Arch Linux

ipullstuffapart

Member

Registered: 2014-11-22

Posts: 8

[SOLVED] SSL Connection Refused on all web browsers

Hi, been having no end of issues trying to sort out SSL connections to web servers.

Firefox continually nags about "This Connection is Untrusted", sometimes offering a security exception, others stopping me in my tracks.
Chrome won't let me do anything. Simply refuses all connections.

Timezone is set to Australia/Brisbane
date returns correct (Sat Nov 22 20:21:55 AEST 2014)
date -u returns correct (Sat Nov 22 10:22:17 UTC 2014)

timedatectl status

Local time: Sat 2014-11-22 20:23:05 AEST
  Universal time: Sat 2014-11-22 10:23:05 UTC
        RTC time: Sat 2014-11-22 10:23:04
       Time zone: Australia/Brisbane (AEST, +1000)
     NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
      DST active: n/a

Tried using NTP and not using NTP, Gnome auto-updates time too, so that can't be the issue.
Tried installing ca-certificates but no fix occurred.

Arch/Gnome 3.14

Can anyone help me? I can't browse the internet! Cheers

Last edited by ipullstuffapart (2014-12-09 22:17:58)

Spider.007

Member

Registered: 2004-06-20

Posts: 1,175

Re: [SOLVED] SSL Connection Refused on all web browsers

What does this output?

curl -v https://bbs.archlinux.org/ >/dev/null

ipullstuffapart

Member

Registered: 2014-11-22

Posts: 8

Re: [SOLVED] SSL Connection Refused on all web browsers

What does this output?

curl -v https://bbs.archlinux.org/ >/dev/null

* Hostname was NOT found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 5.9.250.164...
*   Trying 2a01:4f8:160:3033::2...
* Immediate connect fail for 2a01:4f8:160:3033::2: Network is unreachable
* Connected to bbs.archlinux.org (5.9.250.164) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* 	 subject: description=sPulR5zVOvr94iP7; C=US; ST=Illinois; L=Chicago; O=Aaron Griffin; CN=*.archlinux.org; emailAddress=webmaster@archlinux.org
* 	 start date: 2014-04-14 05:57:54 GMT
* 	 expire date: 2016-04-14 07:22:27 GMT
* 	 subjectAltName: bbs.archlinux.org matched
* 	 issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 2 Primary Intermediate Server CA
* 	 SSL certificate verify ok.
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0> GET / HTTP/1.1
> User-Agent: curl/7.39.0
> Host: bbs.archlinux.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.6.2
< Date: Sat, 22 Nov 2014 12:27:05 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
< Expires: Thu, 21 Jul 1977 07:30:00 GMT
< Last-Modified: Sat, 22 Nov 2014 12:27:05 GMT
< Cache-Control: post-check=0, pre-check=0
< Pragma: no-cache
< Strict-Transport-Security: max-age=16070400
< 
{ [data not shown]
100 22259    0 22259    0     0  12937      0 --:--:--  0:00:01 --:--:-- 12941
* Connection #0 to host bbs.archlinux.org left intact

Spider.007

Member

Registered: 2004-06-20

Posts: 1,175

Re: [SOLVED] SSL Connection Refused on all web browsers

That looks fine, have you setup some sort of proxy in your browser? Did you try with a clean user-profile (using the browsers profile manager)?

ipullstuffapart

Member

Registered: 2014-11-22

Posts: 8

Re: [SOLVED] SSL Connection Refused on all web browsers

That looks fine, have you setup some sort of proxy in your browser? Did you try with a clean user-profile (using the browsers profile manager)?

Correct, I even went to the effort of uninstalling them and reinstalling them.

Is there anything interesting to note that about Firefox's certificate manager?

http://seanmccullough.info/imgshare/certs.png

edit: I have not set up any proxies

-- mod edit: read the Forum Etiquette and only post thumbnails http://wiki.archlinux.org/index.php/For … s_and_Code [jwr] --

Last edited by ipullstuffapart (2014-11-22 22:09:35)

ipullstuffapart

Member

Registered: 2014-11-22

Posts: 8

Re: [SOLVED] SSL Connection Refused on all web browsers

I tried using Firefox Nightly, and it works extremely well, no issues whatsoever.

Does anybody know why this might be the case? What's wrong with everything else?

brebs

Member

Registered: 2007-04-03

Posts: 3,742

Re: [SOLVED] SSL Connection Refused on all web browsers

Firefox uses *its own* certificate store. That's why it can work, when other apps don't.

ipullstuffapart

Member

Registered: 2014-11-22

Posts: 8

Re: [SOLVED] SSL Connection Refused on all web browsers

Firefox uses *its own* certificate store. That's why it can work, when other apps don't.

That still doesn't quite make sense if you consider the standard Firefox from the official repo doesn't work

brebs

Member

Registered: 2007-04-03

Posts: 3,742

Re: [SOLVED] SSL Connection Refused on all web browsers

the standard Firefox from the official repo doesn't work

Probably because your "nightly" version has changed your profile (in ~/.mozilla/firefox/) in ways that are incompatible with the old-in-comparison *current* firefox.

Try renaming ~/.mozilla, and running normal firefox without a corrupted profile.

Note that it's *only* you that has this problem

ipullstuffapart

Member

Registered: 2014-11-22

Posts: 8

Re: [SOLVED] SSL Connection Refused on all web browsers

Probably because your "nightly" version has changed your profile (in ~/.mozilla/firefox/) in ways that are incompatible with the old-in-comparison *current* firefox.

That still wouldn't explain Firefox not working before Nightly was installed, nor why Chrome doesn't either

Try renaming ~/.mozilla, and running normal firefox without a corrupted profile.

Still no luck

novakjano

Member

Registered: 2013-11-22

Posts: 29

Re: [SOLVED] SSL Connection Refused on all web browsers

I have the same problem.. untrusted connection in all browsers, my time/date is correct. I am helpless..

EDIT: reinstalling "ca-certificates-mozilla" helped!

Last edited by novakjano (2014-12-09 13:25:04)

ipullstuffapart

Member

Registered: 2014-11-22

Posts: 8

Re: [SOLVED] SSL Connection Refused on all web browsers

EDIT: reinstalling "ca-certificates-mozilla" helped!

Genius. Solved.

Thanks so much!