Failure to download Tor Browser (SSL fail)

I did a new Whonix install today using Whonix 13 ova files and could not download the Tor Browser (SSL fail). On both the Gateway and the Workstation, I use proposed-updates.

After a few tries, including updating and rebooting both the Workstation and the Gateway, I downloaded and installed the Tor Browser manually by following the official instructions

I was just wondering whether it was a temporary bug I experienced or is it a problem other users have been facing lately?

Hi onion_knight

I can’t say for sure that other users had the same problem (can’t remember exactly) I can say over the last couple months I’ve replied to forums members that had similar issues after Whonix install.

1 Like

Thanks, I’ll read your answers then.

Hi onion_knight

https://forums.whonix.org/t/solved-update-torbrowser-ordinary-failed-to-extract

Not much information. I know there was a few more prior to this that may be more helpful.


Another user is having the same issue

https://forums.whonix.org/t/qubes-4-0-rc4-error-in-tor-browser-downloader/4905

I experienced the same error earlier today. The popup mentioned curl was at fault.

This error is related to the recent change of torproject.org’s certificate.

It used to be TLS 1.2, but now it is only TLS 1.0.

As the certificate reports, it was changed on 02/25/2018.

Whonix Tor Browser Downloader uses scurl.

scurl is a wrapper around curl which works only with a secure HTTPS connection with TLS 1.2.

If any less secure connection is attempted, it fails.

Tor Project did not approve my comment asking about the certificate change, but they did approve other comments, which is highly suspicious.

I would advise users to be highly cautious. I believe Tor Project may be compromised.

Hi Anonymous3

Any substantial reason proof other than Tor Project not approving your comment?

Failing:

curl --tlsv1.2 https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions

curl: (35) error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol

Working, but low TLS version:

curl --tlsv1.0 https://www.torproject.org/projects/torbrowser/RecommendedTBBVersion

Could someone please create a ticket on trac.torproject.org?

Whonix Tor Browser Downloader uses scurl.

Secure Command Line / Scurl

scurl is a wrapper around curl which works only with a secure HTTPS connection with TLS 1.2.

Not exactly. It uses the same. --tlsv1.2 though.

1 Like

Done!

https://trac.torproject.org/projects/tor/ticket/25426#ticket

2 Likes

This shouldn’t be specific to Whonix at all?

No its not Whonix specific. I usually add the platform I’m using. Did it come across as being Whonix specific? I will edit it.

1 Like

It’s best to not mention Whonix and to reproduce on Debian.Otherwise issues are easily dismissed as “Whonix messed that up - not our bug - closed”.

1 Like

torproject.org tlsv1.0 downgrade regressino breaks tb-updater breaks building Whonix
https://phabricator.whonix.org/T777

Hi Patrick

Just created a test sys-whonix and was able to install Tor Browser without issue.

I believe this is the correct ticket?

https://trac.torproject.org/projects/tor/ticket/25354

2 Likes