Results 1 to 17 of 17
Like Tree18Likes
  • 2 Post By bbito
  • 2 Post By dkirker
  • 1 Post By jonwise80
  • 1 Post By Preemptive
  • 1 Post By Preemptive
  • 1 Post By Preemptive
  • 1 Post By jonwise80
  • 4 Post By Herrie
  • 4 Post By Herrie
  • 1 Post By jonwise80
  1.    #1  
    Apple, Google, Microsoft, and Mozilla come together to end TLS 1.0 | Ars Technica
    Almost everyone has now migrated to TLS 1.2, and a few have moved to TLS 1.3.

    Some have noted that the old browser now has problems connecting to some websites. There could be multiple reasons for this. For example, they might be almost entirely javascript and a version newer than that supported by webOS.

    This thread: https://forums.webosnation.com/webos...on-t-load.html seeks ways to enable access to some https sites via a proxy. If workable, it limits access to a home wifi network - not ideal for a mobile phone. If it is a system problem, a system fix is needed.

    It appears that Google & others are also seeking to mark many sites as insecure if they do not use https (even if they don't really need to). https://developers.google.com/web/up...ot-secure-warn

    So sites are under pressure to switch to https and that will mean TLS 1.2 at minimum by 2020.
    1. Is that a problem for Legacy webOS? The article linked at the top states that TLS 1.2 was released in 2008 and 1.3 is only recently finalised. It seems reasonable to assume that (unpatched) webOS supports 1.2. (or maybe not!)
    2. Is it a certificate problem? We have the OSSL update and a new root certificate bundle.
    3. Is it a problem with the TLS system communicating with the OSSL update?
    4. Or what exactly is the problem?
    Last edited by Preemptive; 10/23/2018 at 12:12 PM.
  2. #2  
    I think it has something to do with the native browser. I can connect to eBay using the qt-browser but not the native one. I don't know if that helps at all. (using a pre 3 with 2.2.4)
  3. #3  
    However, I am unable to connect to Posteo (for cal/cardDAV syncing) using the C+DAV Sync App due to the node (or something else, maybe TLS?) being too old.
  4. #4  
    Quote Originally Posted by Preemptive View Post
    It seems reasonable to assume that (unpatched) webOS supports [TLS] 1.2. (or maybe not!)
    webOS 2.2.4 Stock browser with OpenSSL Updater installed I get:
    Protocols
    TLS 1.3 No
    TLS 1.2 No
    TLS 1.1 No
    TLS 1.0 Yes
    SSL 3 Yes
    SSL 2 No

    From https://www.ssllabs.com/ssltest/viewMyClient.html
    Preemptive and NuclearKev like this.
  5. #5  
    I left a comment here the other day: https://forums.webosnation.com/webos...ml#post3454390

    The QT based browsers work because they are using a new version of libssl and libcrypto. However, Palm directly accessed a few data structures internal to the library and those changed a little, so a patch would beed to be applied to the OpenSSL source to accommodate that. I started looking up all of the variables that were directly accessed, but that is as far as I have gotten so far.
    Did you know:

    webOS ran on a Treo 800 during initial development.
    NuclearKev and Preemptive like this.
  6. Shuswap's Avatar
    Posts
    14 Posts
    Global Posts
    74 Global Posts
    #6  
    Quote Originally Posted by NuclearKev
    I think it has something to do with the native browser. I can connect to eBay using the qt-browser but not the native one. I don't know if that helps at all. (using a pre 3 with 2.2.4)
    Slightly off-topic, but AuctionMate still works.
    Last edited by Shuswap; 10/24/2018 at 10:48 AM.
  7. #7  
    I got this email today...
    OutlookEndOfTLS1.png

    This will impact Outlook.com, Office365 and Hotmail users, but we have a little time. Text follows...

    As previously communicated (MC124102 in Oct 2017, MC126199 in Dec 2017 and MC128929 in Feb 2018), we are moving all of our online services to Transport Layer Security (TLS) 1.2+ to provide best-in-class encryption, and to ensure our service is more secure by default.

    [How does this affect me?]
    As of October 31, 2018, Office 365 will no longer support TLS 1.0 and 1.1. This means that Microsoft will not fix new issues found in the client, device or service that connects to Office 365 using TLS 1.0 and 1.1.

    Please note: TLS 1.0 and 1.1 will continue to function but are no longer supported. We will provide additional notification prior to retiring TLS 1.0 and 1.1 completely.

    [What do I need to do to prepare for this change?]
    You should ensure that all client-server and browser-server combinations use TLS 1.2 (or a later version) to maintain connection to Office 365 services. This may require you to update certain client-server and browser-server combinations.

    Where possible, Microsoft recommends that you remove all TLS 1.0/1.1 dependencies in your environments and that you disable TLS 1.0/1.1 at the operating system level.

    Begin your migration to TLS 1.2+, today.
    Shuswap likes this.
  8.    #8  
    Quote Originally Posted by bbito View Post
    webOS 2.2.4 Stock browser with OpenSSL Updater installed I get:
    Protocols
    TLS 1.3 No
    TLS 1.2 No
    TLS 1.1 No
    TLS 1.0 Yes
    SSL 3 Yes
    SSL 2 No

    From https://www.ssllabs.com/ssltest/viewMyClient.html
    For completeness:

    Qupzilla & Qt Browser
    TLS 1.3 No
    TLS 1.2 Yes
    TLS 1.1 Yes
    TLS 1.0 Yes
    SSL 3 No
    SSL 2 No

    Guessing our current devices will be retired before we need a TLS 1.3 update, but you never know.

    The Illustrated TLS Connection: Every Byte Explained
    Last edited by Preemptive; 10/26/2018 at 11:49 AM.
    jonwise80 likes this.
  9.    #9  
    In these situations, I often ask, "Is there anything in LuneOS we can use?". But as it's based on a minimal Android install with new tech on top, the answer is often, "No". We now have Qt5, but this may not help the system as a whole.

    But there is a complete, modern webOS out there. Can LGwebOS OSE supply the needed components?
    gazaud likes this.
  10. #10  
    Any update on this?
  11.    #11  
    Nope. It's something of a concern that we appear to have 'parallel' apps, some working and some not, especially for a system that is "webOS". So we have working browsers, but apparent (anecdotal) failure of some web services.

    It's my assumption that something like SSL is a 'core' service used by various other parts of the system, yet the update, while fixing the certificate problem, doesn't seem to facilitate the TLS upgrade (or the stock browser isn't using it). It seems webOS was just good enough to function, but had flaws that are now being exposed - items that would no doubt have been fixed had the development of the system continued.

    Part of the problem is that webOS was not a simple Linux distro. It has a modified kernel and a major component is a modified webkit, so updates can't simply be dropped in - they have to be modified in similar ways to the originals.

    I am reminded to post a new thread. It's probably a "no.", but... webOS OSE on legacy devices? - webOS Nation Forums
    Last edited by Preemptive; 11/26/2018 at 11:31 AM.
    NuclearKev likes this.
  12. #12  
    Is it just me, or did we lose Wikipedia yesterday?

    Saturday I read an article on Wikipedia, no issue. Sunday I tried to look something up and got the dreaded "Unable to Load Page"

    Does anyone know what Linux libraries the browser is depending on? Maybe we could find a distro that has compatible bits...
    This situation is only going to get worse.

    Edit: It was just me. I was messing around with the user agent. Interesting finding, though. When I sent an iPad User Agent, I got "Unable to Load Page." After switching back to the default user agent, I continued to get the error until I rebooted and cleared the browser cache and cookies. Then it worked again.
    Last edited by jonwise80; 12/03/2018 at 07:51 AM.
  13. #13  
    My Wikipedia scare prompted me to start investigating. I'm not a Linux expert -- save for my Pi, I haven't spent a lot of time in the OS. But I know "enough to be dangerous"

    It seems that in Linux, TLS is a part of OpenSSL -- on webOS, obviously compiled for ARM. I've decided I'll start my hacking against an emulator (edit: didn't get far with the emulator, now using a spare Touchpad instead), so I don't risk messing up my precious Pre3.
    On my PC, I tried novaterm, but got a file not found -- it just works on my Mac. The equivalent command is:
    novacom -t open tty://
    I saved it as "novaterm.bat" in the PDK bin, so now its as convenient as on my Mac.

    From there, some Linux commands gave me some details:
    • To get the Kernel version:
      uname -r
      2.6.26
    • To get the OpenSSL version:
      openssl version
      OpenSSL 0.9.8k 25 Mar 2009

    Could this be as "simple" as finding a newer version of OpenSSL (compiled for ARM) and over-writing what's on there? The files seem to be at:
    /user/lib

    It looks like TLS 1.2 was added in OpenSSL 1.0.1:
    https://stackoverflow.com/questions/...ded-to-openssl

    I've never in my life successfully compiled a C package using instructions found online, but here's some details on how to try:
    https://wiki.openssl.org/index.php/C...stallation#ARM

    And here are the bits:
    https://github.com/openssl/openssl/t...L_1_0_1-stable

    This command reveals more details about how the webOS version was originally built (run on an emulator):
    openssl version -a
    OpenSSL 0.9.8k 25 Mar 2009
    built on: date not available
    platform: linux-elf
    options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
    compiler: i686-nptl-linux-gnu-gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -fexpensive-optimizations -fomit-frame-pointer -frename-registers -O2 -fno-strict-aliasing -fno-inline-functions -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
    OPENSSLDIR: "/usr/lib/ssl"

