Downloads fail with “Network: Cannot send request” if server uses TLS 1.2

[rsn8887]

Vita HBB now fails do download anything from bintray (almost any file hosted on VitaDB) with the error message “network: cannot send request”, on 3.60. The Retroarch nightly download is on a different server and works fine, but only if I set the url to http. Using https doesn’t work there either

I think since July 24, bintray forces everything to https with TLS 1.2 protocol, and stopped support for older TLS. It seems like TLS 1.2 is not supported by Vita HBB at least on the 3.60 kernel.

[devnoname120]

Indeed, I will switch to a library that uses curl under-the-hood because TLS 1.2 is not supported by sceHttp (at least on 3.60).
I plan to either use cURLpp or cpr.

[rsn8887]

I confirm that it is not limited to 3.60. Even on 3.68, I get the same error “Network: Cannot send request” when using https.

[devnoname120]

@rsn8887 What if you access https://bintray.com/ from the web browser on 3.68?

[rsn8887]

On 3.68:

• The webpage https://bintray.com displays correctly.

• Using the built-in web browser, downloads from VitaDB also work. I just had to install download_enabler.suprx to enable downloading of arbitrary filetypes. I can go to vitadb.rinnegatamante.it in the browser and click on the download link for any homebrew, and it downloads just fine. The files appear under ux0:download and are ok.

• It seems the kernel supports the SSL downloads, but VitaHBB still gives that error. Maybe TLS1.2 has to be explicitly enabled in the app using some flag or something?

On 3.60:

• Trying to use the Vita web browser to access https://bintray.com or trying to start downloads from vitadb.rinnegatamante.it just gives a system error, as expected: Could not communicate using SSL (C2-14900-4)

[FrickinJon]

On 3.65:

Same behavior as 3.60. If i atttempt to navigate to https://bintray.com I get the C2-14900-4 (could not communicate using SSL) error.

[devingDev]

Does the libcurl in vita support TLS 1.2?

Also what do you use currently for net requests for example downloading newest json or downloading a vpk or images?

[devingDev]

If this was open source we could help much easier 🤔

[devnoname120]

Yeah, I plan to open-source it but I'm in the middle of a refactoring.

[joel16]

Hey devnoname120 (Sensei)
The problem with libcurl is that its pretty slow. I remember using it with the 3DS after the introduction of TLS 1.2 for GitHub. Is curl the only way around this?

[devingDev]

3ds != vita 🤔

[devnoname120]

@joel16 Might it not be just the 3DS port that's slow?

[devingDev]

I just remembered VitaCord is using libcurl 🤣

Here code which is used for downloading images from discord .

https://github.com/devingDev/VitaCord/blob/master/src/VitaNet.cpp#L302

[joel16]

@devnoname120, could be I don't really know. Give it a shot and let me know how it goes. I thought 3.68 fixed TLS 1.2 though so I'm kind of confused here.

[devingDev]

Visiting github.com on my 3.68 hencore works whereas the 3.60 immediately fails with some SSL error (C2-14900-4)

[devnoname120]

@joel16 3.68 adds TLS 1.2 support but many users will stay on 3.65 for Ensō, so I need to switch to cURL. Anyway, I already planned to switch to cURLpp / cpr because it will improve code readability and maintainability.