I cant connect some websites on arch.(error connection reset)(error SSL or chiper dont support)
from Wayad@lemmy.ml to linux@lemmy.ml on 03 Oct 12:39
https://lemmy.ml/post/37023198

Hi. as I told, I cant connect some spesific websites on arch linux. I using hotspot wifi on my laptop but it didnt worked.

I tried changing mac adress, changed resolv.conf (then undo it.) I tried delete evert ssl and redownload it, downgrade mtu but none of them worked.

Also idk why but there’s always a yellow sign next to the wifi symbol

any solutions? thanks.

Edit: Okay I solve the problem by checking curls logs however my wifi was a public wifi and I still cant connect it.

I can open captive portal but when I try to connect it connection resets by portal.

I’ve tried connect with tls 1.1 1.0 ( Bc curls log saya so) But none of them worked.

I think this is the one of linuxs dark hole

#linux

threaded - newest

Telorand@reddthat.com on 03 Oct 12:58 next collapse

Are you using a VPN? Does your country have geoblocking?

Wayad@lemmy.ml on 03 Oct 15:35 collapse

no Im not. I dont think there’s a geoblocküng cus I can do anything 1 months ago

colournoun@beehaw.org on 03 Oct 15:02 next collapse

It sounds like the SSL/TLS version or allowed cipher list are configured for higher security on your machine or browser and the sites that are failing are using a lower security config. I’m not sure where that config is on Arch. Try a different browser. Also try fetching the sites with curl just to see if that works. Curl’s verbose mode will also tell you what ciphers it tried.

curl -v https://example.com/

Wayad@lemmy.ml on 03 Oct 16:03 collapse

just checked. certificate is /etc/ssl/certs/ca-certificates.crt

updating this should be solve the problem but I kinda feel it wont.

Mordikan@kbin.earth on 03 Oct 15:03 collapse

Turkish DNS is really an interesting thing. Awhile back, the govt hijacked Google's DNS service via bogus BGP routes so they could block/censor traffic. They then also started directing DNS queries away from the EU and pushing those to APAC.

Not sure what the sites are or what they resolve to on your end, but you might try using openssl to see if its a bad cipher or outdated cert maybe: openssl s_client -connect domain.com:443 -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_3

Wayad@lemmy.ml on 03 Oct 16:06 collapse

I’m trying to usea public internet which has a captive portal for log in. I’m logging in, writing my information than click on connect and boom. Certificate error.

But at least I’ve learned which certificate made this error in next comment. its /etc/ssl/certs/ca/certificates.crt