How to update ssl protocol?

lelldorin · May 11, 2021, 7:13am

I have good running thin client of Fujitsu running haiku. Every thing runs fine, but if i open webpositive i get the message that ssl dies not correct.

Can i update the ssl certificate?

nephele · May 11, 2021, 7:47am

What is your question exactly?
If you want to use sslv2 sslv3 tls1.0 or tls 1.1 you can’t, they are disabled. BsecureSocket supports tls 1.2 and 1.3 only afaik.

Do you want to install a custom CA root cert?
If so that is possible now, I think i am the only one who has done this, if you want to do that i will compile the info on how to do it again.

lelldorin · May 11, 2021, 8:24am

I can not use the internet browser without pushen many times the ssl message. Every side i visit, every loading part of a website. I need to update to a current one.

extrowerk · May 11, 2021, 9:28am

I think he meant he gets plenty SSL warning popups while he uses the web browser which he have to click away. This can be annoying.
Sadly we don’t know the Haiku version, we don’t know how he connecting to the net (maybe he is getting the errors because a captive portal), and basically no information at all, because thats guarantees useful answers.

Diver · May 11, 2021, 10:34am

Have you checked if your time and date is correct?

lelldorin · May 11, 2021, 11:10am

Ok, i will add this information this night.

lelldorin · May 11, 2021, 9:19pm

Args newbe failure, yes thats it. In bios are 2013

coolcoder613 · June 21, 2023, 4:56am

How do you install a custom ssl cert?

nephele · June 25, 2023, 10:27am

Hi coolcoder613,

I’ve not done this in a long time after making it possible.
The normal case would be:
copy your root cert to ~/config/non-packaged/data/ssl/certs
which is analogous to the RO /system/data/ssl/certs.

Keep in mind however that it isn’t without issues, for example i found out that the mail_daemon will reject self-signed certificates… but will not verified ones that aren’t self signed, giving the worst of both worlds. : )
This should definetely be fixed, for the web browser however i think this should work fine, aswell as any other applications that use BSecureSocket properly.

coolcoder613 · July 18, 2023, 4:16am

it doesn’t work for the browser, maybe I can try copy to /system/data/ssl/certs from a different os?

nephele · July 18, 2023, 4:23am

No. It’s probably because webkit currently used curl instead of our own libnetservices.

The directory you mention is read only, you can only add certs directly to it if you put them in a package.

maybe @PulkoMandy knows more.

coolcoder613 · July 18, 2023, 4:24am

So which other browser should I use?

coolcoder613 · July 18, 2023, 4:25am

it is a .crt file does that matter?

PulkoMandy · July 18, 2023, 7:02am

I don’t, as far as I know the default settings of Curl and OpenSSL (with Haiku adjustments) are used but I don’t know what they are.

nephele · July 18, 2023, 4:34pm

Hey there,

I’ve remembered that you need to run some cryptic openssl command so the certs get picked up.

I think it was openssl rehash or similar