[users] Announcing Gemini Discovery at gemini://discovery.geminiprotocol.com/

Omar Polo op at omarpolo.com
Tue Mar 16 10:30:14 GMT 2021


Stephane Bortzmeyer <stephane at sources.org> writes:

> On Tue, Mar 16, 2021 at 11:07:35AM +0100,
>  Omar Polo <op at omarpolo.com> wrote 
>  a message of 17 lines which said:
>
>> I'm not able to load the page on any clients (porcelain, lagrange,
>> tinmop & my secret little project) on OpenBSD.  All of them complains
>> about a failure during the handshake :/
>
> No problem with Lagrange or Amfora here. gnutls-cli shows no TLS
> issue:
>
>  % gnutls-cli --insecure -p 1965 discovery.geminiprotocol.com
> Processed 0 CA certificate(s).
> Resolving 'discovery.geminiprotocol.com:1965'...
> Connecting to '95.217.134.139:1965'...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
>  - subject `EMAIL=admin at geminiprotocol.com,CN=discovery.geminiprotocol.com,C=se', issuer `EMAIL=admin at geminiprotocol.com,CN=discovery.geminiprotocol.com,C=se', serial 0x4c149bab68907b80691f37bbfae5c30ef6a6ae6d, EdDSA (Ed25519) key 256 bits, signed using EdDSA-Ed25519, activated `2021-03-14 18:03:31 UTC', expires `2040-12-31 18:03:31 UTC', pin-sha256="wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc="

not a tls experts, but I think my issues are caused by the ed25519 key.
I recall reading something that libressl don't support those keys yet
(please correct me if I'm wrong)

; nc -c -Tnoverify discovery.geminiprotocol.com 1965
nc: tls handshake failed (handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure)


> 	Public Key ID:
> 		sha1:a105e4d487cbef2db156c4cb5413e27382b2b1fd
> 		sha256:c0f5e3aa390e706c8be1c63b446cb872d30b0d97f17d35f180790a418f40f9b7
> 	Public Key PIN:
> 		pin-sha256:wPXjqjkOcGyL4cY7RGy4ctMLDZfxfTXxgHkKQY9A+bc=
>
> - Status: The certificate is NOT trusted. The certificate issuer is unknown. 
> *** PKI verification of server certificate failed...
> - Successfully sent 0 certificate(s) to server.
> - Description: (TLS1.2-X.509)-(ECDHE-X25519)-(EdDSA-Ed25519)-(AES-256-GCM)
> - Session ID: F8:63:9A:89:C8:0B:8A:C7:58:15:8F:74:23:00:95:A5:67:D8:F8:FE:5F:40:FD:4F:8A:4B:AE:31:44:31:23:D6
> - Options: extended master secret, safe renegotiation,
> - Handshake was completed



More information about the Gemini mailing list