Deluge Forum

When I enable HTTPS for the web UI it fails to load correctly under firefox.

The problem seems to be that ext-all.js doesn't finish getting served by deluge-web (or possibly that firefox doesn't receive it all), all I get is the attached.

I've "resolved" the issue by rebuilding deluge-web to explicitly use TLSv1 as it seems to break with both v1.1 and v1.2

The deluge environment is:
OS: antergos (arch) x86_64 rolling
deluge: 1.3.11
openssl: 1.0.2c
pyopenssl: 0.15.1-1
twisted: 15.2.1-1
libtorrent-rasterbar: 1:1.0.5-1

I've tested it with Firefox Developer x86_64 40.0a2 under Windows 7 64-bit and on the above mentioned antergos install as well as Firefox (32-bit) 38.0.5 under Windows 7 64-bit, all three failed in the same way.

It works with Opera 30.0.1835.59, Internet Explorer 11.0.9600.17801 and Chrome 43.0.2357.124 m under Windows 7 64-bit. It also works on Firefox for Android 38.0.5.

I had been thinking this was probably a firefox issue, but I discovered that they work fine with the web-ui being served by my windows install of deluge 1.3.11 which is using TLSv1.2.

Any ideas what might be causing the problem?

Let me know if there's any more information that might be helpful.

I've the same issue. You'll probably find Chrome on Android won't load the page also.
Even requesting ext-all.js directly in Firfox, it won't finish loading.

Doing some further digging. It's looks like some bug between Python2/TwistedWeb and firefox.
The 4.2.2 ext-all.js won't work with deluge, but it won't fix the issue either.
I'm placing the file /usr/lib/python2.7/site-packages/deluge/ui/web/js and serving it from there.

It exhibits the same behaviour, the download stalls mid way through.
I can provide URL's via pm if anyone is interested.
I'll dig further but just adding notes for now.

You will need to provide more info that 'doesn't work' and I cannot replicate this issue. If it is working on Windows then it suggests an out of date package such as Openssl or twisted is it at issue.

I missed you update here.
To be fair, the issue is stated, but I do think it's Firefox at fault.
The issue happens when you use a self signed cert. I've tested by putting the traffic through a host with a properly signed cert and it works.
I can pm you two test addresses if you like?

Edit: I'll try and follow this up from the firefox point of view. I don't believe it's an issue with Deluge.
Edit2: I beleive twistedWeb and firefox are the culrpits here. Testing with apache, self signed or properly signed, it can server ext-all.js without issue.

Apparently I missed several updates.

Anyway, I recently updated to v 1.3.12 and noticed that the problem was still occurring which brought me back here.

It's been quite a while since I looked at this but, my recollection of the problem was that the web-ui server was using some old/weird stuff to initialise twisted which meant it wasn't getting a full list of available safe cipher suites. I believe the problem was caused by the "safe" cipher suites provided by the latest version of openssl not overlapping particularly well with those being allowed by the implementation of twisted in place in deluge and those that firefox would allow.

I removed the ServerContextFactory class (which was what I saw causing the problem) and re-wrote start_ssl() to set the certificate options itself and let twisted handle everything else like deciding which cipher suites were OK to use. This added a whole bunch of additional cipher suites available for negotiation.

With the current configuration the cipher that is negotiated is TLS_RSA_WITH_AES_128_CBC_SHA which probably shouldn't be used even if it did work, with my update it negotiates TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

At the time I had planned on submitting a patch to the git repository but I wasn't able to get the develop branch to run even before I implemented my changes so I just left it as there didn't seem to be any active development at the time.

I just tried installing the latest version of the develop branch and it's still not running properly on my machine so I'm just going to post my patched version of the server.py from v1.3.12 hopefully somebody might be able to make use of this. Note, I'm not a python dev so this could probably be done in a nicer way.

Based on your code this is what I think should be the correct fix: https://github.com/cas--/Deluge/commit/ ... ff=unified

The method and options need to be set otherwise it will be fixed to TLSv1. Can you test it just to verify it still works with your setup.

Yup, that's works for me!

Thanks, I've pushed the change to 1.3 and develop, I created a ticket just in case needs revisiting in the future: http://dev.deluge-torrent.org/ticket/2782

Thanks Cas,

I can confirm that your version is working correctly for me.

Just a thought: This ticket seems to suggest that twisted now defaults to the correct SSL/TLS versions (which seems to be confirmed as I get the same results from cipherscan for your version as for mine). It might be worth revisiting the minimum twisted version requirement at some point (perhaps for Deluge v2?) and removing the explicit mode and option definitions to reduce maintenance overhead.

Thanks again, really appreciate the work you're doing here.