Personally I saw Camellia used by Chrome and AFAIK it's now implemented by OpenSSL.
Anyway, like I said, it's negotiated :-) and the server chose between what the client offers (or refuse the connection, not the certificate). Now there can be load balancers, proxies, custom hardware/software... but I doubt it's the issue. On Mon, May 27, 2013 at 2:40 PM, Pablo Ruiz <pablo.r...@gmail.com> wrote: > Interesting.. > > Using openssl/s_client looks like AES256.. ¿where did you get Camellia > 256?. Maybe they use som kind of loadbalancer and some of their real > servers are misconfigured? > > $ openssl.exe s_client -connect disqus.com:443 > CONNECTED(00000003) > [...] > --- > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : DHE-RSA-AES256-SHA > Session-ID: > 29930C5A0E13DDB7507A0584F9B70BCC3C93A8193355CF2565FD044A10FA50F4 > Session-ID-ctx: > Master-Key: > 1546D5A8E418DC50FF08C096C96A13537B043E41A350A352C7FC5A62B5E78349D1DA7F95E864982F7D537350C696728E > Key-Arg : None > Start Time: 1369679851 > Timeout : 300 (sec) > Verify return code: 20 (unable to get local issuer certificate) > > > > > On Mon, May 27, 2013 at 5:10 PM, Joe Dluzen <jdlu...@gmail.com> wrote: > >> It appears that Disqus is using Camellia 256 CBC. I don't think Mono has >> a managed implementation of it, I did a quick search through the Github >> repo. >> >> Message: 3 >>> Date: Mon, 27 May 2013 23:39:56 +1000 >>> From: Daniel Lo Nigro <li...@dan.cx> >>> To: Alberto Le?n <leontis...@gmail.com> >>> Cc: "mono-list@lists.ximian.com" <Mono-list@lists.ximian.com> >>> Subject: Re: [Mono-list] SSL/TLS issue with Disqus.com >>> Message-ID: >>> < >>> cab1r_+vcugcbp9ggrxtft8byugmo-olrbeduxsjoe+xjafq...@mail.gmail.com> >>> Content-Type: text/plain; charset="iso-8859-1" >>> >>> >>> I have other apps connecting via HTTPS fine (including the Twitter API, I >>> believe). I'm only having issues with Disqus. >>> >>> >>> On Mon, May 27, 2013 at 11:37 PM, Alberto Le?n <leontis...@gmail.com> >>> wrote: >>> >>> > I find similar problem in Mono 3.0.4 in OpenSuse each time I used >>> > LinqToTwitter or any library that connects with https >>> > >>> > But in Debian with Mono 3.0.3 I never found this problem. >>> > >>> > I suppose is at configuration level, but I don't have idea what is >>> > necesary to change >>> > >>> > >>> > 2013/5/27 Daniel Lo Nigro <li...@dan.cx> >>> > >>> >> Hi, >>> >> >>> >> My code is trying to connect to the Disqus API (https://disqus.com/), >>> >> but I have started getting an "Invalid certificate received from >>> server" >>> >> error. I've tried running mozcerts --sync to load the latest Mozilla >>> >> root CAs, and connecting to other SSL/TLS works fine. I am using Mono >>> >> 3.0.7, but I encounter the same issue on Mono 3.0.10. Strangely, >>> running >>> >> tlstest doesn't output anything apart from the URL: >>> >> >>> >> 23:21 daniel@dan /tmp >>> >> % mono tlstest.exe https://disqus.com/ >>> >> >>> >> https://disqus.com/ >>> >> >>> >> But it works fine for other servers: >>> >> 23:22 daniel@dan /tmp >>> >> % mono tlstest.exe https://google.com/ >>> >> >>> >> https://google.com/ >>> >> [Subject] >>> >> CN=*.google.com, O=Google Inc, L=Mountain View, S=California, C=US >>> >> ...etc... >>> >> >>> >> Below is the exception I'm getting: >>> >> System.Net.WebException: Error getting response stream (Write: The >>> >> authentication or decryption has failed.): SendFailure >>> >> ---> System.IO.IOException: The authentication or decryption has >>> failed. >>> >> ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate >>> >> received from server. Error code: 0xffffffff800b010a >>> >> at >>> >> >>> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates >>> >> (Mono.Security.X509.X509CertificateCollection certificates) [0x0009b] >>> in >>> >> >>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:218 >>> >> at >>> >> >>> Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 >>> >> () [0x00054] in >>> >> >>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs:105 >>> >> at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () >>> >> [0x00037] in >>> >> >>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake/HandshakeMessage.cs:105 >>> >> at (wrapper remoting-invoke-with-check) >>> >> Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process () >>> >> at >>> >> >>> Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage >>> >> (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00039] in >>> >> >>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs:81 >>> >> at >>> >> >>> Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback >>> >> (IAsyncResult asyncResult) [0x00123] in >>> >> >>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:397 >>> >> --- End of inner exception stack trace --- >>> >> at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback >>> >> (IAsyncResult asyncResult) [0x0002a] in >>> >> >>> /usr/local/src/mono-3.0.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:100 >>> >> --- End of inner exception stack trace --- >>> >> at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult >>> asyncResult) >>> >> [0x00065] in >>> >> >>> /usr/local/src/mono-3.0.7/mcs/class/System/System.Net/HttpWebRequest.cs:926 >>> >> at System.Net.HttpWebRequest.GetResponse () [0x0000e] in >>> >> >>> /usr/local/src/mono-3.0.7/mcs/class/System/System.Net/HttpWebRequest.cs:932 >>> >> at ServiceStack.Text.WebRequestExtensions.GetStringFromUrl >>> >> (System.String url, System.String acceptContentType, System.Action`1 >>> >> responseFilter) [0x00000] in <filename unknown>:0 >>> >> at ServiceStack.Text.WebRequestExtensions.GetJsonFromUrl >>> (System.String >>> >> url, System.Action`1 responseFilter) [0x00000] in <filename unknown>:0 >>> >> at Daniel15.BusinessLayer.Services.DisqusComments.Sync () [0x0001e] >>> in >>> >> c:\Users\Daniel\Documents\Visual Studio >>> >> >>> 2010\Projects\dan.cx_dotnet\Daniel15.BusinessLayer\Services\DisqusComments.cs:58 >>> >> at Daniel15.Cron.CronRunner.Run (System.String operation) [0x00021] >>> in >>> >> c:\Users\Daniel\Documents\Visual Studio >>> >> 2010\Projects\dan.cx_dotnet\Daniel15.Cron\CronRunner.cs:24 >>> >> at Daniel15.Cron.CronRunner.Main (System.String[] args) [0x00000] in >>> >> c:\Users\Daniel\Documents\Visual Studio >>> >> 2010\Projects\dan.cx_dotnet\Daniel15.Cron\CronRunner.cs:11 >>> >> >>> >> Any ideas? >>> > -- >>> > https://twitter.com/AlbertCSharpMan >>> > http://stackoverflow.com/users/690958/alberto-leon >>> >> >> _______________________________________________ >> Mono-list maillist - Mono-list@lists.ximian.com >> http://lists.ximian.com/mailman/listinfo/mono-list >> >> > > _______________________________________________ > Mono-list maillist - Mono-list@lists.ximian.com > http://lists.ximian.com/mailman/listinfo/mono-list > >
_______________________________________________ Mono-list maillist - Mono-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-list
