Open ccoenen opened 2 years ago
@ccoenen - I apologize for the delay in replying.
I unfortunately don't have a Windows machine to test, but I would still assume your issue is either around the SSL certificate and/or options being passed to the Barrier server or Waynergy client. I may be wrong, but I don't this this is related to your Windows OpenSSL versions. Though my Barrier server is in Linux, I thought I would share my options and configurations to see if there is something strikingly obvious.
/usr/bin/barriers \
--config ~/.barrier.conf \
--no-daemon \
--enable-crypto \
--disable-client-cert-checking \
--debug INFO
~/.barrier.conf
file contains nothing related to SSL or encryption. ~/.local/share/barrier/SSL/Barrier.pem
. I believe this was generated by Barrier at some point.~/.local/share/barrier/SSL/Fingerprints/Local.txt
file, I have two lines. The first starts with v2:sha1:
and the second starts with v2:sha256:
./usr/bin/waynergy \
--loglevel 1 \
--host [IPV4_OF_ABOVE_BARRIER_SERVER] \
--name [NAME_OF_THIS_CLIENT_MACHINE_USED_IN_BARRIERS_CONFIG] \
--enable-crypto \
--enable-tofu \
--fatal-none
~/.config/waynergy/xkb_keymap
.~/.config/waynergy/tls/hash/
, and automatically generated what appear to be OpenSSL SHA256 hashes of Barrier servers it connects to. I didn't do anything here; it generated these automatically. Whenever the Waynergy client attempts to the Barrier server, occasionally it does throw an SSL connection/protocol error, but ends up connecting on the next retry.
My Barrier appears to be started with this command, according to the logfile (configured from the gui, yes the "SSL" checkbox is checked.)
"C:/Program Files/Barrier/barriers.exe" \
-f \ (=== --no-daemon)
--no-tray \
--debug DEBUG1 \
--name name-redacted \
--ipc \
--stop-on-desk-switch \
--enable-drag-drop \
--profile-dir "C:\Users\redacted\AppData\Local\Barrier" \
--disable-client-cert-checking \
-c "C:/Users/redacted/AppData/Local/Temp/Barrier.gUvJOo" \ (=== --config)
--address :24800
The previous parameters are not working.
I now tried manually starting barrier server with parameters more closely resembling yours:
"C:/Program Files/Barrier/barriers.exe" \
--config "C:/Users/redacted/AppData/Local/Temp/Barrier.gUvJOo" \
--no-daemon \
--enable-crypto \
--disable-client-cert-checking \
--debug DEBUG1 \
--name name-redacted \
--profile-dir "C:\Users\redacted\AppData\Local\Barrier" \
--address :24800
This still does not work. On my wanyergy/linux/client I get the same error as before, and the client is a little more forthcoming with info:
[2022-02-08T19:08:06] DEBUG: Opening new socket: F18C3100
[2022-02-08T19:08:06] INFO: OpenSSL 1.0.2l 25 May 2017
[2022-02-08T19:08:06] DEBUG1: openSSL : compiler: cl /MD /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE
[2022-02-08T19:08:06] DEBUG1: openSSL : built on: reproducible build, date unspecified
[2022-02-08T19:08:06] DEBUG1: openSSL : VC-WIN64A
[2022-02-08T19:08:06] DEBUG1: OPENSSLDIR: "C:\OpenSSL/ssl"
[2022-02-08T19:08:06] ERROR: ssl error occurred (generic failure)
[2022-02-08T19:08:06] ERROR: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
[2022-02-08T19:08:06] ERROR: failed to accept secure socket
[2022-02-08T19:08:06] INFO: client connection may not be secure
It should be noted that --enable-crypto
is the default now, and it's deprecated to explicitly specify.
I can also offer a wireshark packet capture. My client is trying to do a TLSv1.2 handshake and offers these suites as part of the Client Hello: The direct response to that is the server sending back the handshake-failure:
So, I tried to find which cipher suites the server would have accepted, using this script found on Stack Overflow:
$ ./test_server.sh 192.168.--.--:24800
Obtaining cipher list from LibreSSL 3.3.3.
Testing AEAD-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing AEAD-CHACHA20-POLY1305-SHA256...NO (sslv3 alert handshake failure)
Testing AEAD-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure)
Testing GOST2012256-GOST89-GOST89...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing GOST2001-GOST89-GOST89...NO (sslv3 alert handshake failure)
Testing AECDH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA256-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...YES
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA256...NO (sslv3 alert handshake failure)
Testing CAMELLIA256-SHA...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA128-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA256...YES
Testing AES128-SHA...YES
Testing CAMELLIA128-SHA256...NO (sslv3 alert handshake failure)
Testing CAMELLIA128-SHA...YES
Testing ECDHE-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing RC4-SHA...YES
Testing RC4-MD5...YES
Testing ECDHE-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...YES
Testing ECDHE-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing GOST2012256-NULL-STREEBOG256...NO (sslv3 alert handshake failure)
Testing GOST2001-NULL-GOST94...NO (sslv3 alert handshake failure)
Testing AECDH-NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-SHA256...NO (sslv3 alert handshake failure)
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)
So the overlap would be:
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
But somehow the server does not want to use them.
interestingly, barriers.exe
logs this for any successful connection attempt by the tls test script:
[2022-02-08T20:11:42] DEBUG: Opening new socket: 0F68B380
[2022-02-08T20:11:42] INFO: OpenSSL 1.0.2l 25 May 2017
[2022-02-08T20:11:42] DEBUG1: openSSL : compiler: cl /MD /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE
[2022-02-08T20:11:42] DEBUG1: openSSL : built on: reproducible build, date unspecified
[2022-02-08T20:11:42] DEBUG1: openSSL : VC-WIN64A
[2022-02-08T20:11:42] DEBUG1: OPENSSLDIR: "C:\OpenSSL/ssl"
[2022-02-08T20:11:42] INFO: accepted secure socket
[2022-02-08T20:11:42] DEBUG1: available local ciphers:
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-CAMELLIA256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-CAMELLIA256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-SEED-SHA SSLv3 Kx=DH/RSA Au=DH Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-SEED-SHA SSLv3 Kx=DH/DSS Au=DH Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-CAMELLIA128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-CAMELLIA128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
[2022-02-08T20:11:42] DEBUG1: PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: available remote ciphers:
[2022-02-08T20:11:42] DEBUG1: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] INFO: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] NOTE: accepted client connection
[2022-02-08T20:11:42] DEBUG: ssl connection closed
[2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::inputReady as 41
[2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::outputError as 42
[2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::inputFormatError as 43
[2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::outputShutdown as 44
[2022-02-08T20:11:42] DEBUG1: saying hello
[2022-02-08T20:11:42] DEBUG1: registered event type ClientProxyUnknownEvents::success as 45
[2022-02-08T20:11:42] DEBUG1: registered event type ClientProxyUnknownEvents::failure as 46
[2022-02-08T20:11:42] NOTE: new client disconnected
I did also generate a new key/cert with the command from the wiki (slightly modified for longer validity):
openssl req -x509 -nodes -days 3650 -subj /CN=Barrier -newkey rsa:4096 -keyout C:\Users\user\AppData\Local\Barrier\SSL\Barrier.pem -out C:\Users\user\AppData\Local\Barrier\SSL\Barrier.pem
Which also did not help.
I just tested a few things.
In full transparency, I recently switched the laptop that was using Waynergy/Sway back to Barrier/xmonad, so I'm not using this actively.
My first thought was to see if there had been Waynergy updates since I last used it, and there were. I updated to the latest release (0.0.9), ran Sway, then ran the same Waynergy command that I mentioned before. It connected without any issues other than wl-clipboard (which I had disabled after moving back to xmonad).
Now that I'm home, my second thought was to try to run a Barrier server on my Windows 10 desktop, then have this same Waynergy/Sway client attempt to connect to it. I setup Barrier as a server, enabled SSL, disabled "Require client certificate" (which I think is off by default), added a single screen for the Waynergy/Sway client, then started the daemon. On the Waynergy/Sway client, I used identical settings, except I switched the host to the IP of the Windows instance. Outside wl-clipboard issues, this worked as well. The version of Barrier I'm using on Windows is 2.4.0-release-3e0d758b
/ Build Date: Monday, November 1
.
Of note, the version of OpenSSL that Windows Barrier is reporting is also OpenSSL 1.0.2l
and it's connecting using the AES256-GCM-SHA384
cipher (one that you mentioned overlapped).
Note: The Waynergy/Sway desktop name is lilbaby
and the Windows 10 Barrier server hostname is DESKTOP-0FB7731
/100.119.84.38
.
