Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feed update Handshake or illegal_parameter error #113

Open
mdisg opened this issue Apr 6, 2021 · 14 comments
Open

Feed update Handshake or illegal_parameter error #113

mdisg opened this issue Apr 6, 2021 · 14 comments

Comments

@mdisg
Copy link

mdisg commented Apr 6, 2021

A few weeks ago updating some of my feeds stopped working.

Looking through the log revealed the following errors (there are more feeds showing this kind of errors):

Error loading 'CNXSoft – Embedded Systems News'
Problem: Received fatal alert: illegal_parameter
Link: https://www.cnx-software.com/feed

Error loading 'GuruCE blogs'
Problem: Remote host terminated the handshake
Link: http://guruce.com/blog/feed

I can download the feed using e.g. firefox but not with RSSOwlnix. Any suggestions?

OS: win10
RSSOwlnix version: RSSOwlnix-2-8-0-win32.win32.x86_64.zip

@Xyrio
Copy link
Owner

Xyrio commented Apr 6, 2021

should be related to encryption. the http link redirects to https. both work for me.

i am using https://adoptopenjdk.net/ 15. dont use java 16 it wont even start.

@mdisg
Copy link
Author

mdisg commented Apr 7, 2021

I'm using Java JDK (C:\Program Files\Java\jdk-15.0.1\bin\server\jvm.dll)

Some feeds work, others do not. Is there a way to get more detail about the error?

@Xyrio
Copy link
Owner

Xyrio commented Apr 7, 2021

under %userprofile%\.rssowlnix-beta\.metadata\.log or same log from menu / help / export logfile...
there might be something helpful. but as i saied the handshake stuff has prbably something to do with the ssl encryption of https sites. maybe the source code lib httpclient has also an effect on it. could be ssl certificate related. it is a complicated topic.

https://dzone.com/articles/ssl-handshake-failed-error-how-to-solve

did the 2 feeds u mentioned above work with java 15 for you too?

maybe some work only with older java 8 version (less than 8 is not supported by current rssowlnix) because some weaker encryption stuff was dropped in higher versions and lower version lack newer encryptions.

get the rss in another way: https://github.com/Xyrio/RSSOwlnix/wiki/FAQ#item_getrss

@Xyrio
Copy link
Owner

Xyrio commented Apr 8, 2021

if the ones above are now working, can you provide one link that is not working with java 15?

@mdisg
Copy link
Author

mdisg commented Apr 8, 2021

I'm very familiar with TLS related problems as I also develop software accessing sites with TLS. The problem here is that I don't have the required information what exactly goes wrong.

I did not change the Java version in the last weeks so there must be a change on the sites itself why it has stopped working.

That trick using a shell script could be a solution. Where can I get that http2rss.py ?

Maybe the TLS information in the attached log file is helpful for you? Please see tls.log

I checked the logfile of RSSOwlnix you mentioned but it did not provide usefull information.

@Xyrio
Copy link
Owner

Xyrio commented Apr 8, 2021

the script name was just an example, you have to write it yourself or try something like curl or wget for windows or use powershell

https://adamtheautomator.com/powershell-download-file/

@SethBodine
Copy link

SethBodine commented Apr 26, 2021

This website is behind Cloudflare - it may be that they are performing a JS based challenge which RSSOwlnix cannot handle.

a curl request should help confirm or provide additional information.
curl -vvv https://www.cnx-software.com/feed -L

as for GuruCE - the formatting is quite likely the issue

https://validator.w3.org/feed/check.cgi?url=http%3A%2F%2Fguruce.com%2Fblog%2Ffeed
curl -vvv http://guruce.com/blog/feed -L

The html tags are incorrectly presented as & quot ; & gt ; & lt ; & gt ; etc...

If the errors are due to TLS issues, it may be certificate trust, may need to review the cacerts file that comes with Java, or if the version of Java is quite old, upgrade to a more recent version with a more recent list of root ca's

@SethBodine
Copy link

@mdisg did you get any further with this one? Would love to know if you've found anything further.

@mdisg
Copy link
Author

mdisg commented Aug 9, 2021

@SethBodine sorry I had no time to investigate it further.
With curl I have no problems accessing the sites

@mdisg
Copy link
Author

mdisg commented Aug 9, 2021

I did a test using nginx as proxy with the following configuration:

location / {
        proxy_http_version 1.1;
        proxy_pass $arg_url;
        proxy_ssl_server_name on;
}

This works well in my browser with the url http://localhost:15444/?url=https://www.cnx-software.com/feed
The feed is retrieved but RSSOwlnix also failes with that non-ssl Url.

@Xyrio
Copy link
Owner

Xyrio commented Aug 17, 2021

tried both urls just now and they work.

  • try rssowlnix 2.9.0 with adopt jdk 15+hotspot ( https://adoptopenjdk.net ). (java 16 doesnt work currently it crashes at startup)
  • try readding the feed. (maybe do a cleanup before readding but after deleting the feed)

another list of what to try: https://kinsta.com/knowledgebase/ssl-handshake-failed/

there is also the jce (java cryptography extention) configuration stuff that caused handshake error for https (was missing support for certain encryptions if i remember right), when using older java <=1.8 as it needed to be downloaded separately due to US laws at that time (i confirmed this with oracle jre/jdk, the old rssowl github/sourceforge forum have threads about this):

https://stackoverflow.com/questions/62841553/how-can-i-configure-java-cryptography-extension-jce-in-openjdk-11

  • at Internet Properties (3. of the link above) i have (windows 7):
    • checked HTTP 1.1 use and over proxy
    • unchecked SSL 2.0, 3.0
    • checked TLS 1.0, 1.1, 1.2

unchecked TLS 1.0 and 1.1 as per recommendation (at link above) and it still works.

rssowl#11

https://sourceforge.net/p/rssowl/discussion/296910/thread/6dc4a203/

@mdisg
Copy link
Author

mdisg commented Aug 19, 2021

@Xyrio I have updated to the latest rssowlnix Version and also jdk 15 (jdk-15.0.2+7) but nothing changed. I still get the "illegal_parameter" if I try to add the feed again and the existing feed also does not update.

I already know that kind of TLS errors might happen but there seem to be no error in general. I can access the sites without any problems using Firefox, Chrome, Curl. So it must be something only Java related or in rssowlnix. Is there a way to log the detail error rssowlnix gets accessing the site?

I exported the log file which contains:

Error loading 'CNXSoft – Embedded Systems News'
Problem: Received fatal alert: illegal_parameter
Link: https://www.cnx-software.com/feed

@Xyrio
Copy link
Owner

Xyrio commented Aug 19, 2021

are you sure rsswolnix is using java 15? got other java versions installed?
you can see in the log file what version of java is running:

java.version=15.0.2
java.vendor=AdoptOpenJDK
BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=de_DE
Command-line arguments:  -os win32 -ws win32 -arch x86_64

@mdisg
Copy link
Author

mdisg commented Aug 19, 2021

yes it's using 15.02

!SESSION 2021-08-19 14:23:43.879 -----------------------------------------------
eclipse.buildId=unknown
java.version=15.0.2
java.vendor=AdoptOpenJDK
BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en_US
Command-line arguments:  -os win32 -ws win32 -arch x86_64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants