Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quaternion Cannot Connect to TLS 1.3 Server (macOS) #817

Open
sindastra opened this issue Jan 27, 2022 · 3 comments
Open

Quaternion Cannot Connect to TLS 1.3 Server (macOS) #817

sindastra opened this issue Jan 27, 2022 · 3 comments
Labels
building/packaging Issues with CMake files or packaging

Comments

@sindastra
Copy link

Description

Using Quaternion on macOS 11, I cannot connect to a home server that uses TLS 1.3 exclusively.

Steps to reproduce

  • Run Quaternion on macOS 11
  • Try to connect to home server that uses TLS 1.3 exclusively

Logs

quotient.jobs: Sent GET https://***REDACTED***/_matrix/client/r0/login
quotient.jobs: No valid HTTP headers from GET https://***REDACTED***/_matrix/client/r0/login
quotient.jobs: "GetLoginFlowsJob" status NetworkError: SSL handshake failed

Additional Info

You probably use the built-in macOS libraries, right?
Nowadays, macOS uses LibreSSL, which does not support TLS 1.3!
The only remedy, I'm aware of, is to build and bundle OpenSSL with Quaternion.

Version information

0.0.95.1 downloaded from GitHub releases
@aaronraimist aaronraimist added the building/packaging Issues with CMake files or packaging label Mar 22, 2022
@KitsuneRal
Copy link
Member

Since OpenSSL is necessary to build libQuotient with E2EE support, I guess bundling OpenSSL with Quaternion is the way to go, as much as I hate it (because it means that I'm supposed to refresh that bundle every time OpenSSL gets a CVE fix...)

@aaronraimist
Copy link
Member

macOS Ventura (released at the end of October) ships with LibreSSL 3.3.6

My understanding is that should mean TLS 1.3 is supported now (https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.0-relnotes.txt) however I set my homeserver to use only TLS 1.3 and still got the SSL handshake failed error

@KitsuneRal
Copy link
Member

Not having macOS I can't check if the problem is still around; but from what I gather, it all boils down to the question of OpenSSL that Qt is built with and also the encryption mechanism chosen by Qt at runtime.

Quaternion used to use the official build of Qt from its FTP server; I think they used OpenSSL 1.1 until Qt 6.4.x (the version used as of this writing). I have no idea if OpenSSL is actually used at runtime though: Qt documentation says that Secure Transport is prioritised on macOS if it's available. Secure Transport, in turn, is considered legacy and Apple discourages its use; and it doesn't support TLS 1.3. I'm not really sure if it's possible to force usage of the OpenSSL backend but one way to check if that actually causes problems is to put away the Secure Transport plugin that comes in the Quaternion bundle and see if that helps matters (provided that the OpenSSL plugin is around, of course).

@KitsuneRal KitsuneRal moved this to 0.0.97 - To Do in Quaternion 1 Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
building/packaging Issues with CMake files or packaging
Projects
Quaternion 1
Status: 0.0.97 - To Do
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sindastra @aaronraimist @KitsuneRal