Skip to content

No HTTPS support macOS Catalina #491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tresf opened this issue Sep 17, 2019 · 2 comments
Closed

No HTTPS support macOS Catalina #491

tresf opened this issue Sep 17, 2019 · 2 comments
Labels
bug

Comments

@tresf
Copy link
Contributor

tresf commented Sep 17, 2019
edited
Loading

Update

A stop-gap patch has been applied to 2.0.11. Please download it here: https://qz.io/download

To apply a patch to previous versions, follow these instructions:
https://youtu.be/jghL1PDukME

https://support.apple.com/en-us/HT210176

Learn about new security requirements for TLS server certificates in iOS 13 and macOS 10.15.

All TLS server certificates must comply with these new security requirements in iOS 13 and macOS 10.15:

  • TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits. Certificates using RSA key sizes smaller than 2048 bits are no longer trusted for TLS.

  • TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family in the signature algorithm. SHA-1 signed certificates are no longer trusted for TLS.

  • TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted.

  • Additionally, all TLS server certificates issued after July 1, 2019 (as indicated in the NotBefore field of the certificate) must follow these guidelines:

  • TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.

  • TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).

Connections to TLS servers violating these new requirements will fail and may cause network > failures, apps to fail, and websites to not load in Safari in iOS 13 and macOS 10.15.
@tresf tresf added the bug label Sep 17, 2019
@tresf
Copy link
Contributor Author

tresf commented Sep 17, 2019
edited
Loading

Workaround:

# Replace the certificate validation in the script with 825 days
sudo sed -i "" 's/-validity 7305/-validity 825/g;' /Applications/QZ\ Tray.app/auth/apple-keygen.sh 

# Re-run the script
sudo /Applications/QZ\ Tray.app/auth/apple-keygen.sh install

# Re-launch QZ Tray
open -a "QZ Tray"

This was referenced Sep 26, 2019
Closed
Closed
@tresf tresf mentioned this issue Oct 18, 2019
Merged
tresf added a commit to tresf/tray that referenced this issue Oct 22, 2019
@tresf
Add stop-gap for shorter certs
41d2fb4 
Workaround for qzind#491
@tresf tresf mentioned this issue Oct 22, 2019
Merged
tresf added a commit that referenced this issue Oct 22, 2019
@tresf
Add stop-gap for shorter certs (#507)
5233c74 
Workaround for #491
@tresf
Copy link
Contributor Author

tresf commented Nov 13, 2019

Please download 2.0.11-1 for the stop-gap patch 5233c74. This will only work for 2 years, then the product will need to be reinstalled. For a permenent patch, please follow #504.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tresf