I am currently building an APU Board Router, replacing my old Alix Board running an older Instance of OpenWRT.
Most things went smooth so far, however, I have a rather annoying Problem, which I pinned down to WolfSSL (I guess) reading several Threads here.
I have a correct certificate and use it together with uhttpd. Everything works fine, except after I do a reboot. Whenever I try to access the router via its https URL, using Firefox on Ubuntu, I get a SSL_ERROR_NO_CYPHER_OVERLAP Error. After a few minutes this Problem is gone, and I am able to connect to my box.
Now, from what I gathered here, it is related to WolfSSL, and Indeed, replacing it with OpenSSL seems to fix that problem. However, that leads me to conflicts with my future upgrade Plans.
I am trying to keep things simple as possible, so I thought my strategy would be, get the correct Update File, restore backup, and restore installed packages with opkgscript. Unfortunately, As far as I can tell, that way it is just possible to add packages, not to remove them.
So questions:
-Is this indeed some Problem/Bug with WolfSSL?
-Is there a way to fix it?
-How can I find out, why after a few minutes, everything works as expected(checked system.log, but nothing unusual)?
-If, (and right now it looks like that) the solution to fix that would be using OpenSSL, how could I solve that install Problem automated? Building my own OpenWRT Images is not an option right now.
-Also, what other Problems to expect, when I switch? I noticed that there is no Curl Pendant compiled against OpenSSL, which probably breaks Packages depending on Curl.
Certificate is valid, as I said, the problem is just for a few minutes, after I rebooted the router. If I wait a certain time, the problem is gone. Also if installing OpenSSL replacing WolfSSL, the problem is gone as well.
Firefox is current, yes.
But Again, I am pretty sure it is not Firefox related. I had also running ngnix a while until I moved it to docker, and while I had wolfssl with cert, I noticed, that it failed to come up. (Don't have the logs anymore, as I said, I am testing everything right now). That Problem disappeared as well, when I switched to OpenSSL.
Anything in particular I should take care of? Posting the whole result seems to be a bit long.I just did that, and got a response to an extend, I can see a certificate and so on. A first look seems to give me same results, fresh after start (Firefox error), and after a few minutes (Firefox working)
Seems like you found a solution, but it is not clear what in this thread was the solution you liked. Could you post a follow up summary/post-mortem?
I'm having this problem as well. Symptoms are exactly as described in OP. I don't see a way to "switch" to openssl, however, since there is no libustream-openssl and no luci-ssl-openssl pkg in OpenWRT 20.02.1. Even if there was, it's not clear how to switch a live system. Also, it's not clear how to "delete packages" using imageBuilder. I use imageBuilder and I only know how to add packages to the core list.