1. Forum
  2. Newsgroups
  3. comp.lang.tcl

  • tls handshakes are failing

    From saito@saitology9@gmail.com to comp.lang.tcl on Fri Jun 19 07:55:48 2026
    From Newsgroup: comp.lang.tcl

    I am using tls v1.7.23 on Windows.
    It looks like the handshakes are failing.

    When I look into tls::status, I see this:

    "sbits 128 cipher ECDHE-RSA-AES128-GCM-SHA256 version TLSv1.2"


    Any ideas why? What would be a good way to establish a tls connection?
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Brian@brian199@comcast.net to comp.lang.tcl on Fri Jun 19 11:50:55 2026
    From Newsgroup: comp.lang.tcl

    On 6/19/26 6:55 AM, saito wrote:
    I am using tls v1.7.23 on Windows.
    It looks like the handshakes are failing.

    When I look into tls::status, I see this:

    "sbits 128 cipher ECDHE-RSA-AES128-GCM-SHA256 version TLSv1.2"


    Any ideas why? What would be a good way to establish a tls connection?

    For starters, you need to step up to a more recent TclTLS release.
    Version 2.0 has been out since Jan and 1.8 for a year or so before that.
    See https://core.tcl-lang.org/tcltls/index.

    You don't provide details on why the handshake was refused, but my guess
    is the old TclTLS versions offer to use obsolete SSL and TLS versions
    and most modern web sites will refuse those connections. So use command
    line options "-ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 1"
    with your tls::socket command.

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Brian@brian199@comcast.net to comp.lang.tcl on Fri Jun 19 12:00:11 2026
    From Newsgroup: comp.lang.tcl

    On 6/19/26 11:50 AM, Brian wrote:
    On 6/19/26 6:55 AM, saito wrote:
    I am using tls v1.7.23 on Windows.
    It looks like the handshakes are failing.

    When I look into tls::status, I see this:

    "sbits 128 cipher ECDHE-RSA-AES128-GCM-SHA256 version TLSv1.2"


    Any ideas why? What would be a good way to establish a tls connection?

    For starters, you need to step up to a more recent TclTLS release.
    Version 2.0 has been out since Jan and 1.8 for a year or so before that.
    See https://core.tcl-lang.org/tcltls/index.

    You don't provide details on why the handshake was refused, but my guess
    is the old TclTLS versions offer to use obsolete SSL and TLS versions
    and most modern web sites will refuse those connections. So use command
    line options "-ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 1"
    with your tls::socket command.


    Another possibility is if you are using the "-request 1 -require 1"
    options and you have an out of date Certificate Authority cert store,
    then the cert check is failing. On Windows when using TclTLS 1.7.x you
    need to keep these up to date. Another reason to step up to a newer
    version that can use the Windows cert store.

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From saito@saitology9@gmail.com to comp.lang.tcl on Sat Jun 20 13:29:12 2026
    From Newsgroup: comp.lang.tcl

    On 6/19/2026 12:50 PM, Brian wrote:
    On 6/19/26 6:55 AM, saito wrote:

    For starters, you need to step up to a more recent TclTLS release.
    Version 2.0 has been out since Jan and 1.8 for a year or so before that.
    See https://core.tcl-lang.org/tcltls/index.

    First of all, thank you for your useful input. I appreciate it.

    There are several packages that I would like to upgrade asap, to be
    honest. I will add this to the list.

    Question: Is TclTLS same as Tls? Or did a name change occur with version
    2.0?


    and most modern web sites will refuse those connections. So use command
    line options "-ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 1"
    with your tls::socket command.


    This line looks very similar to the one I was using, except for the tiny
    fact that tls1.3 was set to 0. I changed that to 1 and things seem to be
    OK at first glance with my tests. I hope it stays that way. I will
    report back if I see any issues.

    Thanks again!

    --- Synchronet 3.22a-Linux NewsLink 1.2