taiga icon indicating copy to clipboard operation
taiga copied to clipboard

Published 20 hours ago verified publisher icon erengy

HTTP error #35: SSL connect error

Open zond0541 opened this issue 8 years ago • 9 comments

After updating to 1.2.4, I am no longer able to log in to MAL.

I do have BitDefender as in #122, but disabling the Firewall did nothing.

I have also tried a clean install and that did not help the problem.

Log File: http://pastebin.com/jQaeJGE2

EDIT: It seems after restarting my computer, and then temporarily disabling firewall AND antivirus, the problem went away. So, issue closed, sorry if this troubled anyone.

zond0541 avatar Oct 08 '16 15:10 zond0541

I'll keep this issue open, since it's a common problem (previously at #146, #122, #114, #63, #44).

The important bits from the log file:

schannel: SSL/TLS connection with myanimelist.net port 443 (step 1/3)
schannel: checking server certificate revocation
schannel: ALPN, offering http/1.1
schannel: sending initial handshake data: sending 207 bytes...
schannel: sent initial handshake data: sent 207 bytes
schannel: SSL/TLS connection with myanimelist.net port 443 (step 2/3)
schannel: failed to receive handshake, need more data
schannel: SSL/TLS connection with myanimelist.net port 443 (step 2/3)
schannel: encrypted data buffer: offset 2778 length 4096
schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.

From what I understand, this seems to be a sign that HTTPS connections are being intercepted. The culprit may be a security application such as BitDefender, a debugger such as Fiddler, a proxy, or your internet provider.

As a solution, we may try one of the following:

  1. Disable revocation checking for WinSSL by passing CURLSSLOPT_NO_REVOKE to CURLOPT_SSL_OPTIONS. (I'm not sure if it's a good idea to make this the default behavior.)
  2. Switch to an alternative backend, such as OpenSSL. (I imagine that this would complicate How to Compile process and increase the executable size.)

Let's start by making sure that the CURLSSLOPT_NO_REVOKE option works. If you're getting this SSL connect error, please try out the latest build, which has this option enabled.

erengy avatar Oct 09 '16 02:10 erengy

tuetensuppe92 from MAL forums reports the following:

I'm using Microsoft Security Essentials and TinyWall, both of which don't interfere with HTTPS as far as I know. Even disabling the firewall entirely with TinyWall didn't help.

What seems weird to me is that Taiga is able to connect to Nyaa via HTTPS just fine, but not MAL. Maybe it's an issue on their side.

According to previous reports, some people had the same issue with other services (Hummingbird, Twitter).

It seems whitelisting Internet Explorer in TinyWall, visiting https://myanimelist.net once and then blacklisting IE again fixed it for me.

Could it be that MAL somehow unblocked your IP address after a successful handshake with a web browser? I vaguely remember similar behavior from old Incapsula days... That said, it seems more likely to be a local issue, as it was the case with BitDefender users.

I set up a VM (Windows 7, installed Firefox and TinyWall, never let IE connect to the internet, removed IE from TinyWall's whitelist) to test the latest build. When installing the regular build and trying to log into MAL, I get the same error #35, but with the latest build it works!

This confirms that we may use the CURLSSLOPT_NO_REVOKE option as some kind of a solution (perhaps I'll add it as an advanced setting).

erengy avatar Oct 10 '16 00:10 erengy

Latest build fixed that error for me.

DenisVasiliev avatar Oct 10 '16 09:10 DenisVasiliev

Same here, error is gone with latest build.

pixelPROPER avatar Oct 11 '16 23:10 pixelPROPER

If you're getting this error in v1.2.5 or later, go to SettingsAdvanced and set Application / Disable certificate revocation checks to true.

erengy avatar Nov 10 '16 23:11 erengy

I started getting this error for AniList about a week ago - it fixed itself for a day, and then started occurring again. The log contains the following over and over: 2019-03-27 00:44:19 [Error] http.cpp:94 taiga::HttpClient::OnError | >> HTTP error #35: SSL connect error Connection mode: 1 with variations of Connection mode: 1 and Connection mode: 10.

I've tried using the latest build and disabling certificate revocation checks, but neither seem to make a difference even in conjunction. Interestingly enough, it works fine with Kitsu, just not with AniList.

ghost avatar Mar 27 '19 04:03 ghost

Here's the relevant portion of the debug log: Taiga.log

ghost avatar Apr 14 '19 05:04 ghost

The error turned out to be an outdated local copy of OpenSSL, so disregard my issue.

ghost avatar Apr 14 '19 22:04 ghost

HTTP error #35: SSL connect error and SL peer certificate or SSH remote key was not OK (60) Had this issue when trying to download torrent from taiga, even after changing the disable revocation check to true. Using either VPN or something like GoodByeDPI fixes it.

delabeca49 avatar Dec 14 '21 12:12 delabeca49