AUR web interface

**This is the bug tracker for the AUR web interface.**

Use this tracker to report bugs or make feature requests regarding the behaviour or implementation of the AUR software.
Please read the Reporting Bug Guidelines before filing a new task.
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

- Please report bugs related to Arch Linux official packages here: http://bugs.archlinux.org/index.php?project=1
- Please report bugs for [community] packages here: http://bugs.archlinux.org/index.php?project=5
- For any packages in the AUR contact the maintainer or leave a comment on the package's detail page.

Source Code:
https://projects.archlinux.org/aurweb.git/
Tasklist

FS#60377 - Error during establishing SSL connection with any of *.archlinux.org behind corporate proxy

Attached to Project: AUR web interface
Opened by Michal (Noname) - Wednesday, 10 October 2018, 18:57 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 10 December 2019, 11:34 GMT
Task Type Bug Report
Category Web Sites
Status Assigned
Assigned To Jelle van der Waa (jelly)
Giancarlo Razzolini (grazzolini)
Architecture All
Severity High
Priority Normal
Reported Version 4.7.0
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 1
Private No

Details

I'm connecting behind corporate MITM, I've got installed my company CA certificate but when I attempt to perform: `openssl s_client -showcerts -connect aur.archlinux.org:443` i receive following output:
[code]
CONNECTED(00000005)
139955453583872:error:1425F175:SSL routines:ssl_choose_client_version:inappropriate fallback:ssl/statem/statem_lib.c:1929:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 85 bytes and written 326 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
[/code]
Due to this error I'm not able to install some AUR packages. When I try to connect some other hosts for example: `s_client -showcerts -connect wikipedia.org:443` I'm able to establish connection.
This task depends upon

Comment by Eli Schwartz (eschwartz) - Friday, 09 August 2019, 13:48 GMT
  • Field changed: Attached to Project (AUR web interface → Arch Linux)
This is really a "Websites" issue, not aurweb per se.
Comment by Giancarlo Razzolini (grazzolini) - Tuesday, 10 December 2019, 19:41 GMT
Ok, we use the intermediate settings recommended by mozilla, as you can see here: https://git.archlinux.org/infrastructure.git/tree/roles/nginx/templates/sslsettings.conf

From what you have posted so far, it looks like your proxy can't handle any of these settings and then it's trying to fallback, but none of the ciphers it supports can be used.

Can you provide full log of openssl connect?
Comment by Lukas Fleischer (lfleischer) - Tuesday, 21 April 2020, 16:00 GMT
Status?

Loading...