No GUI access with Palemoon - Webserver sends no Change Cipher Spec

Started by chemlud, March 24, 2022, 05:53:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 24, 2022, 05:53:48 PM
Hi!

Firefox latest connects fine to GUI of 22.1.3 Libressl (only TLS 1.3 CHACHA20Poly allowed as Cipher), but Palemoon 29.4.5 doen't get an adquate handshake and throws an error (SSL_ERROR_NO_CIPHER_OVERLAP).

Did a pc with Wireshark on FF and Palemoon, the obvious difference is that FF get a "Change Cipher Spec" package (package no. 8 ) on handshake and establishes the connection, while opnsense sends some strange package to Palemoon after Server Hello (package no. 13) , see attached.

Any ideas what is going wrong here?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 24, 2022, 10:29:42 PM #1
Palemoon 29.4.4 linux 64 + OpenSSL 1.1.1m against openSense 22.1.3 + OpenSSL 1.1.1m here.

Code Select
<ssl-ciphers>AES256-GCM-SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl-ciphers>

It connects with AES256-GCM-SHA384.

Code Select
<ssl-ciphers>TLS_CHACHA20_POLY1305_SHA256</ssl-ciphers>

I cannot manage to connect with TLS_CHACHA20_POLY1305_SHA256 so I can get rid of AES256-GCM-SHA384.
Print
Go Up Pages1
User actions