Page 1 of 2

Can't Browse HTTPS Sites?

Posted: Sun Dec 21, 2014 6:13 pm
by OSIAS
So whether I use epiphany or midora any HTTPS site I try to browse to gives the error.

SSL Handshake failed

I have searched pretty thoroughly for a solution, that when I came across epiphany but that didn't change anything after download.

Is there some sort of plugin or particular apt I need to grab for this to go away?

Thanks in advance

Re: Can't Browse HTTPS Sites?

Posted: Sun Dec 21, 2014 6:22 pm
by OSIAS
Everything I find about it seems a little over my head I have no idea what they are talking about.

something to do with libsoup and or glib-networkings and perhaps a recompile which I do not know how to do. Below are the best two places I could find anything about it but beyond just downloading glib I am not sure how to compile anything.. The lower link makes the most sense but I do not know how to do it.

http://forum.paldo.org/index.php?action ... 0&pagenr=1

http://www.linuxquestions.org/questions ... es-881704/

is there not a sudo apt-get command that will solve this problem?

Re: Can't Browse HTTPS Sites?

Posted: Sun Dec 21, 2014 11:07 pm
by gkreidl
There must be something wrong with your system. I can access any https site with both the old webkit1 engine (Midori, kweb) and the webkit3 engine (epiphany, kweb3). [Edited]

Compiling a new libsoup won't help any may even corrupt things if the version doesn't match the one required by the webkit libraries.

Re: Can't Browse HTTPS Sites?

Posted: Mon Dec 22, 2014 11:22 pm
by OSIAS
I can browse HHTP sites just fine its HTTPS as I said and, um that's great that it works for you any suggestions on how to fix me?

Re: Can't Browse HTTPS Sites?

Posted: Mon Dec 22, 2014 11:27 pm
by DougieLawson
sudo apt-get install --reinstall ca-certificate ca-certificates-java

Re: Can't Browse HTTPS Sites?

Posted: Mon Dec 22, 2014 11:29 pm
by gkreidl
OSIAS wrote:I can browse HHTP sites just fine its HTTPS as I said and, um that's great that it works for you any suggestions on how to fix me?
Sorry, that was a typo (corrected it). Of course I meant HTTPS sites.

Re: Can't Browse HTTPS Sites?

Posted: Tue Dec 23, 2014 5:49 pm
by EMJB
DougieLawson wrote:sudo apt-get install --reinstall ca-certificate ca-certificates-java
I get similar problems with HTTPS sites, but get "E: Unable to locate package ca-certificate" error when I try the above.

Re: Can't Browse HTTPS Sites?

Posted: Tue Dec 23, 2014 6:07 pm
by DirkS
EMJB wrote:
DougieLawson wrote:sudo apt-get install --reinstall ca-certificate ca-certificates-java
I get similar problems with HTTPS sites, but get "E: Unable to locate package ca-certificate" error when I try the above.
There's a typo in there. It's ca-certificates:

Code: Select all

sudo apt-get install --reinstall ca-certificates ca-certificates-java

Re: Can't Browse HTTPS Sites?

Posted: Wed Dec 24, 2014 2:38 am
by OSIAS
I haven't had a chance to try this yet sorry been busy. I will try this very soon and let you know.

Thanks for the help.

Re: Can't Browse HTTPS Sites?

Posted: Wed Dec 24, 2014 4:15 am
by OSIAS
Negative -- Did not resolve the issue..

Well maybe it appears I can browse some HTTPS sites. its just certain ones appear to not be working. I know flash doesn't work in any rasp pi browser but are there any other languages or site concerns I should know about?

I still get the error SSL Handshake Failed and that's what made me think it was a HTTPS issue. Perhaps its something else not sure what.

Thanks in advance

Re: Can't Browse HTTPS Sites?

Posted: Wed Dec 24, 2014 7:08 am
by gkreidl
OSIAS wrote:Negative -- Did not resolve the issue..

