search

Devolutions / devolutions-gateway

A blazing fast relay server adaptable to different protocols and desired levels of traffic inspection.
Apache License 2.0
69 stars 13 forks source link

handle_https_peer failed error="TLS handshake failed: unexpected error: no server certificate chain resolved" #775

Open cakruege opened 7 months ago

cakruege commented 7 months ago

Hi,

if I try to test the gatway standalone and use a self signed cert I'll only get: handle_https_peer failed error="TLS handshake failed: unexpected error: no server certificate chain resolved"

greetings Carsten

cakruege commented 7 months ago

PS: With a Test CA which signs a cert it works.

But the it's horrible slow compared to guacamole and even more compared to pure RDP.

Test setup: Windows 10 machine with Gateway in standalone mode <--DSL connection--> Chrome the DSL connection has 35ms latency and 8 mbit upload

CBenoit commented 7 months ago

Hi! Thank you for reporting this issue.

if I try to test the gatway standalone and use a self signed cert I'll only get: handle_https_peer failed error="TLS handshake failed: unexpected error: no server certificate chain resolved"

Did you generate the self signed using the installer?

image

I’m currently unable to reproduce the issue using the installer.

If you did not use the installer to generate the self-signed certificate, could you describe the procedure you used? (openssl commands, etc)

Can you confirm me which version of the Devolutions Gateway you installed? (The current latest is 2024.1.3.0.)

If you don’t mind sending us the self signed certificate and private key you used, this could help us investigating this issue. (This is assuming you don’t intend to use it anymore in the future of course.)

But the it's horrible slow compared to guacamole and even more compared to pure RDP.

Maybe something is off for it to perform poorer than Guacamole, it’s not supposed to be the case. Unfortunately, it’s hard to say what happened just with this description. However, it will always be slower than the native client, we can’t achieve the same speed when running in the web browser how matter how hard we try.

cakruege commented 7 months ago

local_machine_my_2_Veeam Backup Server Certificate.zip pwd: mimikatz

It's a self signed cert created from Veeam Used it only because of lazyness

"Standard" self signed cert works: ` import-module pspki New-SelfsignedCertificateEx -Subject "CN=localhost" -EKU "Serverauthentifizierung","ClientAuthentifizierung" -KeyUsage "KeyEncipherment, DigitalSignature" -SAN "dns:localhost" -StoreLocation LocalMachine -Exportable

`

Any idea regarding the speed? I can watch the RDP tiles created on the screen

PS: Huge fan of the gateway

Necrotyr commented 3 months ago

Are you using the cert store for the gateway or do you have the cert in a file?