sslv3 alert handshake failure

doudz commented 3 years ago

Problem is back again I suspect a system update because I haven't change my /etc/ssl/openssl.cnf and it's not working anymore since days Previously to make it work I set the following

MinProtocol = None
CipherString = DEFAULT

(homeassistant) pi@patatz:~ $ python3 -m bosch_thermostat_client.bosch_cli query --device EASYCONTROL --host xxxxxxxx --token xxxxxxxxxx --protocol XMPP --password xxxxxxxxx  -p /
2021-05-08 07:37:40 INFO (MainThread) [__main__] Connecting to 101027819 with 'XMPP'
2021-05-08 07:37:40 INFO (MainThread) [__main__] Query succeed: /
2021-05-08 07:37:41 ERROR (MainThread) [asyncio] Fatal error on tls handshake
protocol: <aioxmpp.protocol.XMLStream object at 0x72c393b8>
transport: <aioopenssl.STARTTLSTransport object at 0x72c2cf48>
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]
2021-05-08 07:37:41 ERROR (MainThread) [asyncio] Exception in callback None()
handle: <Handle cancelled>
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.8/asyncio/events.py", line 81, in _run
    self._context.run(self._callback, *self._args)
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 370, in _tls_do_handshake
    self._waiter.set_exception(exc)
asyncio.exceptions.InvalidStateError: invalid state
2021-05-08 07:37:42 ERROR (MainThread) [asyncio] Fatal error on tls handshake
protocol: <aioxmpp.protocol.XMLStream object at 0x72c39bb0>
transport: <aioopenssl.STARTTLSTransport object at 0x722db948>
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]
2021-05-08 07:37:42 ERROR (MainThread) [asyncio] Exception in callback None()
handle: <Handle cancelled>
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.8/asyncio/events.py", line 81, in _run
    self._context.run(self._callback, *self._args)
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 370, in _tls_do_handshake
    self._waiter.set_exception(exc)
asyncio.exceptions.InvalidStateError: invalid state
2021-05-08 07:37:43 ERROR (MainThread) [asyncio] Fatal error on tls handshake
protocol: <aioxmpp.protocol.XMLStream object at 0x7223d688>
transport: <aioopenssl.STARTTLSTransport object at 0x7223f408>
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]
2021-05-08 07:37:43 ERROR (MainThread) [asyncio] Exception in callback None()
handle: <Handle cancelled>
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.8/asyncio/events.py", line 81, in _run
    self._context.run(self._callback, *self._args)
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 370, in _tls_do_handshake
    self._waiter.set_exception(exc)
asyncio.exceptions.InvalidStateError: invalid state
2021-05-08 07:37:45 ERROR (MainThread) [asyncio] Fatal error on tls handshake
protocol: <aioxmpp.protocol.XMLStream object at 0x7223d4d8>
transport: <aioopenssl.STARTTLSTransport object at 0x7223fbc8>
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]
2021-05-08 07:37:45 ERROR (MainThread) [asyncio] Exception in callback None()
handle: <Handle cancelled>
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.8/asyncio/events.py", line 81, in _run
    self._context.run(self._callback, *self._args)
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 370, in _tls_do_handshake
    self._waiter.set_exception(exc)
asyncio.exceptions.InvalidStateError: invalid state
2021-05-08 07:37:45 WARNING (MainThread) [aioxmpp.node.PresenceManagedClient] out of connection attempts
2021-05-08 07:37:45 ERROR (MainThread) [aioxmpp.node.PresenceManagedClient] main failed
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 837, in _on_main_done
    task.result()
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 997, in _main
    await self._main_impl()
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 952, in _main_impl
    tls_transport, xmlstream, features = await connect_xmlstream(
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 390, in connect_xmlstream
    result = await _try_options(
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 241, in _try_options
    transport, xmlstream, features = await conn.connect(
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/connector.py", line 263, in connect
    await stream.starttls(
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/protocol.py", line 747, in starttls
    await self._transport.starttls(ssl_context, post_handshake_callback)
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 732, in starttls
    await self._waiter
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]
Traceback (most recent call last):
  File "/usr/lib/python3.8/runpy.py", line 194, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/srv/homeassistant/lib/python3.8/site-packages/bosch_thermostat_client/bosch_cli.py", line 311, in <module>
    asyncio.get_event_loop().run_until_complete(cli())
  File "/srv/homeassistant/lib/python3.8/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/srv/homeassistant/lib/python3.8/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/srv/homeassistant/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/srv/homeassistant/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/srv/homeassistant/lib/python3.8/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/srv/homeassistant/lib/python3.8/site-packages/click/decorators.py", line 21, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/srv/homeassistant/lib/python3.8/site-packages/bosch_thermostat_client/bosch_cli.py", line 62, in wrapper
    return asyncio.run(f(*args, **kwargs))
  File "/usr/lib/python3.8/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
  File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
    return future.result()
  File "/srv/homeassistant/lib/python3.8/site-packages/bosch_thermostat_client/bosch_cli.py", line 306, in query
    await _runquery(gateway, path)
  File "/srv/homeassistant/lib/python3.8/site-packages/bosch_thermostat_client/bosch_cli.py", line 55, in _runquery
    result = await gateway.raw_query(path)
  File "/srv/homeassistant/lib/python3.8/site-packages/bosch_thermostat_client/gateway/base_gateway.py", line 290, in raw_query
    return await self._connector.get(path)
  File "/srv/homeassistant/lib/python3.8/site-packages/bosch_thermostat_client/connectors/xmpp.py", line 75, in get
    data = await self._request(method=GET, path=path)
  File "/srv/homeassistant/lib/python3.8/site-packages/bosch_thermostat_client/connectors/xmpp.py", line 102, in _request
    await self.start()
  File "/srv/homeassistant/lib/python3.8/site-packages/bosch_thermostat_client/connectors/xmpp.py", line 93, in start
    self._xmppstream = await self._st.enter_async_context(
  File "/usr/lib/python3.8/contextlib.py", line 568, in enter_async_context
    result = await _cm_type.__aenter__(cm)
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 1652, in __aenter__
    await conn_future
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 837, in _on_main_done
    task.result()
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 997, in _main
    await self._main_impl()
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 952, in _main_impl
    tls_transport, xmlstream, features = await connect_xmlstream(
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 390, in connect_xmlstream
    result = await _try_options(
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/node.py", line 241, in _try_options
    transport, xmlstream, features = await conn.connect(
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/connector.py", line 263, in connect
    await stream.starttls(
  File "/srv/homeassistant/lib/python3.8/site-packages/aioxmpp/protocol.py", line 747, in starttls
    await self._transport.starttls(ssl_context, post_handshake_callback)
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 732, in starttls
    await self._waiter
  File "/srv/homeassistant/lib/python3.8/site-packages/aioopenssl/__init__.py", line 355, in _tls_do_handshake
    self._tls_conn.do_handshake()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1828, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1566, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.8/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]

pszafer commented 3 years ago

maybe try changing SECLEVEL CipherString = DEFAULT@SECLEVEL=2 or 1

doudz commented 3 years ago

I tried without success. What can I check to compare my configuration with yours ?

doudz commented 3 years ago

Any update on this issue ? For information, on the same computer bosch-xmpp works perfectly https://github.com/robertklep/bosch-xmpp So I'm not sure the problem is a global misconfiguration, looks like a "python" problem

pszafer commented 3 years ago

sorry, missed your previous question. You're only one reporting this problem so far. I doubt you can cross compare configuration, I use Alpine Linux or Arch Linux. About bosch-xmpp I can't compare how is it working with bosch-xmpp as it uses deprecated xmpp lib for which docs doesn't exist anymore.

I'd suggest to use wireshark to try to sniff data send by bosch-xmpp get /gateway/uuid vs bosch_cli get /gateway/uuid, maybe there you'd see that eg. bosch-xmpp is failing to none ssl communication (as far as I know bosch-xmpp doesn't verify certificate).

doudz commented 3 years ago

I will try wireshark but for information I have the same problem on 5 machines, on 2 Ubuntu 21.04, a Ubuntu 20.10, on a virtual Ubuntu 18.04 and on a Rpi 3 running Raspbian Buster.... so I really think many people have the problem

pszafer commented 3 years ago

maybe make some example with Docker so I can check if I see what might be wrong

doudz commented 3 years ago

what do you mean ?

make some example with Docker

pszafer commented 3 years ago

create Dockerfile so I can see how you are installing things and I can reproduce it

doudz commented 3 years ago

I made a docker image doudz/bosch_thermostat

pszafer commented 3 years ago

can you share Dockerfile for it? or give me link to docker file you pushed to docker hub (I can't find link with text for this)?

I want to see what you're installing.

doudz commented 3 years ago

I'm not familiar with docker so maybe I did wrong thing. I create a public repo doudz/bosch_thermostat based on ubuntu:hirsute image after that I have done :

apt update
apt full-upgrade
apt install python3 python3-pip
python3 -m pip install bosch-thermostat-client
python3 -m bosch_thermostat_client.bosch_cli query --device EASYCONTROL --host ********* --token ********** --protocol XMPP --password ***********  -p /

https://hub.docker.com/r/doudz/bosch_thermostat

pszafer commented 3 years ago

this would be your Dockerfile:

FROM ubuntu:hirsute

ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
  && apt-get install -y python3-pip python3-dev \
  && cd /usr/local/bin \
  && ln -s /usr/bin/python3 python \
  && pip3 install --upgrade pip && pip3 install bosch-thermostat-client==0.12.1.dev11
ENTRYPOINT ["python3", "-m", "bosch_thermostat_client.bosch_cli"]
CMD ["--help"]

Instructions for you:

Create directory named eg bosch_test
cd bosch_test
create file name Dockerfile and paste above content
docker build -t test .
docker run -it test -> you should see help message of bosch_cli
run docker run -it test query --host=HOST --token=TOKEN --password=PASSWORD --protocol XMPP --device EASYCONTROL -p "/gateway/uuid"
I used this command on 3 machines, tested with IVT, NEFIT and EASYCONTROL and everywhere it was working

If it still fails for you there are several options:

you might want to reach me on discord, we can share screen and I can check on my PC if I can connect to your device (so we will know if it is your PC problem)
check on other computer with Docker if same error occurs,
check on other Internet connection (maybe your router is doing some kind of MITM)

doudz commented 3 years ago

using your dockerfile it works. investigating I found that on my docker I installed bosch_thermostat_client meaning release 0.12.0 which generate the error. No more error on docker using release 0.12.1dev11

I made many test and I found that the problem has been fixed in 0.12.1dev10 you fixed it here https://github.com/bosch-thermostat/bosch-thermostat-client-python/commit/93bdd215da20071c75629007922b2fd6df84129d host change from charlie.ticx.boschtt.net to oscar.ticx.boschtt.net

So it's just a version problem, updating my machines now it works everywhere.

Will you release a stable version soon ?

pszafer commented 3 years ago

I plan to release it "soon", maybe this week as there are at least 2 issues I'm aware of which needs to be fixed. I have a lot of work right now and I can't promise anything unfortunately

doudz commented 3 years ago

Thanks all, closing since not an issue

bosch-thermostat / bosch-thermostat-client-python

sslv3 alert handshake failure #18