[2022-02-08T17:06:47] DEBUG: started process, session=1, elevated: yes, command="C:/Program Files/Barrier/barriers.exe" -f --no-tray --debug DEBUG --name DESKTOP-0FB7731 --ipc --enable-drag-drop --profile-dir "C:\Users\Josh Skidmore\AppData\Local\Barrier" --disable-client-cert-checking -c "C:/Users/Josh Skidmore/AppData/Local/Temp/Barrier.fWXqvG" --address :24800
[2022-02-08T17:07:05] DEBUG: Opening new socket: B5788260
[2022-02-08T17:07:05] INFO: OpenSSL 1.0.2l 25 May 2017
[2022-02-08T17:07:05] INFO: accepted secure socket
[2022-02-08T17:07:05] INFO: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T17:07:05] NOTE: accepted client connection
[2022-02-08T17:07:05] ERROR: invalid message from client "lilbaby": CCLP
[2022-02-08T17:07:05] DEBUG: Closing socket: B5788260
[2022-02-08T17:07:05] NOTE: new client disconnected
[2022-02-08T17:07:06] DEBUG: Opening new socket: B579F340
[2022-02-08T17:07:06] INFO: OpenSSL 1.0.2l 25 May 2017
[2022-02-08T17:07:06] INFO: accepted secure socket
[2022-02-08T17:07:06] INFO: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T17:07:06] NOTE: accepted client connection
[2022-02-08T17:07:06] DEBUG: ssl connection closed
[2022-02-08T17:07:06] NOTE: new client disconnected
[2022-02-08T17:07:06] DEBUG: Closing socket: B579F340
[2022-02-08T17:07:06] DEBUG: Opening new socket: B579F5E0
[2022-02-08T17:07:06] INFO: OpenSSL 1.0.2l 25 May 2017
[2022-02-08T17:07:06] INFO: accepted secure socket
[2022-02-08T17:07:06] INFO: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T17:07:06] NOTE: accepted client connection
[2022-02-08T17:07:06] DEBUG: received client "lilbaby" info shape=0,0 1827x1142 at 0,0
[2022-02-08T17:07:06] DEBUG: active sides: 2
[2022-02-08T17:07:06] NOTE: client "lilbaby" has connected
Note: It was on debug verbosity, so I redacted a couple unnecessary log lines.
/usr/bin/waynergy --loglevel debug --host 100.119.84.38 --name lilbaby --enable-crypto --enable-tofu --fatal-none
...
0.025263090: [DEBUG] Got idle manager
0.025554944: [DEBUG] Mutating output...
0.025573111: [DEBUG] Got output at position 0,0
0.025580995: [DEBUG] Got current mode: 2560x1600@60002
0.025587744: [INFO] Not using preferred mode on output -- check config
...
0.031185610: [INFO] Going to connect to 100.119.84.38 at port 24800
0.358550403: [DEBUG] Section tls not found in INI
0.528657234: [INFO] Trust-on-first-use enabled, saving hash SHA256:11dc2183fafee253ac5f31173a28ea76b5d3307cdd611bf20a6df5c535fdcd91
0.528817105: [INFO] Server is Barrier 1.6
0.528848088: [INFO] Connected as client "lilbaby"
0.528857511: [DEBUG] Accepting
0.528873611: [DEBUG] Accepting
0.528887784: [DEBUG] Clipboard data read for c: 63 bytes
0.528920804: [DEBUG] Clipboard data read for p: 63 bytes
@ccoenen Were you able to get your setup working?
No, sadly nothing really changed for me. As soon as I turn on encryption the two just won't connect with the error above.
Reading your comments led me to switch from Barrier to Input Leap which solved the issue for me. While Input Leap project doesn't build their packages, the binary from Github Actions artifacts works.
What happened?
On the Wayland-Support ticket (#109) I reported this issue earlier, but it's a separate issue that only clutters that thread. Currently, my barrier on windows is in version 2.4.0 (current version at time of writing) and it seems to ship with OpenSSL 1.0.2l from 2017.
on my system, there would be a more recent openssl available, this is the one on the system's
PATH
:But from within barrier, the shipped 1.0.2l seems to be used:
This leads to connection problems with waynergy compiled with a more recent openssl version (and therefore no matching ciphers, apparently). The connection attempts can be seen above.
(originally from https://github.com/debauchee/barrier/issues/109#issuecomment-1016539840, and I already tried the suggestions by @joshskidmore https://github.com/debauchee/barrier/issues/109#issuecomment-1016526113 and @brmnjsh https://github.com/debauchee/barrier/issues/109#issuecomment-1030988825 )
Version
v2.4.0
Git commit hash (if applicable)
3e0d758b
If applicable, where did you install Barrier from?
BarrierSetup-2.4.0-release.exe
from this project's release page.What OSes are you seeing the problem on? (Check all that apply)
Windows
What OS versions are you using?
Windows 10, Version 21H1 Build 19043.1466)
Relevant log output
Any other information
I am trying to connect a waynergy client (linux) to the barrier server (windows)