Fallback to insecure connection when connecting to S3 with SSL

Does Duplicati try to fall back to insecure connection via S3 even when SSL checkbox is selected?

I’m getting TLS negotiation errors on my Minio server inconsistently and their team suggested a client might be trying an insecure connection. Duplicati is the only client connecting to my Minio server and I confirmed that the connection that fails to negotiate TLS is coming from Duplicati.

I enabled the option to accept-any-ssl-certificate and it does work most of the time. The errors are sporadic.

These errors show up in Duplicati log:

Operation List with file attempt 5 of 5 failed with message: A WebException with status TrustFailure was thrown.
Amazon.Runtime.AmazonServiceException: A WebException with status TrustFailure was thrown. —> System.Net.WebException: Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
at /home/abuild/rpmbuild/BUILD/mono- —> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
at /home/abuild/rpmbuild/BUILD/mono-


I just found this bug today, but basically the TrayIcon keeps a connection to the webserver, and this connection overrides the running backup’s settings :confused:

I even marked it as a TODO, but then completely forgot about it:

This means that the --accept-any-ssl-certificate is reset every time the tray-icon requests the status from the webserver …

I think the errors you see on Minio are caused by Duplicati dropping the connection when it sees the invalid certificate.

1 Like