[Mono-list] SSL/TLS issue with Disqus.com

Pablo Ruiz pablo.ruiz at gmail.com
Mon May 27 18:40:34 UTC 2013


Interesting..

Using openssl/s_client looks like AES256.. ¿where did you get Camellia
256?. Maybe they use som kind of loadbalancer and some of their real
servers are misconfigured?

$ openssl.exe s_client -connect disqus.com:443
CONNECTED(00000003)
[...]
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID:
29930C5A0E13DDB7507A0584F9B70BCC3C93A8193355CF2565FD044A10FA50F4
    Session-ID-ctx:
    Master-Key:
1546D5A8E418DC50FF08C096C96A13537B043E41A350A352C7FC5A62B5E78349D1DA7F95E864982F7D537350C696728E
    Key-Arg   : None
    Start Time: 1369679851
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)




On Mon, May 27, 2013 at 5:10 PM, Joe Dluzen <jdluzen at gmail.com> wrote:

> It appears that Disqus is using Camellia 256 CBC. I don't think Mono has a
> managed implementation of it, I did a quick search through the Github repo.
>
>  Message: 3
>> Date: Mon, 27 May 2013 23:39:56 +1000
>> From: Daniel Lo Nigro <lists at dan.cx>
>> To: Alberto Le?n <leontiscar at gmail.com>
>> Cc: "mono-list at lists.ximian.com" <Mono-list at lists.ximian.com>
>> Subject: Re: [Mono-list] SSL/TLS issue with Disqus.com
>> Message-ID:
>>         <
>> CAB1r_+VcugCbP9ggRxtft8byuGmo-OLrbEDuXSJoe+xjAFQDvg at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>>
>> I have other apps connecting via HTTPS fine (including the Twitter API, I
>> believe). I'm only having issues with Disqus.
>>
>>
>> On Mon, May 27, 2013 at 11:37 PM, Alberto Le?n <leontiscar at gmail.com>
>> wrote:
>>
>> > I find similar problem in Mono 3.0.4 in OpenSuse each time I used
>> > LinqToTwitter or any library that connects with https
>> >
>> > But in Debian with Mono 3.0.3 I never found this problem.
>> >
>> > I suppose is at configuration level, but I don't have idea what is
>> > necesary to change
>> >
>> >
>> > 2013/5/27 Daniel Lo Nigro <lists at dan.cx>
>> >
>> >> Hi,
>> >>
>> >> My code is trying to connect to the Disqus API (https://disqus.com/),
>> >> but I have started getting an "Invalid certificate received from
>> server"
>> >> error. I've tried running mozcerts --sync to load the latest Mozilla
>> >> root CAs, and connecting to other SSL/TLS works fine. I am using Mono
>> >> 3.0.7, but I encounter the same issue on Mono 3.0.10. Strangely,
>> running
>> >> tlstest doesn't output anything apart from the URL:
>> >>
>> >> 23:21 daniel at dan /tmp
>> >> % mono tlstest.exe https://disqus.com/
>> >>
>> >> https://disqus.com/
>> >>
>> >> But it works fine for other servers:
>> >> 23:22 daniel at dan /tmp
>> >> % mono tlstest.exe https://google.com/
>> >>
>> >> https://google.com/
>> >> [Subject]
>> >>   CN=*.google.com, O=Google Inc, L=Mountain View, S=California, C=US
>> >> ...etc...
>> >>
>> >> Below is the exception I'm getting:
>> >> System.Net.WebException: Error getting response stream (Write: The
>> >> authentication or decryption has failed.): SendFailure
>> >> ---> System.IO.IOException: The authentication or decryption has
>> failed.
>> >> ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate
>> >> received from server. Error code: 0xffffffff800b010a
>> >>   at
>> >>
>> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
>> >> (Mono.Security.X509.X509CertificateCollection certificates) [0x0009b]
>> in
>> >>
>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:218
>> >>   at
>> >>
>> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
>> >> () [0x00054] in
>> >>
>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:105
>> >>   at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
>> >> [0x00037] in
>> >>
>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake/HandshakeMessage.cs:105
>> >>   at (wrapper remoting-invoke-with-check)
>> >> Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
>> >>   at
>> >> Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
>> >> (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00039] in
>> >>
>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs:81
>> >>   at
>> >> Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
>> >> (IAsyncResult asyncResult) [0x00123] in
>> >>
>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:397
>> >>   --- End of inner exception stack trace ---
>> >>   at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
>> >> (IAsyncResult asyncResult) [0x0002a] in
>> >>
>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:100
>> >>   --- End of inner exception stack trace ---
>> >>   at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult
>> asyncResult)
>> >> [0x00065] in
>> >>
>> /usr/local/src/mono-3.0.7/mcs/class/System/System.Net/HttpWebRequest.cs:926
>> >>   at System.Net.HttpWebRequest.GetResponse () [0x0000e] in
>> >>
>> /usr/local/src/mono-3.0.7/mcs/class/System/System.Net/HttpWebRequest.cs:932
>> >>   at ServiceStack.Text.WebRequestExtensions.GetStringFromUrl
>> >> (System.String url, System.String acceptContentType, System.Action`1
>> >> responseFilter) [0x00000] in <filename unknown>:0
>> >>   at ServiceStack.Text.WebRequestExtensions.GetJsonFromUrl
>> (System.String
>> >> url, System.Action`1 responseFilter) [0x00000] in <filename unknown>:0
>> >>   at Daniel15.BusinessLayer.Services.DisqusComments.Sync () [0x0001e]
>> in
>> >> c:\Users\Daniel\Documents\Visual Studio
>> >>
>> 2010\Projects\dan.cx_dotnet\Daniel15.BusinessLayer\Services\DisqusComments.cs:58
>> >>   at Daniel15.Cron.CronRunner.Run (System.String operation) [0x00021]
>> in
>> >> c:\Users\Daniel\Documents\Visual Studio
>> >> 2010\Projects\dan.cx_dotnet\Daniel15.Cron\CronRunner.cs:24
>> >>   at Daniel15.Cron.CronRunner.Main (System.String[] args) [0x00000] in
>> >> c:\Users\Daniel\Documents\Visual Studio
>> >> 2010\Projects\dan.cx_dotnet\Daniel15.Cron\CronRunner.cs:11
>> >>
>> >> Any ideas?
>> > --
>> > https://twitter.com/AlbertCSharpMan
>> > http://stackoverflow.com/users/690958/alberto-leon
>>
>
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-list/attachments/20130527/70aea1a8/attachment-0001.html>


More information about the Mono-list mailing list