I did a new Whonix install today using Whonix 13 ova files and could not download the Tor Browser (SSL fail). On both the Gateway and the Workstation, I use proposed-updates.
After a few tries, including updating and rebooting both the Workstation and the Gateway, I downloaded and installed the Tor Browser manually by following the official instructions
I was just wondering whether it was a temporary bug I experienced or is it a problem other users have been facing lately?
Hi onion_knight
I can’t say for sure that other users had the same problem (can’t remember exactly) I can say over the last couple months I’ve replied to forums members that had similar issues after Whonix install.
Hi onion_knight
https://forums.whonix.org/t/solved-update-torbrowser-ordinary-failed-to-extract
Not much information. I know there was a few more prior to this that may be more helpful.
Another user is having the same issue
https://forums.whonix.org/t/qubes-4-0-rc4-error-in-tor-browser-downloader/4905
This error is related to the recent change of torproject.org’s certificate.
It used to be TLS 1.2, but now it is only TLS 1.0.
As the certificate reports, it was changed on 02/25/2018.
Whonix Tor Browser Downloader uses scurl.
scurl is a wrapper around curl which works only with a secure HTTPS connection with TLS 1.2.
If any less secure connection is attempted, it fails.
Tor Project did not approve my comment asking about the certificate change, but they did approve other comments, which is highly suspicious.
I would advise users to be highly cautious. I believe Tor Project may be compromised.
Hi Anonymous3
Any substantial reason proof other than Tor Project not approving your comment?
Failing:
curl --tlsv1.2 https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions
curl: (35) error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
Working, but low TLS version:
curl --tlsv1.0 https://www.torproject.org/projects/torbrowser/RecommendedTBBVersion
Could someone please create a ticket on trac.torproject.org?
Whonix Tor Browser Downloader uses scurl.
https://www.whonix.org/wiki/Secure_Downloads
scurl is a wrapper around curl which works only with a secure HTTPS connection with TLS 1.2.
Not exactly. It uses the same. --tlsv1.2 though.
No its not Whonix specific. I usually add the platform I’m using. Did it come across as being Whonix specific? I will edit it.
It’s best to not mention Whonix and to reproduce on Debian.Otherwise issues are easily dismissed as “Whonix messed that up - not our bug - closed”.
torproject.org tlsv1.0 downgrade regressino breaks tb-updater breaks building Whonix
https://phabricator.whonix.org/T777
Hi Patrick
Just created a test sys-whonix and was able to install Tor Browser without issue.
I believe this is the correct ticket?