deluge-web SSL w/ Comodo certificates

[starkruzr]

Hi folks,

I'm trying to secure deluge-web with a cert I got from Comodo. They give you *three* intermediates -- so I tried cat-ing them together with the domain cert, and set the private key I generated to create the CSR. What I get is this:

I see the following error in browser:

Code: Select all

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Anyone know how I can set this up correctly?

[Cas]

Read Me Before Posting!! [Tips & FAQ]

[starkruzr]

Hi,

I don't think reading that would have made much of a difference, tbh. There is nothing in the FAQ about securing deluge-web with third-party certificates. Forum search doesn't turn up anything about third-party certificates. Trac's search feature is terrible, so I can't tell what to search for (though searching for "ssl deluge-web," which is about as general as I could get, doesn't return much that's even remotely relevant).

Apart from that, I am just getting started with Deluge 1.3.10 on Utopic Ubuntu, installed from packages.

My question is mostly about how intermediate certificates are configured on deluge-web. Is this a version-specific or configuration file-specific question?

[Cas]

The crux of my post is that you did not provide enough information in the first instance, also under support request on that page are two guides on reporting bugs more efficiently which are basically required reading so that your issue gets resolved faster and I don't have to write a long reply explaining why I asked you to read the read me.

In conclusion you need to provide information such as:

• What browser and have you tested others?
• Have you tested with a self-signed cert?
• Webui works fine without https enabled?
• Have you asked your cert provider about the error?
• Have you searched for the error and tried all suggested fixes?

[starkruzr]

These I can answer!

Chrome 39 on Windows and Mac, Safari on Mac. All experience the same issue.
I have tested with self-signed; works fine (with the exception of the warning you have to get past).
Works fine without https enabled; this is how I'm using it now.
I can't ask my cert provider about the error because I can't find what webserver it is that's embedded into deluge-web. I can't ask Namecheap (the reseller I bought the Comodo cert from) why my certs don't work with deluge-web; they have no idea what the underlying technology is.
I searched for the error, but there were no suggested fixes mostly because the error is so cryptic and limited.

Comodo's support site explains how the root and intermediate certs are cat'ed together with the domain cert for their UCC product (which is what I own), but when I did this, I got the error you saw. https://support.comodo.com/index.php?/D ... termediate

[Cas]

The webserver is provided by the Twisted framework.

The one thing to note is that SSLv3 is disabled now in Deluge >=1.3.10 which I wonder is a factor here, can test reverting that change by editing "deluge/ui/web/server.py":

Code: Select all

-        ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
+        ctx.set_options(SSL.OP_NO_SSLv2)

You would also have to re-enable SSLv3 in browser...

[Cas]

Just to follow up on earlier question you should be able to point deluge-web to your private key and the cat'd certs as it does process chained certs.

[starkruzr]

Just to follow up on earlier question you should be able to point deluge-web to your private key and the cat'd certs as it does process chained certs.

So, I can't think of any reason my cert/key would be SSLv3, especially since they work for a hundred other things using TLS like everything else (https://checkwithscience.com:88 for example) I just switched to the self-signed cert/key Deluge generates and it works fine; the browser errors are going to bug me, though. Is there any way I can turn up the debug level so that it logs what's going on?

[Cas]

As you are the only user facing this issue I feel that it is a problem with the way the certs are being created and/or used. There is nothing that the logs will provide to help here, it's a cert issue not a Deluge one, but you already have the clue in the error provided by your browser. If you really search google then you will find a lot of suggestions based around that error, failing that you need to ask someone with more knowledge of SSL certs and the ones you are using.

[starkruzr]

I'm the only user facing this issue because literally no one else on this forum uses 3rd-party certs to secure their web UI. That doesn't exactly support your argument that it's something wrong with my certs themselves

If I could turn up the logging to see what was going on (right now neither deluge core nor deluge-web appears to log anything at all, so anything would be better than this), I could see if it was a problem with the way the certs are configured. I think the error in the browser is a red herring; searching that error produces a lot of stuff that ends up coming back to the technology used to serve the pages -- there are numerous references to Tomcat, and actually one reference to the Twisted Python framework you guys have used to create the https server. That reference turned out to be a bug in Twisted that has since been resolved.