Well maybe it appears I can browse some HTTPS sites. its just certain ones appear to not be working. I know flash doesn't work in any rasp pi browser but are there any other languages or site concerns I should know about?

I still get the error SSL Handshake Failed and that's what made me think it was a HTTPS issue. Perhaps its something else not sure what.

Thanks in advance
Can you give us an example link?

Re: Can't Browse HTTPS Sites?

Posted: Wed Dec 24, 2014 8:35 am
by EMJB
DirkS wrote:There's a typo in there. It's ca-certificates:

Code: Select all

sudo apt-get install --reinstall ca-certificates ca-certificates-java
That solved my problem. Thanks.

EMJB

Re: Can't Browse HTTPS Sites?

Posted: Tue Mar 10, 2015 2:04 pm
by glennndavis
The test website that i consistently get the problem in this topic is calomel.org which resolves to https://calomel.org
getting the following results:
Oops! Error loading

Oops! It was not possible to show this website

The website at https://calomel.org/ seems to be unavailable. The precise error was:

SSL handshake failed

It could be temporarily switched off or moved to a new address. Don't forget to check that your internet connection is working correctly.

Try again

Re: Can't Browse HTTPS Sites?

Posted: Thu Mar 12, 2015 9:10 am
by myself
Hello everyone,

on my new RPi 2 I got the very same problem like OSIAS stated in his last post.
It seems to be Epiphany as I have no problems with chromium or iceweasel.
Updates did not solve the issue. That's rather stupid as it's part of the raspbian distribution.

Can someone help out?

Best, myself

Re: Can't Browse HTTPS Sites?

Posted: Thu Mar 12, 2015 11:30 am
by gkreidl
Post an example URL. It works for me.

Same problem

Posted: Tue Mar 24, 2015 8:09 pm
by jake_rpi
I have a new raspberry pi2. I tried https://calomel.org as provided by glenndavis, and that site returned the same error provided.

I found this post looking for help with logging in/downloading from The Pi Store app on my rpi2. I am using the raspbian distribution from the official website. I tried sudo apt-get install --reinstall ca-certificates ca-certificates-java - but that did not work.

When I go into to The Pi Store app on the rpi2, and click the red log-in link. The browser loads to 100%, but it just shows a blank page. If I try downloading an app from the Pi Store app without logging in, nothing happens. I tried downloading the app using the 'Open in New Window' option (right-click), that brings me to the regular browser and I can see the SSL Handshake failed error.

I tried removing and reinstalling the pistore package, but that didn't work. When I go to the official website and try to log in from there, I get the same SSL Handshake failed error. I know the answer is out there, I must be missing some packages.

Re: Same problem

Posted: Wed Mar 25, 2015 5:52 am
by gkreidl
jake_rpi wrote:I have a new raspberry pi2. I tried https://https://calomel.org/ as provided by glenndavis, and that site returned the same error provided.

I found this post looking for help with logging in/downloading from The Pi Store app on my rpi2. I am using the raspbian distribution from the official website. I tried sudo apt-get install --reinstall ca-certificates ca-certificates-java - but that did not work.

When I go into to The Pi Store app on the rpi2, and click the red log-in link. The browser loads to 100%, but it just shows a blank page. If I try downloading an app from the Pi Store app without logging in, nothing happens. I tried downloading the app using the 'Open in New Window' option (right-click), that brings me to the regular browser and I can see the SSL Handshake failed error.

I tried removing and reinstalling the pistore package, but that didn't work. When I go to the official website and try to log in from there, I get the same SSL Handshake failed error. I know the answer is out there, I must be missing some packages.
calomel.org seams to insist on TLS 1.2. I cannot connect to it from my Desktop using Opera 12 (Firefox and Google Chrome do work).
On the RPi:
No connection with chromium, epiphany, kweb, midori, iceape
works with: netsurf, iceweasel

Re: Can't Browse HTTPS Sites?

