View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0002719 | NetSurf | [All Projects] General | public | 2019-11-22 23:04 | 2020-02-21 09:34 | ||||
Reporter | Harriet Bazley | ||||||||
Assigned To | |||||||||
Severity | minor | Reproducibility | always | ||||||
Status | closed | Resolution | no change required | ||||||
Platform | Iyonix | OS | RISC OS | OS Version | 5.22 | ||||
Product Version | |||||||||
Target Version | Fixed in Version | ||||||||
Summary | 0002719: Unable to access streetmap.co.uk | ||||||||
Description | At some point between 5th and 15th November, it ceased to be possible to view the site http://www.streetmap.co.uk using Netsurf. Attempting to access this address gives the error 'Unknown' and trying to view the page HTML results in a 'no document source' error. | ||||||||
Steps To Reproduce | Visit any Streetmap.co.uk URL, e.g. http://streetmap.co.uk/loc/524473,170726 | ||||||||
Additional Information | According to reports on the thread on comp.sys.acorn.misc https://comp.sys.acorn.misc.narkive.com/6XWBwX3s/streetmap-co-uk , Netsurf 3.7 dev #3779 works with this site, but the versions 3.8 (29-08-2018), 3.9 (11-07-2019) and 3.10 dev #4900 do not. | ||||||||
Tags | No tags attached. | ||||||||
Fixed in CI build # | |||||||||
Reported in CI build # | 4855 | ||||||||
URL of problem page | http://www.streetmap.co.uk | ||||||||
Attached Files |
|
Notes | |
Vincent Sanders (administrator) 2019-11-23 09:58 |
This is related to the site changing its ssl configuration $ curl -v https://streetmap.co.uk/loc/524473,170726 * Trying 194.75.192.70... * TCP_NODELAY set * Expire in 200 ms for 4 (transfer 0x55d1f10eff50) * Connected to streetmap.co.uk (194.75.192.70) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to streetmap.co.uk:443 * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to streetmap.co.uk:443 so curl itself cannot connect either. this may be related to https://github.com/curl/curl/issues/1520 but i doubt it as that is from 2017 $ openssl s_client -connect streetmap.co.uk:443 CONNECTED(00000003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 307 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- |
Dave Higton (developer) 2019-11-25 15:22 |
Most interesting! Those curl and openssl commands on Ubuntu fail, but Firefox on the same computer and OS works (to the secure version of the URL). Do we have any way to diagnose why the commands fail? Do we believe that streetmap has an incorrect SSL configuration? |
Vincent Sanders (administrator) 2019-11-25 21:42 |
3.10 development edition reports the error as "Unable to fetch document" which is less bad than "unknown" jmb noticed what the actual issue is: pretty trivial -- server only supports tls1.0 and 3des. we haven't offered 3des for years, cos it's broken |
Daniel Silverstone (administrator) 2019-11-29 20:09 |
We should see if there's a way to add an openssl callback which would tell us what went wrong. |
Daniel Silverstone (administrator) 2019-11-29 20:11 |
For reference this is IIS 5.0 SSLLabs report is HILARIOUS! https://www.ssllabs.com/ssltest/analyze.html?d=www.streetmap.co.uk |
Dave Higton (developer) 2019-12-06 22:58 |
Since the cause of the problem is that the streetmap site only uses old, insecure, deprecated ciphers that no browser from now on should support, shouldn't this bug be closed? |
Daniel Silverstone (administrator) 2020-02-21 09:34 |
Yes Dave, I 100% agree. |
Issue History | |||
Date Modified | Username | Field | Change |
---|---|---|---|
2019-11-22 23:04 | Harriet Bazley | New Issue | |
2019-11-23 09:58 | Vincent Sanders | Status | new => confirmed |
2019-11-23 09:58 | Vincent Sanders | Steps to Reproduce Updated | View Revisions |
2019-11-23 09:58 | Vincent Sanders | Note Added: 0002128 | |
2019-11-25 15:22 | Dave Higton | Note Added: 0002129 | |
2019-11-25 21:42 | Vincent Sanders | Note Added: 0002131 | |
2019-11-29 20:09 | Daniel Silverstone | Note Added: 0002133 | |
2019-11-29 20:11 | Daniel Silverstone | Note Added: 0002134 | |
2019-12-06 22:58 | Dave Higton | Note Added: 0002150 | |
2020-02-21 09:34 | Daniel Silverstone | Status | confirmed => closed |
2020-02-21 09:34 | Daniel Silverstone | Resolution | open => no change required |
2020-02-21 09:34 | Daniel Silverstone | Note Added: 0002162 |