pleroma/lib/pleroma
Pierre-Louis Bonicoli a158774364
hackney adapter helper & reverse proxy client: enable TLSv1.3
The list of TLS versions was added by
8bd2b6eb13 when hackney version was
pinned to 1.15.2. Later hackney version was upgraded
(166455c884) but the list of TLS
versions wasn't removed. From the hackney point of view, this list has
been replaced by the OTP defaults since 0.16.0
(734694ea4e24f267864c459a2f050e943adc6694).

It looks like the same issue already occurred before:
0cb7b0ea84.

A way to test this issue (where example.com is an ActivityPub site
which uses TLSv1.3 only):

   $ PLEROMA_CONFIG_PATH=/path/to/config.exs pleroma start_iex
   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help)
   iex(pleroma@127.0.0.1)2> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
    {:tls_alert,
     {:protocol_version,
      'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}

With this patch, the output is the expected one:

   iex(pleroma@127.0.0.1)3> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
   {:ok,
    %{
      "@context" => [
        "https://www.w3.org/ns/activitystreams",
        "https://w3id.org/security/v1",
        %{
          "Emoji" => "toot:Emoji",
          "Hashtag" => "as:Hashtag",
          "atomUri" => "ostatus:atomUri",
          "conversation" => "ostatus:conversation",
          "featured" => "toot:featured",
          "focalPoint" => %{"@container" => "@list", "@id" => "toot:focalPoint"},
          "inReplyToAtomUri" => "ostatus:inReplyToAtomUri",
          "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers",
          "movedTo" => "as:movedTo",
          "ostatus" => "http://ostatus.org#",
          "sensitive" => "as:sensitive",
          "toot" => "http://joinmastodon.org/ns#"
        }
      ],
      "endpoints" => %{"sharedInbox" => "https://example.com/inbox"},
      "followers" => "https://example.com/@/Nick/followers",
      "following" => nil,
      "icon" => %{
        "type" => "Image",
        "url" => "https://example.com/static/media/[...].png"
      },
      "id" => "https://example.com/@/Nick/",
      "inbox" => "https://example.com/@/Nick/inbox",
      "liked" => nil,
      "name" => "Nick",
      "outbox" => "https://example.com/@/Nick/outbox",
      "preferredUsername" => "Nick",
      "publicKey" => %{
        "id" => "https://example.com/@/Nick/#main-key",
        "owner" => "https://example.com/@/Nick/",
        "publicKeyPem" => "[...]
      },
      "summary" => "",
      "type" => "Person",
      "url" => "https://example.com/@/Nick/"
    }}

A way to test the reverse proxy bits of this issue (where example.com allows TLSv1.3 only):

    iex(pleroma@127.0.0.1)1> Pleroma.ReverseProxy.Client.Hackney.request("GET", "https://example.com", [], [])
    {:error,
     {:tls_alert,
      {:protocol_version,
       'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}
2022-05-31 00:51:45 +02:00
..
activity Copyright bump for 2022 2022-02-25 23:11:42 -07:00
bbs Copyright bump for 2022 2022-02-25 23:11:42 -07:00
captcha Copyright bump for 2022 2022-02-25 23:11:42 -07:00
chat Copyright bump for 2022 2022-02-25 23:11:42 -07:00
config Copyright bump for 2022 2022-02-25 23:11:42 -07:00
conversation Copyright bump for 2022 2022-02-25 23:11:42 -07:00
docs Copyright bump for 2022 2022-02-25 23:11:42 -07:00
ecto_type Copyright bump for 2022 2022-02-25 23:11:42 -07:00
emails Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop' 2022-03-20 18:14:37 +00:00
emoji Copyright bump for 2022 2022-02-25 23:11:42 -07:00
gopher Copyright bump for 2022 2022-02-25 23:11:42 -07:00
gun Copyright bump for 2022 2022-02-25 23:11:42 -07:00
helpers Copyright bump for 2022 2022-02-25 23:11:42 -07:00
http hackney adapter helper & reverse proxy client: enable TLSv1.3 2022-05-31 00:51:45 +02:00
instances Copyright bump for 2022 2022-02-25 23:11:42 -07:00
mfa Copyright bump for 2022 2022-02-25 23:11:42 -07:00
migration_helper Copyright bump for 2022 2022-02-25 23:11:42 -07:00
migrators Copyright bump for 2022 2022-02-25 23:11:42 -07:00
object Copyright bump for 2022 2022-02-25 23:11:42 -07:00
password Copyright bump for 2022 2022-02-25 23:11:42 -07:00
reverse_proxy hackney adapter helper & reverse proxy client: enable TLSv1.3 2022-05-31 00:51:45 +02:00
telemetry Copyright bump for 2022 2022-02-25 23:11:42 -07:00
tesla/middleware Copyright bump for 2022 2022-02-25 23:11:42 -07:00
tests Copyright bump for 2022 2022-02-25 23:11:42 -07:00
upload Copyright bump for 2022 2022-02-25 23:11:42 -07:00
uploaders Copyright bump for 2022 2022-02-25 23:11:42 -07:00
user Copyright bump for 2022 2022-02-25 23:11:42 -07:00
web StealEmojiPolicy: fix String rejected_shortcodes 2022-05-18 21:25:10 +02:00
workers Copyright bump for 2022 2022-02-25 23:11:42 -07:00
activity.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
application.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
application_requirements.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
bookmark.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
caching.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
captcha.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
chat.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
clippy.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
config.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
config_db.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
constants.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
conversation.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
counter_cache.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
data_migration.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
delivery.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
ecto_enums.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
emoji-test.txt Add unicode 14 support 2022-02-21 12:28:33 -06:00
emoji.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
filter.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
following_relationship.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
formatter.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
frontend.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
gun.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
hashtag.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
healthcheck.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
html.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
http.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
instances.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
job_queue_monitor.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
jwt.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
keys.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
list.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
logging.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
maintenance.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
maps.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
marker.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
mfa.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
moderation_log.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
notification.ex Merge branch 'delete_report_notifs_when_demoting_from_superuser' into 'develop' 2022-03-20 18:13:19 +00:00
object.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
object_tombstone.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
otp_version.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
pagination.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
password_reset_token.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
registration.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
release_tasks.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
repo.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
report_note.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
reverse_proxy.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
scheduled_activity.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
signature.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
stats.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
thread_mute.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
upload.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
user.ex Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop' 2022-03-20 18:14:37 +00:00
user_invite_token.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
user_note.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
user_relationship.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
utils.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
web.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00
xml_builder.ex Copyright bump for 2022 2022-02-25 23:11:42 -07:00