PS3 Internet Browser problems

bguerville said:
I AM thinking about everyone else, I have been for many years..
If I weren't, this private project public access would be long shut down because comments like this happen every single time there's an update, a glitch or whatever issue.
It's getting old and frankly unacceptable in a community like ours that can ONLY thrive on good will and support.
Click to expand...

fair enough. I know I can't really control what goes on at all but there will always be trolls as you know and are well aware. But your work and wits allows thousands of us to enjoy many things we otherwise would not be able to. Whatever it is you decide we will accept but just know support you man!
 
yeah i tried to do this today and i was unable to open the ps3toolset.com, i tried removing the s and it didn't work

for those interested, i was able to access ps3 exploit site by removing the s from the https

hopefully there is a workaround soon

edit: i read bguerville's post and i'm not sure what i could do to load https
 
bguerville said:
I am not sure yet, I don't get home until tomorrow and I don't travel with the hosting creds on me, I can't yet check what the situation really is.

If ever the Google Trust Services certs CA was upgraded and the current cert can no longer work on PS3, replacing the cert with another one might not be as easy as one may think.
The free let's encrypt certs used to work BUT they have also been upgraded (or will be in a matter of weeks) iirc. And finding a ps3 compliant paid certificate I can install on the host was a real bummer already 2 years ago, I only expect the situation to be worse now.
If someone has a guaranteed compliant SSL certificate solution to propose to avoid myself more potential headaches, I am all ears... however http is not a solution, I don't intend to turn off https, I need it for the features in the coming update.
Removing SSL would have a huge impact for me and I would have to rethink/recode some of the new file manager component and remove some of its features..
Click to expand...

Have you tried a self certification using SHA-1? I was just setting it up and trying it out on my own server, but I had a lot to drink tonight, so I am slightly impaired at the moment. I'll try some more when I'm a tad more sober and see if maybe I can help out with it.
 
Sythan said:
Have you tried a self certification using SHA-1? I was just setting it up and trying it out on my own server, but I had a lot to drink tonight, so I am slightly impaired at the moment. I'll try some more when I'm a tad more sober and see if maybe I can help out with it.
Click to expand...
Ideally we would need a certificate with an old CA using oldest ssl standards.

Like an old Thawte, Comodo or Digicert.
Because that way we could have support right down to 4.10 firmwares.

That's what I wanted originally.

When I tried 2 years ago, I went for Comodo, now called Sectigo, the cert was sold as PS3 compliant, bought it, installed it, it never worked, the CA was no longer PS3 compliant, the RSA support had been removed, after long hours with tech support, Sectigo told me they couldn't do anything about it, they had nothing compliant to propose!!!

I got annoyed, gave up and installed the Google Trust Services cert valid from 4.84, up until now at least but it was only a matter of time I suppose until it also got its CA upgraded.

There is an old Thawte compliant CA still valid until 2037 afaik, we would need to find a cert that uses something like that I suppose.. and a provider that provides a test site so we can verify that cert works fine before buying it because it's not exactly cheap either and I want no surprises this time..
 
bguerville said:
Ideally we would need a certificate with an old CA using oldest ssl standards.

Like an old Thawte, Comodo or Digicert.
Because that way we could have support right down to 4.10 firmwares.

That's what I wanted originally.

When I tried 2 years ago, I went for Comodo, now called Sectigo, the cert was sold as PS3 compliant, bought it, installed it, it never worked, the CA was no longer PS3 compliant, the RSA support had been removed, after long hours with tech support, Sectigo told me they couldn't do anything about it, they had nothing compliant to propose!!!

I got annoyed, gave up and installed the Google Trust Services cert valid from 4.84, up until now at least but it was only a matter of time I suppose until it also got its CA upgraded.

There is an old Thawte compliant CA still valid until 2037 afaik, we would need to find a cert that uses something like that I suppose.. and a provider that provides a test site so we can verify that cert works fine before buying it because it's not exactly cheap either and I want no surprises this time..
Click to expand...

I've got quite a few years experience in web development. If I can figure it out on my own, I'll give it for free just to help out. No need to sell it. But I can't guarantee, as you know how potentially complicated it can be.
 
Sythan said:
I've got quite a few years experience in web development. If I can figure it out on my own, I'll give it for free just to help out. No need to sell it. But I can't guarantee, as you know how potentially complicated it can be.
Click to expand...
FYI
Here is a list of CAs with their expiry date, you can probably cross check them with the ps3 firmware compliant CA files located in dev_flash..

https://www.digicert.com/kb/digicert-root-certificates.htm
 
Ah, it's unfortunate that the issue appears to be more complicated than just changing the certificates on the server. Would it be possible to use HFW to install new certificates on the user end, install the exploit and switch to CFW?

Anyway, thank you for hard work @bguerville. It says a lot that your toolset has become the defacto standard for PS3 modding. I'm sure there is another outdated, considerably less convenient method for those who absolutely can't wait.
 
Doctor98Who said:
Would running a proxy server on PS3 from PC work you think?
Click to expand...
Theoretically it would be possible to run a reverse proxy that forwards requests and responses through HTTP, but I don't think there's a ready-to-use solution out there, and the issue with ps3toolset may already be resolved by the time a workaround is posted.

Ultimately, a self-hostable or stripped-down HTTP-safe solution may need to exist in the future to avoid this from happening. Flash Writer only supports up to 4.90 at that, so for now it's probably best to just wait (and perhaps donate to those involved).

I understand that bouncing between different CAs is the chosen strategy for the time being, but I feel like that only adds unnecessary costs when a modified system could have any and all the most updated root certs, whereas I'd imagine users with OFW needn't as many features anyway. But I have no authority over the project and I respect the choices made.
 
Last edited:
bguerville said:
If ever the Google Trust Services certs CA was upgraded and the current cert can no longer work on PS3, replacing the cert with another one might not be as easy as one may think.
Click to expand...
Still, forcing everything to simple http:// could be an alternative in this case, which, also will be mostly future-proof, since in the future, other certs can also stop working on PS3s.
bguerville said:
however http is not a solution, I don't intend to turn off https, I need it for the features in the coming update.
Removing SSL would have a huge impact for me and I would have to rethink/recode some of the new file manager component and remove some of its features..
Click to expand...
I do understand, but keep in mind that using https will stop working some day in the future.
Maybe reworking it could be the best approach.
This is just my personal opinion.
 
PS Vita has this solution:

github.com/SKGleba/iTLS-Enso

Which adds TLS 1.2 support for its built in webkit.

Is there anything analogous for PS3? @Sythan @bguerville

Also I just registered and have not used a forum for the past 7 years, so um please point out what etiquettes I am breaking and how to follow this thread.

Also also I would like to see if I can replicate the attack myself as a fun project. Where can I find more information? is there any writeups? should I watch the video where they point out the random number generater generates the same number again?
 
peepeetee said:
PS Vita has this solution:

github.com/SKGleba/iTLS-Enso

Which adds TLS 1.2 support for its built in webkit.

Is there anything analogous for PS3? @Sythan @bguerville

Also I just registered and have not used a forum for the past 7 years, so um please point out what etiquettes I am breaking and how to follow this thread.

Also also I would like to see if I can replicate the attack myself as a fun project. Where can I find more information? is there any writeups? should I watch the video where they point out the random number generater generates the same number again?
Click to expand...
We can't do that without installing some kind of HEN first. The Toolset must load on OFW!

Having said that, TLS 1.2 should probably be added to HEN/Cobra.
 
bguerville said:
It all depends.
If I can get a paid cert using a CA valid for another 10 years, there should be no such problem.
If I can't, then I'll think about it..
Click to expand...

May I ask why turning off the force redirect wouldn't work until the cert auth is sorted out? Right now it is a complete outage for anyone accessing from a ps3, but if that force redirect was removed the https would still be in place (broken still) but it would allow everyone to bypass the https and actually access the toolset from the ps3 via http.
 
steven1075 said:
May I ask why turning off the force redirect wouldn't work until the cert auth is sorted out? Right now it is a complete outage for anyone accessing from a ps3, but if that force redirect was removed the https would still be in place (broken still) but it would allow everyone to bypass the https and actually access the toolset from the ps3 via http.
Click to expand...

that would be great if it will work like that, just got a ps3 slim for cfw and i am stuck on 4.91 since flash method works till 4.90.
kind regards to bguerville, and thx for his hardwork too!
 
steven1075 said:
May I ask why turning off the force redirect wouldn't work until the cert auth is sorted out? Right now it is a complete outage for anyone accessing from a ps3, but if that force redirect was removed the https would still be in place (broken still) but it would allow everyone to bypass the https and actually access the toolset from the ps3 via http.
Click to expand...

imho, this issue should be pointing to Sony PS3 dev not to bgtoolset creator, they need to release new firmware to catch up with the ssl certificate.

but for now, you need to set up your own proxy server. I just installed cfw on my ofw 4.91 ps3 using pc as a proxy server and it works.

good luck :tears of joy:
 
cikocet said:
imho, this issue should be pointing to Sony PS3 dev not to bgtoolset creator, they need to release new firmware to catch up with the ssl certificate.

but for now, you need to set up your own proxy server. I just installed cfw on my ofw 4.91 ps3 using pc as a proxy server and it works.

good luck :tears of joy:
Click to expand...

Sony stopped supporting the PS3 years ago, and they won't move a finger to aid the homebrew community, so no petition will make them add modern SSL support to the web browser.
 
You must log in or register to reply here.

Similar threads

Back
Top