How to update ssl protocol?

I have good running thin client of Fujitsu running haiku. Every thing runs fine, but if i open webpositive i get the message that ssl dies not correct.

Can i update the ssl certificate?

What is your question exactly?
If you want to use sslv2 sslv3 tls1.0 or tls 1.1 you can’t, they are disabled. BsecureSocket supports tls 1.2 and 1.3 only afaik.

Do you want to install a custom CA root cert?
If so that is possible now, I think i am the only one who has done this, if you want to do that i will compile the info on how to do it again.

I can not use the internet browser without pushen many times the ssl message. Every side i visit, every loading part of a website. I need to update to a current one.

I think he meant he gets plenty SSL warning popups while he uses the web browser which he have to click away. This can be annoying.
Sadly we don’t know the Haiku version, we don’t know how he connecting to the net (maybe he is getting the errors because a captive portal), and basically no information at all, because thats guarantees useful answers.

Have you checked if your time and date is correct?


Ok, i will add this information this night.

Args newbe failure, yes thats it. In bios are 2013 :wink:

How do you install a custom ssl cert?

Hi coolcoder613,

I’ve not done this in a long time after making it possible.
The normal case would be:
copy your root cert to ~/config/non-packaged/data/ssl/certs
which is analogous to the RO /system/data/ssl/certs.

Keep in mind however that it isn’t without issues, for example i found out that the mail_daemon will reject self-signed certificates… but will not verified ones that aren’t self signed, giving the worst of both worlds. : )
This should definetely be fixed, for the web browser however i think this should work fine, aswell as any other applications that use BSecureSocket properly.

it doesn’t work for the browser, maybe I can try copy to /system/data/ssl/certs from a different os?

No. It’s probably because webkit currently used curl instead of our own libnetservices.

The directory you mention is read only, you can only add certs directly to it if you put them in a package.

maybe @PulkoMandy knows more.

So which other browser should I use?

it is a .crt file does that matter?

I don’t, as far as I know the default settings of Curl and OpenSSL (with Haiku adjustments) are used but I don’t know what they are.

Hey there,

I’ve remembered that you need to run some cryptic openssl command so the certs get picked up.

I think it was openssl rehash or similar