hackney adapter helper & reverse proxy client: enable TLSv1.3
The list of TLS versions was added by8bd2b6eb13when hackney version was pinned to 1.15.2. Later hackney version was upgraded (166455c884) but the list of TLS versions wasn't removed. From the hackney point of view, this list has been replaced by the OTP defaults since 0.16.0 (734694ea4e24f267864c459a2f050e943adc6694). It looks like the same issue already occurred before:0cb7b0ea84. A way to test this issue (where example.com is an ActivityPub site which uses TLSv1.3 only): $ PLEROMA_CONFIG_PATH=/path/to/config.exs pleroma start_iex Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe] Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe] Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help) iex(pleroma@127.0.0.1)2> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/") {:error, {:tls_alert, {:protocol_version, 'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}} With this patch, the output is the expected one: iex(pleroma@127.0.0.1)3> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/") {:error, {:ok, %{ "@context" => [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1", %{ "Emoji" => "toot:Emoji", "Hashtag" => "as:Hashtag", "atomUri" => "ostatus:atomUri", "conversation" => "ostatus:conversation", "featured" => "toot:featured", "focalPoint" => %{"@container" => "@list", "@id" => "toot:focalPoint"}, "inReplyToAtomUri" => "ostatus:inReplyToAtomUri", "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers", "movedTo" => "as:movedTo", "ostatus" => "http://ostatus.org#", "sensitive" => "as:sensitive", "toot" => "http://joinmastodon.org/ns#" } ], "endpoints" => %{"sharedInbox" => "https://example.com/inbox"}, "followers" => "https://example.com/@/Nick/followers", "following" => nil, "icon" => %{ "type" => "Image", "url" => "https://example.com/static/media/[...].png" }, "id" => "https://example.com/@/Nick/", "inbox" => "https://example.com/@/Nick/inbox", "liked" => nil, "name" => "Nick", "outbox" => "https://example.com/@/Nick/outbox", "preferredUsername" => "Nick", "publicKey" => %{ "id" => "https://example.com/@/Nick/#main-key", "owner" => "https://example.com/@/Nick/", "publicKeyPem" => "[...] }, "summary" => "", "type" => "Person", "url" => "https://example.com/@/Nick/" }} A way to test the reverse proxy bits of this issue (where example.com allows TLSv1.3 only): iex(pleroma@127.0.0.1)1> Pleroma.ReverseProxy.Client.Hackney.request("GET", "https://example.com", [], []) {:error, {:tls_alert, {:protocol_version, 'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}
![https://example.com/static/media/[...].png](https://example.com/static/media/[...].png){kind=link}
This commit is contained in:
Pierre-Louis Bonicoli
parent
7466136ad3
commit
a158774364
|
|
@ -24,10 +24,6 @@ def options(connection_opts \\ [], %URI{} = uri) do
|
|||
|> Pleroma.HTTP.AdapterHelper.maybe_add_proxy(proxy)
|
||||
end
|
||||
|
||||
defp add_scheme_opts(opts, %URI{scheme: "https"}) do
|
||||
Keyword.put(opts, :ssl_options, versions: [:"tlsv1.2", :"tlsv1.1", :tlsv1])
|
||||
end
|
||||
|
||||
defp add_scheme_opts(opts, _), do: opts
|
||||
|
||||
defp maybe_add_with_body(opts) do
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ defmodule Pleroma.ReverseProxy.Client.Hackney do
|
|||
|
||||
@impl true
|
||||
def request(method, url, headers, body, opts \\ []) do
|
||||
opts = Keyword.put(opts, :ssl_options, versions: [:"tlsv1.2", :"tlsv1.1", :tlsv1])
|
||||
:hackney.request(method, url, headers, body, opts)
|
||||
end
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue