validator icon indicating copy to clipboard operation
validator copied to clipboard

Published 20 hours ago verified publisher icon validator

IO Error: handshake_failure

Open egberts opened this issue 4 years ago • 5 comments
trafficstars

URL being validated or code to reproduce error:


IO Error: Received fatal alert: handshake_failure

on https://egbert.net/

was experimenting custom (and more secured) TLS 1.3 settings for a web server.

egberts avatar May 17 '21 08:05 egberts

Thanks for raising this. Running the checker web-based service locally, I can’t reproduce this — which indicates there’s no problem in the checker sources.

So I’m guessing you ran into this problem while using https://validator.w3.org/nu/.

The scope of the issue tracker for this repo is limited to issues with the checker itself, and not with particular deployments of it at https://validator.w3.org/nu/ or anywhere else.

As far as the deployment at https://validator.w3.org/nu/, I don’t really have the means to troubleshoot the environment there myself to try to identify the cause. So I’ll consult with the W3C systems team about it (but I don’t anticipate getting a quick resolution).

sideshowbarker avatar May 19 '21 04:05 sideshowbarker

Basically, it's a hard coded TLS cipher list and reordered against the default's grain. Corner case of stretching the validator's HTTP server.

egberts avatar May 31 '21 22:05 egberts

There’s something I’m planning to try as a possible fix for this — but just haven’t managed to make time to try it out yet. Whenever I finally do manage to get around to it, I’ll post an update here.

sideshowbarker avatar Jun 01 '21 07:06 sideshowbarker

I’m getting a DNS failure when trying https://egbert.net/ now

I recently made an update to the checker environment for https://validator.w3.org/nu/, an think it’s possible the change may fix the problem you had reported here.

I remain curious whether my change fixed the problem or not — so it’d be great to hear back from you if/when you have time to respond here.

sideshowbarker avatar Aug 08 '21 08:08 sideshowbarker

I remain curious whether my change fixed the problem or not — so it’d be great to hear back from you if/when you have time to respond here.

It's back. Was hit by a Monero BPP mining app. Despite OSSEC, AIDE And Tripwire while NoJavaScript, noPHP/noCGI, I still have no clue to its vector of intrusion. Me think it's my VPS provider's login account (conveniently inserted upon installation). Deleted that user.

Just tried that validator site: "IO Error: Received fatal alert: handshake_failure"

https://validator.w3.org/nu/?showsource=yes&showoutline=yes&showimagereport=yes&doc=https%3A%2F%2Fegbert.net

Running lighttpd/1.4.59-devel-lighttpd-1.4.58-59-g471ab4dd (ssl) With OpenSSL 1.1.1k1

Built with gcc8 from https://www.lighttpd.net/2021/2/2/1.4.59/

egberts avatar Sep 24 '21 00:09 egberts