TLS 1.3 capsule giving a Server Error: Handshake failed #46
Description
In Buran 1.12, I'm getting the following error when trying to access a capsule:
Error
Bad response: Server Error:
Handshake failed
The URL is gemini://gemini.locrian.zone/gemlog/darkmode.gmi, but I get the same error for any page on that Capsule.
This capsule works fine in other clients like Lagrange. I assume there is a problem with the TLS library/support that Buran has. I used openssl s_client -connect gemini.locrian.zone:1965 to see more about the TLS handshake:
CONNECTED(00000005)
depth=0 CN = gemini.locrian.zone
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN = gemini.locrian.zone
verify return:1
---
Certificate chain
0 s:CN = gemini.locrian.zone
i:CN = gemini.locrian.zone
a:PKEY: ED25519, 256 (bit); sigalg: ED25519
v:NotBefore: Dec 4 20:35:43 2022 GMT; NotAfter: Dec 4 20:35:43 2023 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBUDCCAQKgAwIBAgIRAOOnMbTyI5ypHG2Mj3TUzG0wBQYDK2VwMB4xHDAaBgNV
BAMTE2dlbWluaS5sb2NyaWFuLnpvbmUwHhcNMjIxMjA0MjAzNTQzWhcNMjMxMjA0
MjAzNTQzWjAeMRwwGgYDVQQDExNnZW1pbmkubG9jcmlhbi56b25lMCowBQYDK2Vw
AyEA8iJz0LjhdK9mJZpkYTNVDoCvavccx3JBKMskAsDVAXSjVTBTMA4GA1UdDwEB
/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB4GA1Ud
EQQXMBWCE2dlbWluaS5sb2NyaWFuLnpvbmUwBQYDK2VwA0EArEy6sqzS9X2sKJXo
iFNXBgal9RLXt08YjiuHYsQPVzGEE27cNMHiOiF0cIA1XvQAPh2zTxVVMQPM6E7V
fVCSDw==
-----END CERTIFICATE-----
subject=CN = gemini.locrian.zone
issuer=CN = gemini.locrian.zone
---
No client certificate CA names sent
Peer signature type: Ed25519
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 688 bytes and written 385 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 25AC10AD9A84E9D3F61487E5956538DFBDA2D20E1DA8C773F19D5E89B85A9EDF
Session-ID-ctx:
Resumption PSK: 3D2C4C61E98086285EE763ED1F657C9F63D740867729AE385576BB04792A489A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 604800 (seconds)
TLS session ticket:
0000 - bf 5f 20 94 99 3a 0a a8-03 a0 fa d2 21 f1 ef 64 ._ ..:......!..d
0010 - da 41 af fe 12 54 45 ed-16 1f 98 0c d1 c8 97 77 .A...TE........w
0020 - 52 b8 07 ad a4 93 0f f9-07 b3 dd 3f ca 98 1a 28 R..........?...(
0030 - e2 65 fc 67 bf f1 31 7d-07 cb 00 3a c4 09 fe 43 .e.g..1}...:...C
0040 - e6 d6 16 a9 f2 f7 2b d6-c6 e0 90 50 64 37 6e cb ......+....Pd7n.
0050 - 34 16 48 e9 7a c0 ea 92-67 55 53 a8 ea 54 bc dd 4.H.z...gUS..T..
0060 - 94 6b 83 55 e1 2b 6e 5b-13 f2 40 67 68 c8 e8 5d .k.U.+n[..@gh..]
0070 - fd .
Start Time: 1692703689
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK