I am currently building an APU Board Router, replacing my old Alix Board running an older Instance of OpenWRT.
Most things went smooth so far, however, I have a rather annoying Problem, which I pinned down to WolfSSL (I guess) reading several Threads here.
I have a correct certificate and use it together with uhttpd. Everything works fine, except after I do a reboot. Whenever I try to access the router via its https URL, using Firefox on Ubuntu, I get a SSL_ERROR_NO_CYPHER_OVERLAP Error. After a few minutes this Problem is gone, and I am able to connect to my box.
Now, from what I gathered here, it is related to WolfSSL, and Indeed, replacing it with OpenSSL seems to fix that problem. However, that leads me to conflicts with my future upgrade Plans.
I am trying to keep things simple as possible, so I thought my strategy would be, get the correct Update File, restore backup, and restore installed packages with opkgscript. Unfortunately, As far as I can tell, that way it is just possible to add packages, not to remove them.
So questions:
-Is this indeed some Problem/Bug with WolfSSL?
-Is there a way to fix it?
-How can I find out, why after a few minutes, everything works as expected(checked system.log, but nothing unusual)?
-If, (and right now it looks like that) the solution to fix that would be using OpenSSL, how could I solve that install Problem automated? Building my own OpenWRT Images is not an option right now.
-Also, what other Problems to expect, when I switch? I noticed that there is no Curl Pendant compiled against OpenSSL, which probably breaks Packages depending on Curl.
Certificate is valid, as I said, the problem is just for a few minutes, after I rebooted the router. If I wait a certain time, the problem is gone. Also if installing OpenSSL replacing WolfSSL, the problem is gone as well.
Firefox is current, yes.
But Again, I am pretty sure it is not Firefox related. I had also running ngnix a while until I moved it to docker, and while I had wolfssl with cert, I noticed, that it failed to come up. (Don't have the logs anymore, as I said, I am testing everything right now). That Problem disappeared as well, when I switched to OpenSSL.
Anything in particular I should take care of? Posting the whole result seems to be a bit long.I just did that, and got a response to an extend, I can see a certificate and so on. A first look seems to give me same results, fresh after start (Firefox error), and after a few minutes (Firefox working)
I recommend that you use the Online Image Builder to build your custom OpenWrt firmware (with packages that you want already installed in the firmware, along with some commands to run on first boot):
(Install "auc" and "luci-app-attendedsysupgrade" to keep snapshots up to date)
Request Build, wait and download the firmware, then flash the firmware and configure the router from scratch (don't use a backup).
P.S. Don't delete the packages that appear in "Custom package selection", they are necessary or you will brick the router, but you can replace those packages if you want.
Seems like you found a solution, but it is not clear what in this thread was the solution you liked. Could you post a follow up summary/post-mortem?
I'm having this problem as well. Symptoms are exactly as described in OP. I don't see a way to "switch" to openssl, however, since there is no libustream-openssl and no luci-ssl-openssl pkg in OpenWRT 20.02.1. Even if there was, it's not clear how to switch a live system. Also, it's not clear how to "delete packages" using imageBuilder. I use imageBuilder and I only know how to add packages to the core list.