💾 Archived View for gemini.panda-roux.dev › log › entry › 28 captured on 2023-06-16 at 16:24:28. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
Posted on Monday July 19, 2021
I had to make an update to MoonGem, yesterday. I had been getting these TLS errors whenever I'd try to connect to my gemlog with TLS 1.3 enabled. I ignored it and switched to use 1.2 on my devices where possible. Someone pointed it out to me over email yesterday, so I thought it was worth looking into.
Apparently if you configure OpenSSL to use the SSL_VERIFY_PEER and SSL_VERIFY_CLIENT_ONCE options in verifying client certificates, this for some reason breaks a session caching feature of TLS that I wasn't aware existed.
Anyway, after disabling session resumption and renegotiation (Gemini clients shouldn't be using those things anyway) I found the issue had been resolved.
I should probably look into switching to a simpler TLS implementation library. I trust OpenSSL much less now that I know weird unintuitive things like this can occur.
- panda-roux -