Description: SECURITY PROBLEM? Kaspersky Internet Security FAILED to do Update Failed to download update unknown error LibreOffice 6.2.5.2 ( Important Update) MANUALLY: When I Check for Updates Manually I get Error reading data from the Internet. Server error message: Could not create SSL connection through proxy server: 200 Connection established. Tried to do NEW INSTALL FAILED? Tried Kaspersky Internet Security over several Days Still Fails? Kaspersky Internet Security FAILED to do Update Failed to download update unknown error LibreOffice 6.2.5.2 ( Important Update) CURRENT VERSION: Version: 6.2.5.2 (x86) Build ID: 1ec314fa52f458adc18c4f025c545a4e8b22c159 CPU threads: 4; OS: Windows 6.1; UI render: default; VCL: win; Locale: en-AU (en_AU); UI-Language: en-US Calc: threaded Steps to Reproduce: 1.Run Kaspersky Internet Security Automatically or Manually 2.Check for Updates Manually 3.Tried to Do New Install Failed Actual Results: Error reading data from the Internet. Server error message: Could not create SSL connection through proxy server: 200 Connection established. Expected Results: Update should be successful Reproducible: Always User Profile Reset: No Additional Info: Worked
William, did you ask Kaspersky support about it? For me it's NOTOURBUG, but... People, do you have some opinion here?
I'm thinking the Kaspersky stuff here may be unrelated/confused? We have a SSL proxy here and when we try to do Help -> Check for Updates we get: Error reading data from the internet Server error message: Could not create SSL connection through proxy server: 200 Connection established. We see connections to the proxy, but nothing really happens.
*** Bug 130027 has been marked as a duplicate of this bug. ***
Is the proxy trying to MiTM the connection? Does it support TLSv1.2 or later? Does it support SNI? Could you trace a connection to https://update.libreoffice.org through the proxy (using curl or similar not LO's update check), so we see at which point the handshake chokes?
(In reply to Guilhem Moulin from comment #4) > Is the proxy trying to MiTM the connection? No. > Does it support TLSv1.2 or > later? Does it support SNI? Yes. > Could you trace a connection to https://update.libreoffice.org through the > proxy (using curl or similar not LO's update check), so we see at which > point the handshake chokes? bofh@ubuntu:~$ curl https://update.libreoffice.org -x proxy.lan:3128 -v * Rebuilt URL to: https://update.libreoffice.org/ * Trying 192.168.1.253... * Connected to proxy.lan (192.168.1.253) port 3128 (#0) * Establish HTTP proxy tunnel to update.libreoffice.org:443 > CONNECT update.libreoffice.org:443 HTTP/1.1 > Host: update.libreoffice.org:443 > User-Agent: curl/7.47.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * found 148 certificates in /etc/ssl/certs/ca-certificates.crt * found 592 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: update.libreoffice.org (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: CN=update.libreoffice.org * start date: Thu, 12 Dec 2019 01:07:34 GMT * expire date: Wed, 11 Mar 2020 01:07:34 GMT * issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 * compression: NULL * ALPN, server accepted to use http/1.1 > GET / HTTP/1.1 > Host: update.libreoffice.org > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 302 Moved Temporarily < Server: nginx/1.14.2 < Date: Wed, 22 Jan 2020 19:38:47 GMT < Content-Type: text/html < Content-Length: 161 < Connection: keep-alive < Location: https://www.libreoffice.org/download < <html> <head><title>302 Found</title></head> <body bgcolor="white"> <center><h1>302 Found</h1></center> <hr><center>nginx/1.14.2</center> </body> </html> * Connection #0 to host proxy.lan left intact bofh@ubuntu:~$ Nothing wrong or strange concering the proxy / connection. Simple vanilla Squid.
(In reply to spam from comment #5) > Nothing wrong or strange concering the proxy / connection. Simple vanilla > Squid. Looks good to me as far as update.lo is concerned, doesn't seem a problem with TDF infra/services. Does LibreOffice even support HTTP CONNECT? I'm not familiar with the code but it's suspicious that there is no match for CURLOPT_HTTPPROXYTUNNEL. Did you try to eavesdrop traffic on the your proxy? Could it be that LO send GET/OPTIONS/PROFIND requests there, instead of asking to open a tunnel with CONNECT?
Hello William, Could you please try to reproduce it with the latest version of LibreOffice from https://www.libreoffice.org/download/libreoffice-fresh/ ? I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the bug is still present in the latest version.
Can confirm this is still happening with LibreOffice 7.2.4.1.
Had the same problem on W10 with the latest version (downloaded today). It was more of a Windows issue. If you don't have a local proxy or don't know if you do. Go to "Change Proxy Settings" in Windows 10 Turn OFF Automatically Detect Settings Most of us don't use a proxy server but for some reason this setting causes some programs to think there is a proxy server when there isn't. If you do use a proxy, maybe try manually configuring it in Windows.
I have a similar problem. In my case our proxy *does* MiTM the connection. I have the relevant root certificates available, but I'm unsure where they should be imported. I have a few JRE environments on my machine and I've imported the certificates into all of them using the keytool and confirmed[1] that I can make a connection to update.libreoffice.org on 443. Where else do I need to import the necessary root CA certificates in order for LibreOffice to successfully do an update check? 1. https://matthewdavis111.com/java/poke-ssl-test-java-certs/
Thanks for reporting this issue. Could you please try to reproduce it with the latest version of LibreOffice from https://www.libreoffice.org/download/libreoffice-fresh/ ? I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the bug is still present in the latest version.
Dear William Hensman, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INSUFFICIENTDATA due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-NeedInfo-Ping
Dear William Hensman, Please read this message in its entirety before proceeding. Your bug report is being closed as INSUFFICIENTDATA due to inactivity and a lack of information which is needed in order to accurately reproduce and confirm the problem. We encourage you to retest your bug against the latest release. If the issue is still present in the latest stable release, we need the following information (please ignore any that you've already provided): a) Provide details of your system including your operating system and the latest version of LibreOffice that you have confirmed the bug to be present b) Provide easy to reproduce steps – the simpler the better c) Provide any test case(s) which will help us confirm the problem d) Provide screenshots of the problem if you think it might help e) Read all comments and provide any requested information Once all of this is done, please set the bug back to UNCONFIRMED and we will attempt to reproduce the issue. Please do not: a) respond via email b) update the version field in the bug or any of the other details on the top section of our bug tracker Warm Regards, QA Team MassPing-NeedInfo-FollowUp