Updated to Catalina and FF can no longer connect to server

Hi, I have recently updated to Catalina and Filter Forge can no longer connect to the server to check for updates or filters.

It just repeatedly states "Unable to connect to server". I manually went to the web site and downloaded the latest point update for FF9 just in case that fixed the problem but it still shows the same error.

FF was working fine before I upgraded to Catalina and my Internet connection is working (or I wouldn't be able to post this bug report!) - so I suspect there is some sort of Catalina incompatibility.

I'd like to install some new filters and check for updates to filters.

Please advise, thanks.

Hi, I just have the built-in Firewall in Catalina on. It is allowing all outgoing connections as far as I can tell.

However in a browser window II can go to https://www.filterforge.com ok but when I attempt to go to https://www.filterforge.net I get the following messages:

Safari reports this:
Safari can't open the page "https://www.filterforge.net" because Safari can't establish a secure connection to the server "www.filterforge.net"

Chrome reports this:
This site can’t provide a secure connection www.filterforge.net sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Hope that helps, thanks

Update: I am wondering if this is a TLS 1.2 issue - here's my theory, Mac OS Catalina has been hardened so that all HTTPS requests force the use of the secure TLS 1.2 rather than the older TLS 1.0 (see https://www.macrumors.com/2019/06/06/a...a-ios-13/).

My suspicion is that the www.filterforge.net server / SSL certificate is using the older TLS 1.0 protocol which is causing the problem.

Hope this thought helps.

Built in browser doesnt work either...

Think we just need Filter forge to fix the issue they have

Our certificate does support TLS 1.2:

https://gf.dev/tests/qat5h9jvgtg

And no, I haven't updated to 10.15. I stick with 10.14 and 10.13 on my nVidia iRay render box.

I get this issue using all browsers on my Windows 10 PC.

So why would I get this message Filter Forge team? and is it related to the inability to download any filters?

Another thought, within the Filter Forge source code, when it establishes an SSL connection it may default to a lower version of TLS because of the libraries / APIs that it uses.

From personal experience I have needed to force an API to use TLS 1.2 because the API I was using defaulted to the lower TLS 1.0 protocol - so this might be happening within Filter Forge and the resulting defaulted TLS 1.0 connection is not being allowed out via the Mac OS.

This does only seem to have affected me since updating to Catalina which has hardened the use of TLS. All my settings and Internet connections are the same so I really think this could be a possible reason for this.

Thanks.

For Monitoring in terminal try sudo tcpdump, or download Wireshark.

I used sudo tcpdump -vv to get verbose logging and the only bit I could see referencing FF was this:
09:22:46.526084 IP (tos 0x0, ttl 64, id 15082, offset 0, flags [none], proto UDP (17), length 65)
192.168.0.22.34125 > routerlogin.net.domain: [udp sum ok] 49393+ A? www.filterforge.net. (37)
09:22:46.537169 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 81)
routerlogin.net.domain > 192.168.0.22.34125: [udp sum ok] 49393 q: A? www.filterforge.net. 1/0/0 www.filterforge.net. A 81.99.162.48 (53)

I do then see lots of other comms to my ISP such as this:
09:22:46.537775 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.22.49652 > lang-sspiprxy.network.virginmedia.net.http: Flags [F.], cksum 0x7124 (correct), seq 1, ack 1, win 65535, options [nop,nop,TS val 213488798 ecr 3431957088], length 0

...but nothing that mentions SSL or errors. I'm not a network guy so don't know what I'm looking for!

In case this is an issue with my ISP I will try on a 4G phone data network a bit later

Hi, I just randomly tried downloading filters again and everything is now working so I guess Filter Forge has sorted out the SSL issue that I think was causing the problem. Nothing at my end has changed, still using the same version of FF and my OS has not been updated. Anyway, alls well that ends well. Thanks, Adrian