consume error: -1
19.766 RequestServer(43:43): Possible failure cause(s):
19.766 RequestServer(43:43): - No one knows.
19.769 RequestServer(43:43): ConnectionCache: Connection to https://seirdy.one/favicon.ico failed: HandshakeFailure
19.769 RequestServer(43:43): Request with a null socket finished for URL https://seirdy.one/favicon.ico
19.773 [#0 NetworkTask(7:7)]: handle_tcp: unexpected flags in Closed state (10)
19.773 WebContent(41:41): ResourceLoader: Failed load of: "https://seirdy.one/", Error: Load failed, Duration: 156ms
19.779 WebContent(41:41): ResourceLoader: Starting load of: "file:///res/html/error.html"
19.780 WebContent(41:41): ResourceLoader: Finished load of: "file:///res/html/error.html", Duration: 1ms
19.788 WebContent(41:41): ResourceLoader: Starting load of: "file:///res/icons/32x32/msgbox-warning.png"
19.788 WebContent(41:41): ResourceLoader: Finished load of: "file:///res/icons/32x32/msgbox-warning.png", Duration: 0ms
19.795 WebContent(41:41): ResourceLoader: Failed load of: "https://seirdy.one/favicon.ico", Error: Load failed, Duration: 66ms
Work was started on it here, but went stale and was auto-closed: https://github.com/SerenityOS/serenity/pull/13163 I tested it locally and it still works, except that it's missing ECDSA certificate handling since we merged in certificate verification after that PR was opened.
Since #21212 was merged all of the websites above do load now. So I think we can close this issue?
Confirmed fixed, except that hexavalent.org
gives a DNS resolution error. even on linux from my location.
Confirmed fixed, except that
hexavalent.org
gives a DNS resolution error. even on linux from my location.
Yeah, the site is gone. The project wound down.