TLS error: webpki error: UnsupportedCriticalExtension

[bwintertkb]

Hi guys,

Sorry to bother you with this as I understand it's not directly related to your library but when I'm at the office and I run

let (mut socket, mut res) = connect_async( Url::parse("wss://stream.binance.com:9443/ws/btcusdt@trade") .expect("Can't connect to case count URL"), ) .await?;

it works fine. However, when I do the same at home I get the following error "TLS error: webpki error: UnsupportedCriticalExtension"

I'm pretty new to TLS, could someone advise me on how to resolve this issue?

Thank you in advance!

[bwintertkb]

Just an update. It works in wsl but not windows 11 Version 10.0.22000 Build 22000.

[daniel-abramov]

Interesting. There must be a difference in the system configuration. May I ask you what TLS features you have enabled? The idea that I have in mind is to use the corresponding library that is used for TLS (rustls or something else) and use their stream connector outside of TLS to try to connect to the server in order to get a more verbose error.

[bwintertkb]

Interesting. There must be a difference in the system configuration. May I ask you what TLS features you have enabled? The idea that I have in mind is to use the corresponding library that is used for TLS (rustls or something else) and use their stream connector outside of TLS to try to connect to the server in order to get a more verbose error.

hey mate,

thanks for your reply. My TLS features :) let me know if anything else will be useful

[daniel-abramov]

Sorry, I did not mean the Windows TLS configuration, I implied the features that you enabled with tungstenite / tokio-tungstenite related to the TLS 🙂

Basically my suggestion is to narrow down the error to the place where it actually happens to be able to say why exactly it fails. Let's say you're using the rustls, in this case the issue will be reproducible by just creating a small SSCCE with rustls which is likely to log a more verbose error when something fails that may answer the question directly (or, in the worst case, enable to share the details with the maintainers, or check them online).

[bwintertkb]

gotcha! Sorry about the first reply. This is what I have in my TOML file

tokio-tungstenite = {version = "*", features=["rustls-tls-native-roots"]}

[bwintertkb]

Just changed it to use native-tls. It works now on windows 11 :)

[daniel-abramov]

Ok, great 👍

So it must have been related to different root certificates apparently, or to be more precise to the way these are accessed/used by the rustls and native-tls (native-tls relies on SChannel on Windows, whereas rustls is written in Rust, so it does not talk to the SChannel at all).

[bwintertkb]

Ok, great 👍

So it must have been related to different root certificates apparently, or to be more precise to the way these are accessed/used by the rustls and native-tls (native-tls relies on SChannel on Windows, whereas rustls is written in Rust, so it does not talk to the SChannel at all).

Thanks a lot for the explanation! And your replies