wss:// peering now requires TLS1.3 and has no default port #1208
Comments
|
Peering via ws:// seems to work fine. I didn't have a second machine w/ 0.5.10 on it, so I just started another one on the same machine and tried peering with localhost, which seems to work. Either it's not enough to test it and peering via ws:// is also broken, OR only wss:// is broken. |
|
Peering with another instance of Yggdrasil running on the same machine via wss:// does seem to work(??) with port added, which is even weirder. |
|
Okay, with a bit of digging there's two separate issues:
|
|
Found the culprit: minimum TLS version now is 1.3 but our domain was using TLS1.2. Previously it was fine, but I guess now requirements are stricter? |
hatkidchan
changed the title
|
This 7afa23b commit changed minimum version to be tls1.3 but back then it wasn't applied to wss, which was introduced in commit mentioned previously. Could we bump down minimum TLS version to 1.2 at least? |
|
Actually, looking at it, bumping it down to 1.2 is not a good idea since it was introduced in.. 2008. Port being required now is a bummer though. |
|
1.2 is still widely used and standardized. Is there a specific reason to stick with 1.3 only @neilalexander ? |
|
Definition of default ports should be easy as it is 80 for HTTP/WS and 443 for HTTPS/WSS. |
Can't add wss:// peers anymore, it needs a port, otherwise peering fails with
missing port in address. With port added, fails withfailed to WebSocket dial: failed to send handshake request: Get "https://[redacted]:443/ygg/": remote error: tls: protocol version not supported. Everything works on 0.5.9.I didn't test ws:// peering, but my guess would be that it's also broken in a similar way.
Possible commit that caused the problem: 42873be
The text was updated successfully, but these errors were encountered: