Vivaldi not syncing

Pathduck

Using a newer version (7.80) of curl it should be possible to force a TLS1.3 connection with these "Post-Quantum" ciphers as long as the server supports it.

Ref: https://daniel.haxx.se/blog/2021/10/04/post-quantum-curl/

$ curl -V
curl 8.10.1 (x86_64-pc-cygwin) libcurl/8.10.1 OpenSSL/3.0.15 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.61.0 libgsasl/2.2.1 OpenLDAP/2.6.8
Release-Date: 2024-09-18
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd

$ curl -Iv4 --tlsv1.3 --curves X25519 https://www.vivaldi.com/
* Host www.vivaldi.com:443 was resolved.
* IPv6: (none)
* IPv4: 172.67.21.227, 104.22.59.199, 104.22.58.199
*   Trying 172.67.21.227:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey

If people with this problem could try the above, it might show the same issue of a timed out connection. Bifrost of course, does not support TLS1.3.

mib2berlin

@Pathduck
Hi, if you do this with https://bifrost.vivaldi.com you get an error:

* TLSv1.3 (IN), TLS alert, handshake failure (552):
* OpenSSL/3.1.4: error:0A000410:SSL routines::sslv3 alert handshake failure

Pathduck

@mib2berlin Yes, that's why I wrote:
"as long as the server supports it"

Bifrost does not support TLS1.3.

DoctorG

@mib2berlin The bifrost.vivaldi.com has no TLSv1.3 enabled, i already reported this in internal tracker.

You can check with sslscan which server is able to connect with.

Pathduck

@DoctorG said in Vivaldi only syncing when on VPN:

The bifrost.vivaldi.com has no TLSv1.3 enabled, i already reported this in internal tracker.

Even if Bifrost had enabled TLS1.3 it wouldn't help these users with timeouts, as I believe the problem is not on the server but incompatible firewall/router with these new ciphers.

DoctorG

@Pathduck Yes, i believe it is hardware router/appliance issue.

Zalex108

Hi,
Check about this:
https://forum.vivaldi.net/topic/101158/vivaldi-sync-wont-work-after-using-a-vpn-linux/7

genosensor

I ran into the same problem where sync under Linux works from my home but not from my office or public cellular networks. Running Vivaldi 7.0 downloaded from the website.

Disabling TLS 1.3 post-quantum key agreement
allowed sync to work from all networks.

Thanks for the detective work!

DoctorG

@genosensor said in Vivaldi not syncing:

Disabling TLS 1.3 post-quantum key agreement

Already known and caused by very bad hardware (router, security appliances, hardware firewalls in companies).

genosensor

I worked at this .org for 24 years
Network access is very open here in comparison with most large companies.
I have NO other issues with access to other public sites and services from the corporate net.

There may well be something here that is not standards compliant, but, I suspect, this breakage is very common.

I'm willing to help pinpoint the issue if you can provide some tests to run at my end.

Weirdly, I found that sync would NOT connect even if tethering to my T-Mobile phone.

genosensor

This post is deleted!