-
Notifications
You must be signed in to change notification settings - Fork 13
[BUG] clarify config for FreshRSS, EasyRSS and TLS 1.3 #68
Comments
I think Firefox includes its own libraries, so it's certainly not a given that it isn't due to the Android device. Android didn't support TLS 1.3 until Android 10, so if you have an older version it won't work. (Presumably it's not too hard to include the relevant libraries to enable support on something like Android 5+ or 6+, though with Android you never know.) |
I'm running Android 7.1.2 (lineage os) so I believe my android does not support TLS 1.3 natively. But if @Frenzie is right, if Firefox can include support for TLS 1.3, I think it should also be possible to do so for EasyRSS. If I understand it correctly, EasyRSS can use the embedded libraries of android in order to manage HTTP and TLS, or it can take in charge its own libraries and not rely on the librariesof android. Am I right? In the meantime, it should be added in the doc that users should pay attention to the TLS version as it can make EasyRSS not to work with a FreshRSS instance. |
Firefox is a very different kind of app. But for EasyRSS it might be possible with https://github.com/google/conscrypt or equivalent. |
I'm running FreshRSS through caddy as a reverse proxy, which serves TLS 1.2 and 1.3 by default. I can also confirmed that via I still have the same problem, that, despite my password being definitely correct, it tells me the password is incorrect. |
Describe the bug
On my configuration, I had apache configured to serve only pages under TLS, and only TLS 1.3.
I also use EasyRSS (from F-Droid) on my android to read my feeds.
It appears that the configuration on my server is not compliant with my android device or with EasyRSS, as EasyRSS cannot use FreshRSS's api when the server is configured to serve only page with TLS 1.3.
The difficult part here is that EasyRSS is not correctly handling the error and say that the username or the password is wrong. In fact, the username and the password were perfectly right, so was the FreshRSS api url. The only solution was to enable TLS 1.2 so that EasyRSS can use the api of FreshRSS
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I was expecting everything to work well, and that EasyRSS can connect to the api of FreshRSS.
Additional context
I suppose the problem comes from EasyRSS as I was able to use the web interface of FreshRSS using my Fennec (Firefox mobile) browser. Si I think it is not my android device that is reluctant to TLS 1.3.
As a consequence, there is 2 problems with EasyRSS:
I think the documentation of FreshRSS should spread a word about this limitation so no one else will loose hours trying to update his login and password...
I will also file this issue in FreshRSS issues, as the issue has impacts in FreshRSS *and EasyRSS.
The text was updated successfully, but these errors were encountered: