I did a new Whonix install today using Whonix 13 ova files and could not download the Tor Browser (SSL fail). On both the Gateway and the Workstation, I use proposed-updates.
After a few tries, including updating and rebooting both the Workstation and the Gateway, I downloaded and installed the Tor Browser manually by following the official instructions
I was just wondering whether it was a temporary bug I experienced or is it a problem other users have been facing lately?
0brand
February 27, 2018, 12:09am
2
Hi onion_knight
I can’t say for sure that other users had the same problem (can’t remember exactly) I can say over the last couple months I’ve replied to forums members that had similar issues after Whonix install.
1 Like
Thanks, I’ll read your answers then.
0brand
February 28, 2018, 12:32am
4
9jnc7
March 1, 2018, 12:31am
5
I experienced the same error earlier today. The popup mentioned curl was at fault.
This error is related to the recent change of torproject.org ’s certificate.
It used to be TLS 1.2, but now it is only TLS 1.0.
As the certificate reports, it was changed on 02/25/2018.
Whonix Tor Browser Downloader uses scurl.
scurl is a wrapper around curl which works only with a secure HTTPS connection with TLS 1.2.
If any less secure connection is attempted, it fails.
Tor Project did not approve my comment asking about the certificate change, but they did approve other comments, which is highly suspicious.
I would advise users to be highly cautious. I believe Tor Project may be compromised.
0brand
March 5, 2018, 12:01am
7
Hi Anonymous3
Anonymous3:
Tor Project did not approve my comment asking about the certificate change, but they did approve other comments, which is highly suspicious.
I would advise users to be highly cautious. I believe Tor Project may be compromised.
Any substantial reason proof other than Tor Project not approving your comment?
Failing:
curl --tlsv1.2 https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions
curl: (35) error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
Working, but low TLS version:
curl --tlsv1.0 https://www.torproject.org/projects/torbrowser/RecommendedTBBVersion
Could someone please create a ticket on trac.torproject.org ?
Whonix Tor Browser Downloader uses scurl.
Secure Command Line / Scurl
scurl is a wrapper around curl which works only with a secure HTTPS connection with TLS 1.2.
Not exactly. It uses the same. --tlsv1.2 though.
1 Like
0brand
March 5, 2018, 10:43pm
9
2 Likes
This shouldn’t be specific to Whonix at all?
0brand
March 5, 2018, 10:58pm
11
No its not Whonix specific. I usually add the platform I’m using. Did it come across as being Whonix specific? I will edit it.
1 Like
It’s best to not mention Whonix and to reproduce on Debian.Otherwise issues are easily dismissed as “Whonix messed that up - not our bug - closed”.
1 Like
torproject.org tlsv1.0 downgrade regressino breaks tb-updater breaks building Whonix
https://phabricator.whonix.org/T777
0brand
March 18, 2018, 10:16am
14
Hi Patrick
Just created a test sys-whonix and was able to install Tor Browser without issue.
I believe this is the correct ticket?
https://trac.torproject.org/projects/tor/ticket/25354
2 Likes