Can Pretendo be used to bypass SSL error 032-1035?

I am trying to use my 2DS to browse websites like Wikipedia and Nekoweb, and I keep getting stuck with this SSL error. I know Pretendo patches SSL to allow its own traffic through. Would it be possible for Pretendo to also allow Internet Browser traffic through? I don’t care if this makes my console insecure, as I would be using it to view pages only, not log into them.

I’ve tried 3DS-SSL-Patch and its forks, and I have had no success. I can’t even tell if the patch is running or not.

I have a New 2DS XL on firmware 11.17.0-50U and Luma3DS v13.2.1.

What? Internet browser works for me when using Pretendo on my 2DS XL

I believe the SSL patch you linked only affects the system SSL module (which is used for HTTP requests made by the system, like logging into accounts), not the Internet browser. I’m unsure whether anyone knows how to add custom certificates to the 3DS Internet browser, I couldn’t find any results when I attempted to search for a guide (there is one for Wii U though).

I’m not a patch developer, so I don’t know how difficult it would be to create a patch to disable SSL verification in the browser. As far as I know, this would need to be a completely separate patch from the SSL patch you linked or anything that’s included in Nimbus, so I don’t think this is necessarily in-scope for Pretendo.

1 Like

The SSL patches only disable CA verification. If the site is using an SSL certificate/SSL/TLS features which are just straight up not compatible with the 3DS then just disabling CA verification won’t actually do anything. If I remember correctly, 032-1035 is caused by such incompatibilities. The 3DS and Wii U use MUCH older tech here. They only support TLS 1.1 at the most (the latest being 1.3) which is so old and insecure that the vast majority of tools/sites stopped supporting it years ago. This is actually an issue we’ve been dealing with for some time now, since it’s difficult to find platforms the consoles can use which still support these older standards (at one point as a temporary solution we even ran some services in older Ubuntu containers while we migrated).

If a server only works over TLS 1.2+, and doesn’t have any solution for older/less secure clients, then the 3DS just can’t establish a connection in these cases.

In these cases nothing short of rewriting the console’s SSL stack will fix things. Which is possible in theory, the PS Vita got such a replacement stack GitHub - SKGleba/iTLS-Enso: Adds TLS v1.2 to Enso enabled devices, but it’s quite a lot of dev time and is pretty hard to get right.

2 Likes