Unable to backup to custom s3 endpoint due to https certificate error

jaep · March 27, 2020, 3:06pm

Hello,

I just configured Discourse with a custom s3 endpoint (scality). Unfortunately, the backup fails because of an ssl error:

****************************** DRY RUN ******************************
Migrating uploads to S3 for 'default'...
Uploading files to S3...
 - Listing local files
.............. => 14025 files
 - Listing S3 files
rake aborted!
Seahorse::Client::NetworkingError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)

Surprisingly, when I connect to the endpoint with a browser, the ssl certificate appears to be valid.

Would you have a recommendation?

Thanks in advance

codinghorror · March 29, 2020, 1:46am

Use a https checker website on that URL.

jaep · March 30, 2020, 7:37am

We just tested the SSL certificate of our s3 and nothing really stands out.
Is there any way to increase the verbosity level of the client library?

 Testing protocols via sockets except NPN+ALPN
 SSLv2 not offered (OK)
 SSLv3 not offered (OK)
 TLS 1 offered
 TLS 1.1 offered
 TLS 1.2 offered (OK)
 TLS 1.3 not offered
 NPN/SPDY http/1.1 (advertised)
 ALPN/HTTP2 http/1.1 (offered)
 Testing cipher categories
 NULL ciphers (no encryption) not offered (OK)
 Anonymous NULL Ciphers (no authentication) not offered (OK)
 Export ciphers (w/o ADH+NULL) not offered (OK)
 LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK)
 Triple DES Ciphers / IDEA not offered (OK)
 Average: SEED + 128+256 Bit CBC ciphers offered
 Strong encryption (AEAD ciphers) offered (OK)
 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
 PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384
 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
 ECDHE-RSA-CHACHA20-POLY1305
 ECDHE-RSA-CAMELLIA256-SHA384
 ECDHE-ARIA256-GCM-SHA384
 ECDHE-RSA-AES128-GCM-SHA256
 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
 ECDHE-RSA-CAMELLIA128-SHA256
 ECDHE-ARIA128-GCM-SHA256
 Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448
 Testing server preferences
 Has server cipher order? nope (NOT ok)
 Negotiated protocol TLSv1.2
 Negotiated cipher AES128-GCM-SHA256 -- inconclusive test, matching cipher in list missing, better see below
 Negotiated cipher per proto (matching cipher in list missing)
 ECDHE-RSA-AES256-SHA: TLSv1, TLSv1.1
 ECDHE-RSA-AES256-GCM-SHA384: TLSv1.2
 No further cipher order check has been done as order is determined by the client
 Testing server defaults (Server Hello)
 TLS extensions (standard) "renegotiation info/#65281"
 "EC point formats/#11" "session ticket/#35"
 "next protocol/#13172" "max fragment length/#1"
 "application layer protocol negotiation/#16"
 "encrypt-then-mac/#22"
 "extended master secret/#23"
 Session Ticket RFC 5077 hint 300 seconds, session tickets keys seems to be rotated < daily
 SSL Session ID support yes
 Session Resumption Tickets no, ID: no
 TLS clock skew Random values, no fingerprinting possible
 Signature Algorithm SHA256 with RSA
 Server key size RSA 2048 bits
 Server key usage Digital Signature, Key Encipherment
 Server extended key usage TLS Web Client Authentication, TLS Web Server Authentication
 Serial / Fingerprints 115C7B3E0D604C7C48C6B1EC968C21955BB78242 / SHA1 39699B464489253565A2CFE7E037E497B3CB3380
 SHA256 87C308F50059D200EFAE86DCBA32BC3F3EB2154D397F3606BACCABE27F6A7594
 Common Name (CN) *.epfl.ch
 subjectAltName (SAN) *.epfl.ch epfl.ch
 Issuer QuoVadis Global SSL ICA G3 (QuoVadis Limited from BM)
 Trust (hostname) Ok via SAN wildcard and CN wildcard (same w/o SNI)
 Chain of trust Ok
 EV cert (experimental) no
 "eTLS" (visibility info) not present
 Certificate Validity (UTC) 656 >= 60 days (2020-01-15 09:03 --> 2022-01-15 09:13)
 # of certificates provided 2
 Certificate Revocation List http://crl.quovadisglobal.com/qvsslg3.crl, not revoked
 OCSP URI http://ocsp.quovadisglobal.com, not revoked
 OCSP stapling not offered
 OCSP must staple extension --
 DNS CAA RR (experimental) not offered
 Certificate Transparency yes (certificate extension)
 Testing HTTP header response @ "/"
 HTTP Status Code 403 Forbidden
 HTTP clock skew +3 sec from localtime
 Strict Transport Security not offered
 Public Key Pinning --
 Server banner nginx
 Application banner --
 Cookie(s) (none issued at "/") -- maybe better try target URL of 30x
 Security headers --
 Reverse Proxy banner --
/
 Testing vulnerabilities
 Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224) not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)
 ROBOT not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
 Secure Client-Initiated Renegotiation not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
 BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
 FREAK (CVE-2015-0204) not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
 make sure you don't use this certificate elsewhere with SSLv2 enabled services
 https://censys.io/ipv4?q=87C308F50059D200EFAE86DCBA32BC3F3EB2154D397F3606BACCABE27F6A7594 could help you to find out
 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA
 AES256-SHA CAMELLIA256-SHA
 ECDHE-RSA-AES128-SHA
 AES128-SHA CAMELLIA128-SHA
 VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
 RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
 Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc028 ECDHE-RSA-AES256-SHA384 ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 xc014 ECDHE-RSA-AES256-SHA ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH 253 Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
 x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
 xc0a1 AES256-CCM8 RSA AESCCM8 256 TLS_RSA_WITH_AES_256_CCM_8
 xc09d AES256-CCM RSA AESCCM 256 TLS_RSA_WITH_AES_256_CCM
 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
 xc0 CAMELLIA256-SHA256 RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
 x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
 xc051 ARIA256-GCM-SHA384 RSA ARIAGCM 256 TLS_RSA_WITH_ARIA_256_GCM_SHA384
 xc061 ECDHE-ARIA256-GCM-SHA384 ECDH 253 ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 xc027 ECDHE-RSA-AES128-SHA256 ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 xc013 ECDHE-RSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 xc0a0 AES128-CCM8 RSA AESCCM8 128 TLS_RSA_WITH_AES_128_CCM_8
 xc09c AES128-CCM RSA AESCCM 128 TLS_RSA_WITH_AES_128_CCM
 xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH 253 Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
 x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
 xba CAMELLIA128-SHA256 RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
 x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 xc050 ARIA128-GCM-SHA256 RSA ARIAGCM 128 TLS_RSA_WITH_ARIA_128_GCM_SHA256
 xc060 ECDHE-ARIA128-GCM-SHA256 ECDH 253 ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
 Running client simulations (HTTP) via sockets
 Android 4.2.2 TLSv1.0 ECDHE-RSA-AES256-SHA, 521 bit ECDH (P-521)
 Android 4.4.2 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 521 bit ECDH (P-521)
 Android 5.0.0 TLSv1.2 ECDHE-RSA-AES256-SHA, 521 bit ECDH (P-521)
 Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 7.0 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Chrome 65 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 70 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Firefox 59 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Firefox 62 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 IE 6 XP No connection
 IE 7 Vista TLSv1.0 AES128-SHA, No FS
 IE 8 Win 7 TLSv1.0 AES128-SHA, No FS
 IE 8 XP No connection
 IE 11 Win 7 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 8.1 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1 TLSv1.2 AES128-SHA256, No FS
 IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win Phone 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Opera 17 Win 7 TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Tor 17.0.9 Win 7 TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Java 6u45 TLSv1.0 AES128-SHA, No FS
 Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
 Java 8u161 TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Java 9.0.4 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.1l TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 521 bit ECDH (P-521)
 OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)

Stephen · March 30, 2020, 7:40am

What’s the FQDN of the endpoint that you’re trying to use? Is it a subdomain of epfl.ch?

jaep · March 30, 2020, 7:41am

Absolutely: s3.epfl.ch

binarymason · July 29, 2020, 2:12pm

Hi everyone.

I am running into this issue as well with a self managed MinIO instance.

Would you be willing to support something like s3_verify_ssl boolean option for s3 connections?

Thanks!

Falco · July 29, 2020, 6:54pm

I’d really recommend using a valid SSL certificate for all your needs. MinIO should work fine behind a reverse proxy using a Let’s Encrypt certificate.

arrowcircle · July 30, 2020, 9:16am

I have the same issue. Tried to setup backups to my minio. Got the same error.

Endpoint looks like s3.k8s.domain.com. domain.com and s3.k8s.domain.com does have valid certificates issued by LE. k8s.domain.com does not have certificate.

How to solve this problem?

Topic		Replies	Views
Backup is failing due to bad HTTPS support unsupported-install	20	1561	May 1, 2019
SSL_connect returned=1 errno=0 peeraddr=162.243.189.2:443 state=error: certificate verify failed (Hostname mismatch) installation s3	19	2248	January 9, 2024
SSL/TLS errors on very old browsers connecting to Discourse support	18	3837	October 9, 2019
Problem with my SSL certificate installation	16	10939	February 21, 2019
Intended path to migrate S3 to local installation upload , s3	5	603	May 13, 2023

Unable to backup to custom s3 endpoint due to https certificate error

Related Topics