Posted: Wed Mar 25, 2015 7:57 am
by ktb
The Pi Store problem is likely due to either the *.raspberrypi.org certificate having expired 01/23/2015 and/or maybe because the HTTPS landing page URLs (https://auth.indiecity.com/login?service=...) do not work over HTTPS (not even an expired certificate in this case). Hopefully this wasn't always the case.

Re: Can't Browse HTTPS Sites?

Posted: Sun Apr 12, 2015 1:34 pm
by welshmark
I'm having the exact same problem. Did anyone find an answer? here is another exapmple of a site that won't work.
https://docs.mopidy.com/en/latest/

Re: Can't Browse HTTPS Sites?

Posted: Sun Apr 12, 2015 4:22 pm
by gkreidl
welshmark wrote:I'm having the exact same problem. Did anyone find an answer? here is another exapmple of a site that won't work.
https://docs.mopidy.com/en/latest/
Same problem as above (TLS 1.2)

Re: Can't Browse HTTPS Sites?

Posted: Thu Apr 23, 2015 3:53 pm
by ggemmill
I too have this problem. The site I'm having the problem with is https://linuxcounter.net. I can log on securely to my bank, so it's not a general SSL problem. Reinstalling ca-certificates (see above) had no effect. Using Epiphany or Midori.
Graeme

Re: Can't Browse HTTPS Sites?

Posted: Thu Apr 23, 2015 4:56 pm
by ktb
linuxcounter.net:
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No

It looks like the cipher suites they've chosen to support do not include those supported by Epiphany.

https://www.ssllabs.com/ssltest/analyze ... =on&latest
https://www.ssllabs.com/ssltest/analyze ... =on&latest

linuxcounter.net supports:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH 256 bits (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) ECDH 256 bits (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH 256 bits (eq. 3072 bits RSA) FS 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) ECDH 256 bits (eq. 3072 bits RSA) FS 112
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14) ECDH 256 bits (eq. 3072 bits RSA) FS 256

Epiphany supports:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) Forward Secrecy 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) Forward Secrecy 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) Forward Secrecy 256
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) Forward Secrecy 112
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) Forward Secrecy2 128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40) Forward Secrecy2 128
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x44) Forward Secrecy2 128
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38) Forward Secrecy2 256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6a) Forward Secrecy2 256
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x87) Forward Secrecy2 256
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13) Forward Secrecy2 112
TLS_DHE_DSS_WITH_RC4_128_SHA (0x66) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128

Re: Can't Browse HTTPS Sites?

Posted: Thu Apr 23, 2015 7:26 pm
by NewLinuxCounter
Hello all,

this is Alex, the founder and maintainer of the New Linux Counter Project (linuxcounter.net).

The Counter was delivered through a cloud service (CloudFlare) that, unfortunatly, didn't support ssl ciphers that midori needs.
This is why I've now deactivated this cloud for the linux counter and midori and other older browsers should now be able to do the handshake successfully.

A second benefit is, that the page gets delivered much faster than before... :-P ...since the cloud server was somewhere in Asia...

So, a big thankyou to @ggemmill for contacting me with this problem and also al big thank you to @ktb for pointing me in the right direction.

Best regards
Alex

Re: Can't Browse HTTPS Sites?

Posted: Tue Jun 02, 2015 5:44 pm
by hbleuler
Hi all

I get the same error using Epiphany with https://www.rootusers.com/ as well as the above https://calomel.org/

System is newly installed 2015-05-05-raspbin-wheezy. I ran
sudo apt-get install --reinstall ca-certificates ca-certificates-java
and rebooted - but still get the error. What am I missing? :?

Re: Can't Browse HTTPS Sites?

Posted: Tue Jun 02, 2015 7:10 pm
by DougieLawson
What date is your system running with?

sudo date --set '2015-06-02 20:10:15'