I have no clue why it’s happening, but it also happens with my Jellyfin client I wrote when I try to connect to, for example, https://demo.jellyfin.org. It supports the minimum of TLS 1.2, according to ssllabs.com which is from 2008. That should be still supported, right?
From some earlier error messages I had, I noticed gstreamer, the library that Qt MultiMedia uses, uses libsoup to do https request. Guess which version is installed? 2.4, which came out in 2008. libsoup depends on gnutls for TLS. And by executing pkcon search gnutls
, I can safely say that this is very likely gnutls 2.12.24, which dates from 2016, which seems to be a patch made long (as in several years) after the gnutls 2.x branch was abandoned to improve future compatibility with TLS 1.2.
As far as I know, TLS 1.2 shouldn’t have had any major changes since later 2016 to cause it to break, right?
I wrote a quick (read: copied from the libsoup vala documentation) program to test things out:
using Soup;
int main (string[] args) {
if (args.length == 1) {
stdout.printf("USAGE: %s [URL]\n", args[0]);
return -1;
}
var url = args[1];
stdout.printf ("HTTP GET %s\n", url);
// create an HTTP session to twitter
var session = new Soup.Session ();
var message = new Soup.Message ("GET", url);
// send the HTTP request and wait for response
session.send_message(message);
stdout.printf("Status: %u %s\n", message.status_code, message.reason_phrase);
/*message.response_headers.foreach ((name, val) => {
print ("%s = %s\n", name, val);
});
// output the response to stdout
stdout.write (message.response_body.data);*/
return 0;
}
- Save this as http-test.vala on your device
- make sure libsoup-devel, vala and gcc are installed (
pkcon install libsoup-devel vala gcc
).
- Run
valac http-test.vala --pkg libsoup-2.4
, which should create a file name http-test
, which is executable.
4.Now you should be able to execute GET requests with libsoup by running ./http-test [url]
. It should print out the HTTP status code of the request if everything goes alright, otherwise it prints out a code smaller than 100 with an error message.
And guess what, the old libsoup seems to be the cause! When I try to make a request to “https://demo.jellyfin.org”, I get back “Status: 6 Peer failed to perform TLS handshake”.
So my assumption is that the problem lies within the old versions of libsoup and libgnutls.