Active Topics

 



Notices


Reply
Thread Tools
Posts: 2 | Thanked: 5 times | Joined on Sep 2018
#11
What would be the required steps for fixing the TLS1.2 issue?
 

The Following User Says Thank You to sdx23 For This Useful Post:
Posts: 29 | Thanked: 74 times | Joined on Feb 2012 @ Greater Chicagoland area
#12
Before switching from N9 to Sailfish X, I was having the same problems you describe. I was able to resolve this for some of the main sites I visited.

I figured the problem may be that since Nokia isn't providing updates to the N9, perhaps it's not getting updated root certificates and that is causing a problem. So did a search one day for intermediate certificates on a PC, downloaded them to the PC. I then hooked my N9 up to the PC and copied over the files.

Next, on the N9 I went to Settings>Security>Certificates. Then in the hamburger menu at the bottom right, I selected "Add new certificate".

Once I imported the correct intermediate certificate, I tried the website. Like I said, for some it resolved the issue.

I can successfully open openrepos.net on my N9. I tried seeing what SSL intermediate would be used to solve openrepos.net and I can't figure it out now.

I know I imported four of the Comodo ones, I think a handful of GeoTrust ones, and GoDaddy's Root CA.

I am sorry this isn't more specific as it has been quite a while since I did this. But I hope perhaps it sparks an idea to get you up and running.

If you want more help, perhaps tell me a site that isn't working for you. I'll see if it's not working on my N9, then see if I can get it to work and keep track of exactly what I download from which site so you can replicate the successful procedure.

EDIT: Ah, I reread the thread and see Twitch listed as a non-working site. That does not open on my N9, either. I am trying with that site now.

Last edited by RasLikesN9; 2018-09-11 at 12:47.
 

The Following 4 Users Say Thank You to RasLikesN9 For This Useful Post:
Posts: 29 | Thanked: 74 times | Joined on Feb 2012 @ Greater Chicagoland area
#13
Well, I could not get Twitch to work. In Opera the error is: "Handshake failed because the server does not want to accept the enabled SSL/TLS protocol versions."

So the current SSL Intermediates doesn't resolve this one. Sorry.
 

The Following 3 Users Say Thank You to RasLikesN9 For This Useful Post:
Posts: 29 | Thanked: 74 times | Joined on Feb 2012 @ Greater Chicagoland area
#14
Update: I have made some progress. In Opera Mini, I went to about:config > Security prefs and then enabled, TLS 1.1 and TLS 1.2 and disabled SSL 3. I saved, restarted and now Twitch loads and successfully redirects to m.twitch.tv for the mobile version.
 

The Following 3 Users Say Thank You to RasLikesN9 For This Useful Post:
Posts: 29 | Thanked: 74 times | Joined on Feb 2012 @ Greater Chicagoland area
#15
OH!!!! I got this to work and failed to post the steps I took to download the intermediates and install them.

On my PC, I opened Firefox and went to Twitch.tv. I clicked on the green lock icon to the left of the URL which opens a new window showing that Twitch is a secure connection. There is a ">" on the right of that info and I clicked on that.

The window's contents change and it shows that Twitch's SSL certificate is verified by GlobalSign nv-sa.

I then clicked on "More Information" at the bottom of the window to see the gory details. In the new window that pops up, I went to the Details tab. In the Certificate Hierarchy I see that GlobalSign Root CA - R3 is used, then GlobalSign Cloud SSL CA is used.

I closed out of all those windows and in a new tab opened a web search.

I then searched "GlobalSign nv-sa download root and intermediate certificates". There's a result of support.globalsign.com that I clicked on and got a list of their root and intermediates. I installed their root and three CloudSSL certificates.

To download the certificates, right-click on the box "Download (Binary/DER Encoded)", and select Save Link As. I just saved all of them to my desktop.

Next I hooked up the N9, copied the files over to my Downloads folder.

I disconnected the N9 from the PC and then performed the certificate installations. It took maybe ten seconds before the N9 searched the directory structure and came up with all downloaded certificates. I just one-by-one selected each of the GlobalSign ones, the selected "install". It brings you to another screen where it asks what you want the certificate to be used for. I leave all fields enabled. I'm sure that could be refined somewhat, but I didn't care.

I don't know whether this certificate step was even instrumental in resolving this issue, or whether it was just the Security Prefs being modified in Opera that ultimately resolved the problem. In the off chance that this certificate stuff is necessary, perhaps this detailed response will help others with other sites.
 

The Following 5 Users Say Thank You to RasLikesN9 For This Useful Post:
peterleinchen's Avatar
Posts: 3,392 | Thanked: 6,459 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#16
For some this might help.
Problem is that N9 browser does not support TLS1.2 to which more and more web sites are changing.
Another problem is that this way only adds certs bit we would also need to revoke some old/discontinued or even worse hacked certs!
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following 5 Users Say Thank You to peterleinchen For This Useful Post:
Posts: 29 | Thanked: 74 times | Joined on Feb 2012 @ Greater Chicagoland area
#17
Originally Posted by peterleinchen View Post
For some this might help.
Problem is that N9 browser does not support TLS1.2 to which more and more web sites are changing.
You are correct. The only way I could get the Twitch to work is using TLS1.2 and I was only able to do that in Opera Mini on my N9, not in the Meego native browser. There may be other options, but I don't know what they are. Opera's ability to enable the TLS1.2 alone didn't appear to solve the problem, either. I went to SSL labs and saw the error about SSL 3 being enabled, so I deactivated that in Opera and that's finally when Twitch loaded.

I think it's an equation with multiple variables that need to be addressed for different sites. But the good news is that it is possible to work around some of these issues for the time being - if one is intent on using an N9 in 2018.

And good point about getting rid of expired or worse, hacked SSLs. I had not even thought about doing that. Thanks.
 

The Following 4 Users Say Thank You to RasLikesN9 For This Useful Post:
Posts: 2 | Thanked: 5 times | Joined on Sep 2018
#18
That's what my question was aiming for. So I take it that Opera Mini seems to include tsl1.2 support. The meego-browser does not, neither does wget or the openssl library in the supplied version.
I'm annoyed about this problem because not only do various sites not load in the webbrowser, but also other apps have problems. E.g. I cannot subscribe some podcasts in gpodder due to this (took me some time to figure out that tls is the problem, since error messages everywhere are very non-specific).

So in principle it should be possible to crosscompile libopenssl in a sufficiently recent version, similar for wget; for the meego-browser I don't know. But I have no idea of how cumbersome this actually would be. Can somebody give me any hints?

Getting the certificate store in order is needed in addition, of course.
 

The Following 4 Users Say Thank You to sdx23 For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 05:46.