💾 Archived View for rawtext.club › ~sloum › geminilist › 006133.gmi captured on 2024-03-21 at 16:32:42. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[users] Announcing Gemini Discovery at gemini://discovery.geminiprotocol.com/

Omar Polo op at omarpolo.com

Tue Mar 16 10:30:14 GMT 2021

- - - - - - - - - - - - - - - - - - - 

Stephane Bortzmeyer <stephane at sources.org> writes:

On Tue, Mar 16, 2021 at 11:07:35AM +0100,

Omar Polo <op at omarpolo.com> wrote

a message of 17 lines which said:

I'm not able to load the page on any clients (porcelain, lagrange,

tinmop & my secret little project) on OpenBSD. All of them complains

about a failure during the handshake :/

No problem with Lagrange or Amfora here. gnutls-cli shows no TLS

issue:

% gnutls-cli --insecure -p 1965 discovery.geminiprotocol.com

Processed 0 CA certificate(s).

Resolving 'discovery.geminiprotocol.com:1965'...

Connecting to '95.217.134.139:1965'...

- Certificate type: X.509

- Got a certificate list of 1 certificates.

- Certificate[0] info:

- subject `EMAIL=admin at geminiprotocol.com,CN=discovery.geminiprotocol.com,C=se', issuer `EMAIL=admin at geminiprotocol.com,CN=discovery.geminiprotocol.com,C=se', serial 0x4c149bab68907b80691f37bbfae5c30ef6a6ae6d, EdDSA (Ed25519) key 256 bits, signed using EdDSA-Ed25519, activated `2021-03-14 18:03:31 UTC', expires `2040-12-31 18:03:31 UTC', pin-sha256="wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc="

not a tls experts, but I think my issues are caused by the ed25519 key.I recall reading something that libressl don't support those keys yet(please correct me if I'm wrong)

; nc -c -Tnoverify discovery.geminiprotocol.com 1965nc: tls handshake failed (handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure)

Public Key ID:

sha1:a105e4d487cbef2db156c4cb5413e27382b2b1fd

sha256:c0f5e3aa390e706c8be1c63b446cb872d30b0d97f17d35f180790a418f40f9b7

Public Key PIN:

pin-sha256:wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc=

- Status: The certificate is NOT trusted. The certificate issuer is unknown.

*** PKI verification of server certificate failed...

- Successfully sent 0 certificate(s) to server.

- Description: (TLS1.2-X.509)-(ECDHE-X25519)-(EdDSA-Ed25519)-(AES-256-GCM)

- Session ID: F8:63:9A:89:C8:0B:8A:C7:58:15:8F:74:23:00:95:A5:67:D8:F8:FE:5F:40:FD:4F:8A:4B:AE:31:44:31:23:D6

- Options: extended master secret, safe renegotiation,

- Handshake was completed