0

My debian laptop has issues accessing the internet from a hotspot. The first time I connected, I'm pretty sure I had internet after authentificating. My phone is connected on the same wifi without issues.

Now, trying to access an http page redirects to the login page of the hotspot (which says I'm logged in). Accessing an https website results in ERR_SSL_PROTOCOL_ERROR in Chromium and SSL_ERROR_RX_RECORD_TOO_LONG in Firefox.

More interestingly, I tested the DNS with the command host and it works perfectly.

$ host google.com
google.com has address 172.217.21.78
google.com has IPv6 address 2a00:1450:4002:801::200e
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.

I then used curl:

$ curl -v http://google.com
* Rebuilt URL to: http://google.com/
*   Trying 172.217.21.78...
* TCP_NODELAY set
* Connected to google.com (172.217.21.78) port 80 (#0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 302 Found
< Server: squid/3.5.28
< Date: Sun, 02 Feb 2020 22:08:43 GMT
< Content-Length: 0
< Location: https://hotspot.internet-for-guests.com/logon/cgi/index.cgi?ctime=1580681323&userurl=%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D%2F
< X-Cache: MISS from hotspot.internet-for-guests.com
< X-Cache-Lookup: MISS from hotspot.internet-for-guests.com:8080
< Connection: keep-alive
< 
* Curl_http_done: called premature == 0
* Connection #0 to host google.com left intact

$ curl -v https://google.com
* Rebuilt URL to: https://google.com/
*   Trying 172.217.21.78...
* TCP_NODELAY set
* Connected to google.com (172.217.21.78) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

So it looks like the hotspot thinks I'm not connected whereas I am. It's more a problem of the hotspot probably that doesn't correctly detect my MAC address. Is there any difference with other platforms?

Labo
  • 203
  • 2
  • 7
  • 1
    Does this answer your question? [Firefox, error when accessing https url](https://superuser.com/questions/653973/firefox-error-when-accessing-https-url) – Ramhound Feb 02 '20 at 18:32
  • Possible duplicate of https://superuser.com/questions/1077503/chrome-err-ssl-protocol-error-on-known-working-site and you should verify the SSL certificate from the website you are visiting is legitimate. Those errors indicate the certificate might not belong to the website in question. – Ramhound Feb 02 '20 at 18:33
  • Thanks, I tried the first before posting without success. The second link is about a single website not working, I still tried it without success either. – Labo Feb 02 '20 at 19:07
  • Your question makes no mention of what you tried. How about the specifics of the certificate of the website that doesn't work? – Ramhound Feb 02 '20 at 19:39
  • @Ramhound it's for every website, depending on whether it uses https or not. – Labo Feb 02 '20 at 19:42
  • I don't think the other questions are relevant because they concern a problem of only one browser. I think I have a network configuration issue. – Labo Feb 02 '20 at 19:43
  • 1
    I guarantee you have a network configuration issue. Which is the reason I want to know more about the certificate, of the website in question, that generates those SSL errors. – Ramhound Feb 02 '20 at 19:47
  • Actually the certificate doesn't even show up. I tried with several websites (including superuser, google, facebook, Reddit, etc.) and the browser doesn't show any certificate. – Labo Feb 02 '20 at 22:03
  • You are getting an SSL certificate error, if you are navigating to a HTTPS page, then you no doubt have some certificate being served to your device. – Ramhound Feb 02 '20 at 22:08
  • Is your clock set correctly? – Burgi Feb 06 '20 at 16:36
  • @Burgi yes. I guess it's just the proxy of the hotspot that messes up the SSL certificates. I changed my MAC address and reconnected to the hotspot without issues. – Labo Feb 07 '20 at 13:48

0 Answers0