search

AMoo-Miki / homebridge-tuya-lan

Homebridge plugin for IoT devices that use Tuya Smart's platform
MIT License
204 stars 52 forks source link

Error getting the id and key (ERR_SSL_SSLV3_ALERT_BAD_CERTIFICATE) #163

Open jim788e opened 4 years ago

jim788e commented 4 years ago

i follow the setup instructions and i get thiss message. The same message repeat 4 times that is the number of my devices. i use the stable version end the homebridge-tuya-lan@1.5.0-rc.12 with the same result. in my iphone take this screenshot is in greek for (error of network connection.please check the network status) Also i try to get the id with charles proxy from my pc and i have the same error. perhaps tuya chenage something with the secure conection.

Error: ERR_TLS_HANDSHAKE_TIMEOUT Error [ERR_TLS_HANDSHAKE_TIMEOUT]: TLS handshake timeout at TLSSocket._handleTimeout (_tls_wrap.js:744:22) at Object.onceWrapper (events.js:312:28) at TLSSocket.emit (events.js:223:5) at TLSSocket.Socket._onTimeout (net.js:474:8) at listOnTimeout (internal/timers.js:531:17) at processTimers (internal/timers.js:475:7) { code: 'ERR_TLS_HANDSHAKE_TIMEOUT' Error: ERR_SSL_SSLV3_ALERT_BAD_CERTIFICATE [Error: 1995883536:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 42 ] { library: 'SSL routines', function: 'ssl3_read_bytes', reason: 'sslv3 alert bad certificate', code: 'ERR_SSL_SSLV3_ALERT_BAD_CERTIFICATE'

codyc1515 commented 4 years ago

It looks like the Tuya app verifies the certificate (aka. certificate pinning). I don't know if we will be able to work around this.

jim788e commented 4 years ago

certificate pinning Stupid Tuya Key Pinning turned out to cause more problems than it solved. It was frequently misconfigured by site owners, plus in the event of a site compromise, attackers could maliciously pin a cert that the site owner didn't control. Key Pinning was deprecated in 2017, and was removed entirely from Chrome and Firefox in Nov. 2019. It was never supported to begin with by IE and Safari.

codyc1515 commented 4 years ago

Not really. As in this example you can no longer man-in-the-middle attack the app. I'm not sure how I'm going to get my devices set-up now.

codyc1515 commented 4 years ago

Update: I managed to set them up using a different Tuya app that didn't have certificate pinning enabled. The app is called Grid Connect on the iOS App Store.

jim788e commented 4 years ago

Update: I managed to set them up using a different Tuya app that didn't have certificate pinning enabled. The app is called Grid Connect on the iOS App Store.

how ; using this addon with credentials from Grid Connect?