Hacker News new | ask | show | jobs
by floatingatoll 2175 days ago
I would say with near certainty that your issues stem from your OS/browser, or if you have any security apps installed, those could be at fault too (since they sometimes run network interception). You might test a browser that ships its own SSL stack (I believe Firefox Android does, though I’m not 100% certain) and see if it Just Works in that, but at the end of the day, I’d simply recommend backing up your data and settings, factory resetting the device and updating it to latest, and then restoring your data and settings — there’s far too many things that can go wrong, especially in rooted scenarios, and I don’t have the ability to triage and repair beyond highlighting the three possible vectors you could tackle exploring yourself.
1 comments
_8j50 2175 days ago
Not rooted,no security software, tried different browsers and I am using FF android on that screenshot.

Perhaps the stingrays are acting up this morning ;)

link
floatingatoll 2175 days ago
I wish I knew how to diagnose SSL issues in Firefox Android in order to learn more about why you’re experiencing issues here. If you’re on cellular, try WiFi? Does it affect any other phones in your house? Etc.
link
tialaramex 2175 days ago
The really labour intensive thing you could do goes like this:

1. Get a nice shiny modern Wireshark

2. Tell Firefox you want it to keep records of the session secrets that secure TLS. Set environment variable SSLKEYLOGFILE=/some/path/to/log/secret.keys

3. Packet capture the session you're interested in

4. Give Wireshark the packet capture (if not captured inside Wireshark itself) and the secret.keys

5. Now Wireshark can show the TLS session and you can see what went wrong in detail. So long as you didn't actually do anything secret you can give all these pieces to somebody else to look at.

6. Otherwise, after your investigation destroy the secret.keys and optionally the packet capture itself.

I've used this level of effort to show a customer that, contrary to what they believed they were not presenting the nice client certificate I'd issued them when connecting. It turned out to be a config difference between their staging and production systems or something. But they were absolutely insistent their software was being turned away despite using a client cert (we used mutual TLS) so it took posting a Wireshark capture proving otherwise to get them to actually investigate.

link