💾 Archived View for gemini.panda-roux.dev › log › entry › 28 captured on 2023-03-20 at 17:53:55. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-

TLS Weirdness

Posted on Monday July 19, 2021

I had to make an update to MoonGem, yesterday. I had been getting these TLS errors whenever I'd try to connect to my gemlog with TLS 1.3 enabled. I ignored it and switched to use 1.2 on my devices where possible. Someone pointed it out to me over email yesterday, so I thought it was worth looking into.

Apparently if you configure OpenSSL to use the SSL_VERIFY_PEER and SSL_VERIFY_CLIENT_ONCE options in verifying client certificates, this for some reason breaks a session caching feature of TLS that I wasn't aware existed.

The bug(?) in question

Anyway, after disabling session resumption and renegotiation (Gemini clients shouldn't be using those things anyway) I found the issue had been resolved.

I should probably look into switching to a simpler TLS implementation library. I trust OpenSSL much less now that I know weird unintuitive things like this can occur.

- panda-roux -

next: "Trusting my Tools and Myself"

prev: "Satisfying CI"

Email me about this post

Leave a comment

index

home