💾 Archived View for rawtext.club › ~sloum › geminilist › 006133.gmi captured on 2023-11-14 at 09:35:21. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[users] Announcing Gemini Discovery at gemini://discovery.geminiprotocol.com/

Omar Polo op at omarpolo.com

Tue Mar 16 10:30:14 GMT 2021

- - - - - - - - - - - - - - - - - - - 

Stephane Bortzmeyer <stephane at sources.org> writes:

On Tue, Mar 16, 2021 at 11:07:35AM +0100,
Omar Polo <op at omarpolo.com> wrote
a message of 17 lines which said:
I'm not able to load the page on any clients (porcelain, lagrange,
tinmop & my secret little project) on OpenBSD. All of them complains
about a failure during the handshake :/
No problem with Lagrange or Amfora here. gnutls-cli shows no TLS
issue:
% gnutls-cli --insecure -p 1965 discovery.geminiprotocol.com
Processed 0 CA certificate(s).
Resolving 'discovery.geminiprotocol.com:1965'...
Connecting to '95.217.134.139:1965'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `EMAIL=admin at geminiprotocol.com,CN=discovery.geminiprotocol.com,C=se', issuer `EMAIL=admin at geminiprotocol.com,CN=discovery.geminiprotocol.com,C=se', serial 0x4c149bab68907b80691f37bbfae5c30ef6a6ae6d, EdDSA (Ed25519) key 256 bits, signed using EdDSA-Ed25519, activated `2021-03-14 18:03:31 UTC', expires `2040-12-31 18:03:31 UTC', pin-sha256="wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc="

not a tls experts, but I think my issues are caused by the ed25519 key.I recall reading something that libressl don't support those keys yet(please correct me if I'm wrong)

; nc -c -Tnoverify discovery.geminiprotocol.com 1965nc: tls handshake failed (handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure)

Public Key ID:
sha1:a105e4d487cbef2db156c4cb5413e27382b2b1fd
sha256:c0f5e3aa390e706c8be1c63b446cb872d30b0d97f17d35f180790a418f40f9b7
Public Key PIN:
pin-sha256:wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc=
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
- Successfully sent 0 certificate(s) to server.
- Description: (TLS1.2-X.509)-(ECDHE-X25519)-(EdDSA-Ed25519)-(AES-256-GCM)
- Session ID: F8:63:9A:89:C8:0B:8A:C7:58:15:8F:74:23:00:95:A5:67:D8:F8:FE:5F:40:FD:4F:8A:4B:AE:31:44:31:23:D6
- Options: extended master secret, safe renegotiation,
- Handshake was completed