Cloudflare TLS cipher support

If you run tt-rss on an officially unsupported platform (shared hosting, Windows, etc.) post here
desseb
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 13 Feb 2016, 06:49

Cloudflare TLS cipher support

Postby desseb » 13 Feb 2016, 07:00


User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Cloudflare TLS cipher support

Postby fox » 13 Feb 2016, 10:40

1. provide an example of such feed, not everyone is using redhat
2. i'm not going to change default curl settings because of one cloud whatever service, it's up to your distro or curl to fix this

desseb
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 13 Feb 2016, 06:49

Re: Cloudflare TLS cipher support

Postby desseb » 13 Feb 2016, 17:16

Yes, I realized that as I moved additional feeds, I ran into another problem with a feed hosted by feedly (https://xkcd.com/rss.xml) which required different tlsv2 ciphers.

Since each feed has different potential requirements I agree that it's best not to update tt-rss, since these options force curl to only use the list of ciphers.

The other feed is https://penny-arcade.com/feed.

Hopefully the fix comes soon from RH/Centos.

In case anyone else has this problem with feedly, I had to use the following cipher: rsa_aes_256_sha

Just comma separated in the above command, if you need to force more than one cipher.

darknite323
Bear Rating Trainee
Bear Rating Trainee
Posts: 40
Joined: 30 Oct 2013, 15:46

Re: Cloudflare TLS cipher support

Postby darknite323 » 13 Feb 2016, 19:13

Unless this is a bug in NSS in RH/Centos it looks like this might just be a webserver configuration issue.

NSS shouldn't be restricted to any specific SSL cyphers by default (afaik), if none are defined then is allows all, or at least the most common SSL cyphers.

Not something i've had to look at before, but have a hunt through your server configs, there may be a cypher set configured somewhere else that curl then adheres to. You adding the cypher to the config.php then overrides it for TTRSS.

There is more info here:

and here:
This one shows how to set it server side on Apache for mod_ssl, can't find documentation for mod_nss unfortunately.

I did find the config for openSUSE though:

Have a look for the NSSCipherSuite setting.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Cloudflare TLS cipher support

Postby fox » 13 Feb 2016, 19:38

checking with myfeedsucks the penny arcade feed works properly which should be enough to determine ops question really has nothing to do with tt-rss per se, let's not turn this into a "help op fix his linux" thing


Return to “Unsupported platforms”

Who is online

Users browsing this forum: No registered users and 2 guests