    Here it is on my Pre3 -- same on my Tablet. Since this was compiled in 2015, I assume this is the result of the OpenSSL update on Preware (in fact, it sort of says so):
    openssl version -a
    OpenSSL 0.9.8zg 11 Jun 2015
    built on: Fri Oct 16 16:08:55 HST 2015
    platform: linux-elf
    options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
    compiler: /srv/preware/alpha/toolchain/cs07q3armel/build/arm-2007q3/bin/arm-none-linux-gnueabi-gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -mcpu=cortex-a8 -mfpu=neon -mfloat-abi=softfp -mthumb-interwork -mno-thumb -fPIC -fexpensive-optimizations -fomit-frame-pointer -frename-registers -fno-strict-aliasing -fno-inline-functions -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O2 -Wall -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
    OPENSSLDIR: "/usr/lib/ssl"

    This post has details about compiling on ARM7. If I get really brave, I'll try it:
    https://stackoverflow.com/questions/...aglebone-black

    Here's the Wiki from the original OpenSSL Update effort:
    https://github.com/tgaillar/OpenSSL-Updater/wiki
    Last edited by jonwise80; 12/05/2018 at 07:18 PM.
  14. #14  
    OK, I got LuneOS working on a Touchpad, so I grabbed the SSL bits (1.0.2) off of it, and put them into place on my webOS partition, assuming this set is what we're working with:
    • /usr/bin/openssl
    • /usr/lib/libcrypto.so.0.9.8
    • /usr/lib/libssl.so.0.9.8

    The good news is, I didn't break anything. The bad news is it didn't fix anything either

    Here's some screen grabs of before-and-after on the library folder.
    before and after.PNG before and after 2.PNG

    Update: I tried a little more aggressive approach and symlinked the 0.9.8 files to the 1.0.2 files:
    libssl.so.0.9.8 -> libssl.so.1.0.2
    libcrypto.so.0.9.8 -> libcrypt-2.25.so


    This appears to have been a mistake, because now webOS won't boot! Obviously I'm missing something... I know these libraries work on this hardware architecture, so there must be some dependency I don't know about.
    Last edited by jonwise80; 12/05/2018 at 07:18 PM.
    NuclearKev likes this.
  15. #15  
    Quote Originally Posted by jonwise80 View Post
    OK, I got LuneOS working on a Touchpad, so I grabbed the SSL bits (1.0.2) off of it, and put them into place on my webOS partition, assuming this set is what we're working with:
    • /usr/bin/openssl
    • /usr/lib/libcrypto.so.0.9.8
    • /usr/lib/libssl.so.0.9.8

    The good news is, I didn't break anything. The bad news is it didn't fix anything either

    Here's some screen grabs of before-and-after on the library folder.
    before and after.PNG before and after 2.PNG

    Update: I tried a little more aggressive approach and symlinked the 0.9.8 files to the 1.0.2 files:
    libssl.so.0.9.8 -> libssl.so.1.0.2
    libcrypto.so.0.9.8 -> libcrypt-2.25.so


    This appears to have been a mistake, because now webOS won't boot! Obviously I'm missing something... I know these libraries work on this hardware architecture, so there must be some dependency I don't know about.
    They have been compiled with a different toolchain (gcc version) linked against newer versions of various libraries. It won't work like this. Best approach would be to replicate what was done for the OpenSSL 0.98zg update but then for 1.0.x

    Sent from my Nexus 5 using Tapatalk
    Last edited by Herrie; 12/06/2018 at 03:23 AM.
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  16. #16  
    I added the following to my GitHub. I haven't tried building this yet: https://github.com/Herrie82/OpenSSL-.../latestOpenSSL

    [edit]
    I doubt this will work out of the box due to API changes in OpenSSL (at least that's what I've heard), so I guess even if this builds and deploys there will be other hurdles to tackle.
    [/edit]
    Last edited by Herrie; 12/06/2018 at 03:47 PM.
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  17. #17  
    Quote Originally Posted by Herrie View Post
    I doubt this will work out of the box due to API changes in OpenSSL (at least that's what I've heard), so I guess even if this builds and deploys there will be other hurdles to tackle.
    Still worth a try!
    Nafetz likes this.

Similar Threads

  1. Are there any Night Modes for WebOS like f.lux?
    By footloose man in forum HP TouchPad
    Replies: 19
    Last Post: 12/16/2018, 08:50 AM
  2. pivotCE: The New Palm phone is revealed.
    By Preemptive in forum Upcoming & Rumored webOS Devices
    Replies: 30
    Last Post: 11/28/2018, 10:38 AM
  3. A (new?) solution (/work-around) for HTTPS sites that won't load
    By jonwise80 in forum webOS Discussion Lounge
    Replies: 13
    Last Post: 10/23/2018, 12:11 PM
  4. Lg WebOS Tv out of memory error
    By jhamond987 in forum LG webOS TV
    Replies: 1
    Last Post: 10/19/2018, 02:39 PM
  5. Lg WebOS Tv out of memory error
    By Sagar Venugopal in forum LG webOS TV
    Replies: 0
    Last Post: 10/19/2018, 08:05 AM

Posting Permissions