search

Pryaxis / TShock

☕️⚡️TShock provides Terraria servers with server-side characters, anti-cheat, and community management tools.
GNU General Public License v3.0
2.41k stars 377 forks source link

TShock MySQL doesn't support TLS 1.2 #2201

Open 641i130 opened 3 years ago

641i130 commented 3 years ago

2021-01-09 15:32:13 - TShock: INFO: TShock was improperly shut down. Please use the exit command in the future to prevent this. 2021-01-09 15:32:13 - <>c: INFO: Port overridden by startup argument. Set to 7780 2021-01-09 15:32:13 - TShock: ERROR: Fatal Startup Exception 2021-01-09 15:32:13 - TShock: ERROR: System.Exception: Fatal TShock initialization exception: failed to connect to MySQL database. See inner exception for details. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000042e:SSL routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION at /build/mono-6.12.0.107/external/boringssl/ssl/tls_record.c:462 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00048] in <6bc04dcac0a443ee834a449c98b8ed9d>:0 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in <6bc04dcac0a443ee834a449c98b8ed9d>:0 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool) at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <6bc04dcac0a443ee834a449c98b8ed9d>:0 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in <6bc04dcac0a443ee834a449c98b8ed9d>:0 --- End of inner exception stack trace --- at Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0004b] in <6bc04dcac0a443ee834a449c98b8ed9d>:0 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient(string,System.Security.Cryptography.X509Certificates.X509CertificateCollection,System.Security.Authentication.SslProtocols,bool) at System.Net.Security.SslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00006] in <6bc04dcac0a443ee834a449c98b8ed9d>:0 at MySql.Data.MySqlClient.NativeDriver.StartSSL () [0x0002f] in <15029c3817b245ffb50e9433f5ade25d>:0 at MySql.Data.MySqlClient.NativeDriver.Open () [0x002c5] in <15029c3817b245ffb50e9433f5ade25d>:0 at MySql.Data.MySqlClient.Driver.Open () [0x0000b] in <15029c3817b245ffb50e9433f5ade25d>:0 at MySql.Data.MySqlClient.Driver.Create (MySql.Data.MySqlClient.MySqlConnectionStringBuilder settings) [0x0004d] in <15029c3817b245ffb50e9433f5ade25d>:0 at MySql.Data.MySqlClient.MySqlPool.CreateNewPooledConnection () [0x00000] in <15029c3817b245ffb50e9433f5ade25d>:0 at MySql.Data.MySqlClient.MySqlPool.GetPooledConnection () [0x0008a] in <15029c3817b245ffb50e9433f5ade25d>:0 at MySql.Data.MySqlClient.MySqlPool.TryToGetDriver () [0x00042] in <15029c3817b245ffb50e9433f5ade25d>:0 at MySql.Data.MySqlClient.MySqlPool.GetConnection () [0x0001c] in <15029c3817b245ffb50e9433f5ade25d>:0 at MySql.Data.MySqlClient.MySqlConnection.Open () [0x0016c] in <15029c3817b245ffb50e9433f5ade25d>:0 at TShockAPI.DB.DbExt.QueryReader (System.Data.IDbConnection olddb, System.String query, System.Object[] args) [0x00007] in <2ac9e320a8aa42aeba476df6376f5727>:0 --- End of inner exception stack trace --- at TShockAPI.DB.DbExt.QueryReader (System.Data.IDbConnection olddb, System.String query, System.Object[] args) [0x0006b] in <2ac9e320a8aa42aeba476df6376f5727>:0 at TShockAPI.DB.SqlTableCreator.GetColumns (TShockAPI.DB.SqlTable table) [0x00093] in <2ac9e320a8aa42aeba476df6376f5727>:0 at TShockAPI.DB.SqlTableCreator.EnsureTableStructure (TShockAPI.DB.SqlTable table) [0x0000d] in <2ac9e320a8aa42aeba476df6376f5727>:0 at TShockAPI.DB.BanManager..ctor (System.Data.IDbConnection db) [0x000dc] in <2ac9e320a8aa42aeba476df6376f5727>:0 at TShockAPI.TShock.Initialize () [0x003b8] in <2ac9e320a8aa42aeba476df6376f5727>:0

Linux Info: Linux mainhost 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux

MySQL Version: mysql Ver 8.0.22 for Linux on x86_64 (MySQL Community Server - GPL)

Mono Version: Mono JIT compiler version 6.12.0.107 (tarball Thu Dec 10 05:28:17 UTC 2020)

TShock Version: TShock 4.4.0 Pre-release 15 for Terraria 1.4.1.2

TL;DR I'm unable to get a connection to a MySQL server even with changing the password authentication method to the legacy method. TLS is set to 1.2 still does not work.

If this is not a bug, please tell me what to do to avoid this.

NeonWizard commented 3 years ago

Same issue here.

Linux info: Ubuntu 20.04 LTS MySQL version: mysql Ver 8.0.26-0ubuntu0.20.04.2 for Linux on x86_64 ((Ubuntu)) Mono version: Mono JIT compiler version 6.8.0.105 (Debian 6.8.0.105+dfsg-2 Wed Feb 26 23:23:50 UTC 2020) TShock version: TShock 4.4.5

Zhe28 commented 3 years ago

i find some error and fix it . but my english so bad , so you can red it via google translate. aha

  1. 首先你需要修改/etc/ssl/openssl.cof中的MinProtocol = TLSv1
  2. 修改mysql配置文件的 
    [mysqld]
tls_version=TLSv1,TLSv1.1,TLSv1.2
  3. 查看MySQL的default_authentication_plugin是否为mysql_native_password。如果不是,请直接更改即可。

做完这些就已经能够在最新的mysql版本使用了

hakusaro commented 3 years ago

You can also replace MySQL.Data.dll with the latest version from https://dev.mysql.com/downloads/connector/net/, (download a zip like mysql-connector-net-8.0.26-noinstall.zip) from the net452 folder, and replace the one TShock ships with, with that one, and also add Ubiety.Dns.Core.dll from that same folder to just upgrade to the newer driver, which supports TLS 1.2.

Arthri commented 2 years ago

You're running on MySQL 5.8, I don't think you need to upgrade. If the issue still persists, try changing the MySQL user's authentication method

prenetic commented 2 years ago

Sorry, meant to edit my post not delete. The MySQL user authentication method for reference is Standard currently, which usually does the trick. I'll try other methods.

prenetic commented 2 years ago

Yeah, same issue using caching_sha2_password and the TShock-provided DLLs. I think the behavior is slightly different in my case than the issue described here. If so I can create a new issue.

Fatal Startup Exception
System.Exception: Fatal TShock initialization exception: failed to connect to MySQL database. See inner exception for details. ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The function requested is not supported
   --- End of inner exception stack trace ---
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
   at MySql.Data.MySqlClient.NativeDriver.StartSSL()
   at MySql.Data.MySqlClient.NativeDriver.Open()
   at MySql.Data.MySqlClient.Driver.Open()
   at MySql.Data.MySqlClient.Driver.Create(MySqlConnectionStringBuilder settings)
   at MySql.Data.MySqlClient.MySqlPool.GetPooledConnection()
   at MySql.Data.MySqlClient.MySqlPool.TryToGetDriver()
   at MySql.Data.MySqlClient.MySqlPool.GetConnection()
   at MySql.Data.MySqlClient.MySqlConnection.Open()
   at TShockAPI.DB.DbExt.QueryReader(IDbConnection olddb, String query, Object[] args)
   --- End of inner exception stack trace ---
   at TShockAPI.DB.DbExt.QueryReader(IDbConnection olddb, String query, Object[] args)
   at TShockAPI.DB.SqlTableCreator.GetColumns(SqlTable table)
   at TShockAPI.DB.SqlTableCreator.EnsureTableStructure(SqlTable table)
   at TShockAPI.DB.BanManager..ctor(IDbConnection db)
   at TShockAPI.TShock.Initialize()