xidel icon indicating copy to clipboard operation
xidel copied to clipboard
verified publisher icon benibela

HTTPS connection failed

Open Baltazar500 opened this issue 9 months ago • 2 comments

On win (x64) xidel (20250222.git3e7e88a6230719de8bb1c6d5cedaf615f5a86bdb) I get the error "Internet Error: -3 HTTPS connection failed: Failed to create connection." on fastpic.org

xidel -se "//title" "https://fastpic.org"
Error:
Internet Error: -3 HTTPS connection failed: Failed to create connection.
when talking to: https://fastpic.org/

Via win32 OpenSSL build everything works without problems :/ Windows 7 x64 SP1

Through the modified Proxomitton, xidel requests are passing. Requests TLSV1/TLSV1.2

+++SSL:GET 3+++
SSL cipher TLSv1 AES128-SHA (128 bits)
GET / HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml,text/*,*/*
Host: fastpic.org
Cache-Control: no-cache
Connection: keep-alive
Browser reload detected...

+++SSL:RESP 3+++
SSL cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
HTTP/1.1 200 OK
Server: nginx/1.22.0 (Ubuntu)
Date: Sat, 05 Apr 2025 16:24:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection stored: 3
+++CLOSE 3+++
Client Connection Reused: 1
Client closed: total 0
Connection Time-Out: 3
Client opened: total 1

Baltazar500 avatar Apr 09 '25 08:04 Baltazar500

Maybe you have to activate modern HTTPS first

It is a global windows setting.

You can go to the options in the Internet Explorer (IE / tools / Internet Options , or something), enable TLS 1.2 and disable SSL.

Or there are options in the registry:

For TLS 1.1

Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
DWORD name: DisabledByDefault
DWORD value: 0


For TLS 1.2
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
DWORD name: DisabledByDefault
DWORD value: 0

benibela avatar Apr 09 '25 20:04 benibela

Can't reproduce on Win11. I've got a hunch outdated root certificates are actually your problem:

  • https://woshub.com/updating-trusted-root-certificates-in-windows-10/#h2_6
  • https://superuser.com/questions/783685/windows-7-64-bit-ssl-untrusted-certificate-error-when-visiting-any-ssl-website
  • https://superuser.com/questions/493898/windows-7-root-certificate-updates
  • https://superuser.com/questions/647036/view-install-certificates-for-local-machine-store-on-windows-7
  • https://legacyupdate.net/

Reino17 avatar Apr 09 '25 21:04 Reino17