💾 Archived View for cup.c0ff33.net › gemlog › 2023-06-18.gmi captured on 2024-03-21 at 15:00:52. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-07-10)

-=-=-=-=-=-=-

Gemini TLS Client-Server compatibility

I've set up this capsule just a few days ago and already I am dealing with first technological absurdity. One would (naively) expect that with protocol as simple Gemini, compatibility between clients and servers would be a given. A non-issue!

That's not the case. I've noticed log of Gemini server (Agate) is full of errors like:

"TLS error" error:peer is incompatible: no overlapping sigschemes

or

"TLS error" error:unexpected error: incompatible signing key

After a bit of digging, I've found that this is caused by the fact that I have used "too fancy" signature scheme when generating the certificate.

I have (naively) assumed that in the year 2023 every modern operating system supports Ed25519. OpenSSH supports it since fucking 2014.

Hahaha, no. Turns out that especially mobile Gemini clients are problematic in this regard (and one well known proxy).

Agate author is aware of this issue and has made ECDSA the default algorithm for certificate generation some time ago. It's just me who has naively used Ed25519, seeing such option present.

GitHub issue

GitHub PR related to this issue

Nevertheless, I had to make a decision - what do to with this cluster fuck. I came up with a few options.

Tired with this mental exercise, for now I decided to choose the first option - do nothing about it.