Closed JimmyMow closed 3 years ago
Can you be more specific about how your attempts to use gRPC with Tor have failed so far?
Hi @murgatroid99 . I've been running some tests on this:
I have a grpc service running on port 10009
and have a Tor set up to expose this endpoint.
If I try connecting over the .onion
address with grpc-js
I get a Failed to connect before the deadline
timeout (connecting over the clearnet IP address directly works as expected).
I tried switching out grpc-js
for grpc
and tried the same again with debugging enabled. As you can see, it seems to be failing to resolve the .onion
domain name:
I1009 02:43:10.001460000 4480984512 secure_channel_create.cc:201] grpc_secure_channel_create(creds=0x10280dcb0, target=snhv55vqujlctlzwv4gavwzjlemafnbo7hexqcalh37iniolcspvfhad.onion:10009, args=0x102a42810, reserved=0x0)
I1009 02:43:10.001540000 4480984512 init.cc:164] grpc_init(void)
I1009 02:43:10.001561000 4480984512 client_idle_filter.cc:294] (client idle filter) created with max_leisure_time = 1800000 ms
I1009 02:43:10.001574000 4480984512 client_channel.cc:1367] chand=0x10481d860: creating client_channel for channel stack 0x10481d680
I1009 02:43:10.001975000 4480984512 channel_connectivity.cc:43] grpc_channel_check_connectivity_state(channel=0x10481d600, try_to_connect=1)
I1009 02:43:10.001989000 4480984512 connectivity_state.cc:79] CONWATCH: 0x10481d930 client_channel: get IDLE
I1009 02:43:10.002024000 4480984512 resolving_lb_policy.cc:196] resolving_lb=0x102815450: starting name resolution
I1009 02:43:10.002030000 4480984512 client_channel.cc:1273] chand=0x10481d860: update: state=CONNECTING picker=0x10281e880
I1009 02:43:10.002033000 4480984512 connectivity_state.cc:147] SET: 0x10481d930 client_channel: IDLE --> CONNECTING [helper]
D1009 02:43:10.002039000 4480984512 dns_resolver.cc:242] Start resolving.
I1009 02:43:10.002059000 4480984512 client_channel.cc:1551] chand=0x10481d860: created resolving_lb_policy=0x102815450
I1009 02:43:10.002086000 4480984512 channel_connectivity.cc:232] grpc_channel_watch_connectivity_state(channel=0x10481d600, last_observed_state=0, deadline=gpr_timespec { tv_sec: 1570581800, tv_nsec: 1000000, clock_type: 1 }, cq=0x102a3db60, tag=0x1028040a0)
I1009 02:43:10.002094000 4480984512 connectivity_state.cc:100] CONWATCH: 0x10481d930 client_channel: from IDLE [cur=CONNECTING] notify=0x10280f8a0
I1009 02:43:10.002104000 4480984512 completion_queue.cc:682] cq_end_op_for_next(cq=0x102a3db60, tag=0x1028040a0, error="No Error", done=0x105063480, done_arg=0x102811030, storage=0x102811130)
I1009 02:43:10.002127000 4480984512 completion_queue.cc:960] grpc_completion_queue_next(cq=0x102a3db60, deadline=gpr_timespec { tv_sec: -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=0x0)
I1009 02:43:10.002135000 4480984512 completion_queue.cc:1060] RETURN_EVENT[0x102a3db60]: OP_COMPLETE: tag:0x1028040a0 OK
I1009 02:43:10.002154000 4480984512 channel_connectivity.cc:43] grpc_channel_check_connectivity_state(channel=0x10481d600, try_to_connect=1)
I1009 02:43:10.002206000 4480984512 connectivity_state.cc:79] CONWATCH: 0x10481d930 client_channel: get CONNECTING
I1009 02:43:10.002230000 4480984512 channel_connectivity.cc:232] grpc_channel_watch_connectivity_state(channel=0x10481d600, last_observed_state=1, deadline=gpr_timespec { tv_sec: 1570581800, tv_nsec: 1000000, clock_type: 1 }, cq=0x102a3db60, tag=0x102a42d30)
I1009 02:43:10.002240000 4480984512 connectivity_state.cc:100] CONWATCH: 0x10481d930 client_channel: from CONNECTING [cur=CONNECTING] notify=0x102a36720
I1009 02:43:10.002270000 4480984512 completion_queue.cc:960] grpc_completion_queue_next(cq=0x102a3db60, deadline=gpr_timespec { tv_sec: -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=0x0)
I1009 02:43:10.002280000 4480984512 completion_queue.cc:1060] RETURN_EVENT[0x102a3db60]: QUEUE_TIMEOUT
I1009 02:43:10.003424000 4480984512 dns_resolver.cc:184] dns resolution failed (will retry): {"created":"@1570581790.003407000","description":"getaddrinfo failed","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":72,"grpc_status":14,"os_error":"unknown node or service"}
I1009 02:43:10.003475000 4480984512 resolving_lb_policy.cc:255] resolving_lb=0x102815450: resolver transient failure: {"created":"@1570581790.003448000","description":"DNS resolution failed","file":"../deps/grpc/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc","file_line":189,"grpc_status":14,"referenced_errors":[{"created":"@1570581790.003407000","description":"getaddrinfo failed","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":72,"grpc_status":14,"os_error":"unknown node or service"}]}
I1009 02:43:10.003480000 4480984512 client_channel.cc:1273] chand=0x10481d860: update: state=TRANSIENT_FAILURE picker=0x102a3ba60
I1009 02:43:10.003484000 4480984512 connectivity_state.cc:147] SET: 0x10481d930 client_channel: CONNECTING --> TRANSIENT_FAILURE [helper]
I1009 02:43:10.003600000 4480984512 connectivity_state.cc:160] NOTIFY: 0x10481d930 client_channel: 0x102a36720
D1009 02:43:10.003616000 4480984512 dns_resolver.cc:201] retrying in 1000 milliseconds
I1009 02:43:10.003627000 4480984512 completion_queue.cc:682] cq_end_op_for_next(cq=0x102a3db60, tag=0x102a42d30, error="No Error", done=0x105063480, done_arg=0x102a18760, storage=0x102a18860)
I1009 02:43:10.003638000 4480984512 completion_queue.cc:960] grpc_completion_queue_next(cq=0x102a3db60, deadline=gpr_timespec { tv_sec: -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=0x0)
I1009 02:43:10.003644000 4480984512 completion_queue.cc:1060] RETURN_EVENT[0x102a3db60]: OP_COMPLETE: tag:0x102a42d30 OK
I1009 02:43:10.003659000 4480984512 channel_connectivity.cc:43] grpc_channel_check_connectivity_state(channel=0x10481d600, try_to_connect=1)
I1009 02:43:10.003665000 4480984512 connectivity_state.cc:79] CONWATCH: 0x10481d930 client_channel: get TRANSIENT_FAILURE
I1009 02:43:10.003695000 4480984512 channel_connectivity.cc:232] grpc_channel_watch_connectivity_state(channel=0x10481d600, last_observed_state=3, deadline=gpr_timespec { tv_sec: 1570581800, tv_nsec: 1000000, clock_type: 1 }, cq=0x102a3db60, tag=0x102a3d330)
I1009 02:43:10.003707000 4480984512 connectivity_state.cc:100] CONWATCH: 0x10481d930 client_channel: from TRANSIENT_FAILURE [cur=TRANSIENT_FAILURE] notify=0x102a36720
I1009 02:43:10.003716000 4480984512 completion_queue.cc:960] grpc_completion_queue_next(cq=0x102a3db60, deadline=gpr_timespec { tv_sec: -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=0x0)
I1009 02:43:10.003723000 4480984512 completion_queue.cc:1060] RETURN_EVENT[0x102a3db60]: QUEUE_TIMEOUT
D1009 02:43:11.008246000 4480984512 dns_resolver.cc:242] Start resolving.
I1009 02:43:11.008320000 4480984512 completion_queue.cc:960] grpc_completion_queue_next(cq=0x102a3db60, deadline=gpr_timespec { tv_sec: -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=0x0)
I1009 02:43:11.008339000 4480984512 completion_queue.cc:1060] RETURN_EVENT[0x102a3db60]: QUEUE_TIMEOUT
I1009 02:43:11.008357000 4480984512 completion_queue.cc:960] grpc_completion_queue_next(cq=0x102a3db60, deadline=gpr_timespec { tv_sec: -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=0x0)
I1009 02:43:11.008368000 4480984512 completion_queue.cc:1060] RETURN_EVENT[0x102a3db60]: QUEUE_TIMEOUT
I1009 02:43:11.011218000 4480984512 dns_resolver.cc:184] dns resolution failed (will retry): {"created":"@1570581791.011140000","description":"getaddrinfo failed","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":72,"grpc_status":14,"os_error":"unknown node or service"}
If the addresses can't be resolved by our existing name resolution then it's not going to work with the grpc libraries as they currently exist. We don't have an API for resolving other kinds of names
According to https://2019.www.torproject.org/docs/tor-manual.html.en Tor now supports HTTPTunnelPort
, i.e. serving as an http proxy.
HTTPTunnelPort [address:]port|auto [isolation flags]
Open this port to listen for proxy connections using the "HTTP CONNECT" protocol instead of SOCKS. Set this to 0 if you don’t want to allow "HTTP CONNECT" connections. Set the port to "auto" to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. If multiple entries of this option are present in your configuration file, Tor will perform stream isolation between listeners by default. See SOCKSPort for an explanation of isolation flags. (Default: 0)
I have successfully been able to use use gRPC over Tor by setting up a local Tor server that serves as an HTTP proxy using the HTTPTunnelPort
option, and then routing the gRPC traffic through that by setting process.env.http_proxy
.
This works with the native grpc
library, which is able to resolve the .onion
addresses.
However, it does not work with the grpc-js
library which fails at the name resolution stage.
The latest version of grpc-js now supports using HTTP CONNECT configured by the http_proxy
environment variable. Does that work for you now?
Thats good progress @murgatroid99 . However, with grpc-js
it's still not possible to connect to gRPC services over tor like you can with the native grpc
because the js client is unable to resolve the .onion
domains.
Your previous trace log shows that the native grpc
library also cannot resolve .onion
addresses.
The earlier example was when trying to connect directly to a .onion address which doesn't work.
However it can be made to work by connecting via a local tor http tunnel.
Here is a full trace of a successful connection to .onion address via local tor tunnel using grpc native
https://gist.github.com/mrfelton/89fa4e9c0cff167ff949cba4c84081a5
FYI, you can reproduce this with https://github.com/LN-Zap/node-lnd-grpc/pull/166
You can run this single test case to see it run.
GRPC_TRACE=all GRPC_VERBOSITY=DEBUG DEBUG=lnrpc* npx babel-tape-runner test/servives.Lightning.test.js | npx tap-spec
If you then swap out grpc
for @grpc/grpc-js
you can see how it fails in comparison.
I should also point out though that my test cases will fail when using grpc-js regarless due to https://github.com/grpc/grpc-node/issues/1354 - however I patched my local copy of grpc-js to fix the http_proxy env var support but it still fails at the name resolution phase.
In any case, @grpc/grpc-js
is just using dns.lookup
under the hood, and we're not going to use dns.resolve*
because it can't resolve localhost
. So that part probably won't change.
Does it really need to do a dns lookup on the destination address when using a proxy?
You're right. I published some new proxy handling code in grpc-js
version 0.8.1, and it doesn't actually do that DNS call. That might work for you.
I'm getting a different result with 0.8.1 - definitely looks like an improvement, though it still appears to have an issue.
See logs here https://gist.github.com/mrfelton/50a517b223af0e4846e87aa24b8ba6b3
The logs indicate that the proxy was indeed used (so https://github.com/grpc/grpc-node/issues/1354 no longer seems to be an issue), and that a connection was established. However, the actual grpc call is hanging indefinitely at the last line. I'm expecting to receive an UNAVAILABLE
status back from this endpoint but seems I'm getting no response.
Can you get logs from the proxy server, to verify that data is getting sent through the HTTP CONNECT tunnel? That client definitely thinks it's sending the request to the server.
I will try to get that. I can say though that the proxy server correctly forwards data to and from the destination if I switch out grpc-js for grpc
I don't expect that the proxy server is misbehaving, I just hope that this can give us more information about what grpc-js is doing differently.
Here are the full combined debug logs (lnd-grpc + grpc-js + tor)
For comparison, here is the same thing but with native grpc in which the calls succeed..
OK, that's too many log lines. That file has 1500 lines of TOR logs between when gRPC makes the HTTP CONNECT request and when it gets the response, and another 1700 between when gRPC sends the gRPC request and the next time it logs anything. I can't tell what's relevant.
I know. Unfortunately tor only seems to provide 2 log levels, notice
or debug
😞
lol, ok - here are logs at info
level - 100x smaller!
grpc-js: https://gist.github.com/mrfelton/1610d70e8591a11427b6deb10d6989a9
grpc: https://gist.github.com/mrfelton/1f1aa500b75b55612ac6e1ae43734372
Those are definitely easier to read, but unfortunately that seems to swing too far the other way. On the native side, it looks like there are no TOR logs between when it sends the gRPC request and when it receives the response, so I can't tell what if anything is happening differently with grpc-js there.
I dug into the debug logs again, and it looks to me like the TOR part is seeing grpc-js send the request, and it is trying to send the response back, but grpc-js never gets it for some reason. Unfortunately, grpc-js doesn't have the same level of introspection into low-level network events that the native library has, so I can't tell what exactly isn't happening correctly.
OK, I have another idea: can you use tcpdump
to get a dump of network traffic while the test is running with each library? We should be able to pick out the traffic between gRPC and the proxy, and that might tell us something.
Here are 2 dumps from wireshark for grpc vs grpc-js
I'm not very familiar with this stuff so this doesn't mean a whole lot to me but it does appear to me that grpc-js never gets as far as doing the tls key exchange.
I can see them both do CONNECT
, followed by Client Hello
, followed by Server Hello
and grpc-js seems to stop pretty much there. grpc native on the other hand proceeds to start doing Client Key Exchange
, sets up a session and then starts sending application data
grpc-native
grpc-js
In the grpc-js case, it looks like the server responded very differently to the TLS Client Hello
. Looking at the dumps you shared, it looks like the server started the handshake, and then skipped sending certificates and immediately sent a about 1 KB of encrypted data.
Here is another version of the test run that's a little cleaner. I noticed that the test I was running was actually instantiating 2 connections to two different grpc subservers on the destination server.
This version just connects and make a single call. I think the result looks the same as before, but just with a little less noise:
I guess this is what you are referring to on the grpc-js version, when it gets to this part:
173 17.509120 127.0.0.1 127.0.0.1 TLSv1.3 1217 Server Hello, Change Cipher Spec, Application Data, Application Data, Application Data, Application Data, Application Data
vs on grpc:
165 16.769757 127.0.0.1 127.0.0.1 TLSv1.2 912 Server Hello, Certificate, Server Key Exchange, Server Hello Done
Any ideas? Maybe the encoding on the cert is getting messed up?
I found another thing to check out: now that we know that there's a TLS issue, we might get something useful with the --trace-tls
Node CLI flag.
grpc doesn't give any additional info when run with that flag but here is what I get from grpc-js:
Is SSL being terminated at the proxy? Something extra that needs too be set for it to pass through to the destination?
One thing that I notice is that the additional tls cyper suites that I enabled do not seem to be included
In my code I'm doing this:
const grpcSslCipherSuites = [
// Default is ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384
// https://github.com/grpc/grpc/blob/master/doc/environment_variables.md
//
// Current LND cipher suites here:
// https://github.com/lightningnetwork/lnd/blob/master/lnd.go#L80
//
// We order the suites by priority, based on the recommendations provided by SSL Labs here:
// https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#23-use-secure-cipher-suites
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-ECDSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES128-CBC-SHA256',
'ECDHE-ECDSA-CHACHA20-POLY1305',
// BTCPay Server serves lnd behind an nginx proxy with a trusted SSL cert from Lets Encrypt.
// These certs use an RSA TLS cipher suite.
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-RSA-AES128-GCM-SHA256',
].join(':')
// Set up SSL with the cypher suits that we need.
if (!process.env.GRPC_SSL_CIPHER_SUITES) {
process.env.GRPC_SSL_CIPHER_SUITES = grpcSslCipherSuites
}
Perhaps grpc-js is not including these when running via a proxy?
2020-04-18T06:42:37.675Z | proxy | Successfully connected to zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion:10009 through proxy 127.0.0.1:9065
Sent Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 420
ClientHello, Length=416
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x4B1F5B67
random_bytes (len=28): 123583F104A3B1C59CC9D8DC6FD27AAB5C723662B2C33ED2A266737B
session_id (len=32): 4B927458E9DC2393BB259D0A805AE62E1E06F8C9AD188DED99177A12D873CB5C
cipher_suites (len=118)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
{0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0xA3} TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
{0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
{0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xC0, 0xAF} TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
{0xC0, 0xAD} TLS_ECDHE_ECDSA_WITH_AES_256_CCM
{0xC0, 0xA3} TLS_DHE_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9F} TLS_DHE_RSA_WITH_AES_256_CCM
{0xC0, 0x5D} TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x61} TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x57} TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x53} TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0xA2} TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
{0xC0, 0xAE} TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
{0xC0, 0xAC} TLS_ECDHE_ECDSA_WITH_AES_128_CCM
{0xC0, 0xA2} TLS_DHE_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9E} TLS_DHE_RSA_WITH_AES_128_CCM
{0xC0, 0x5C} TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x60} TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x56} TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x52} TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6A} TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
{0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
{0x00, 0x40} TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
{0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
{0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x38} TLS_DHE_DSS_WITH_AES_256_CBC_SHA
{0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
{0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x32} TLS_DHE_DSS_WITH_AES_128_CBC_SHA
{0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0xA1} TLS_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9D} TLS_RSA_WITH_AES_256_CCM
{0xC0, 0x51} TLS_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0xA0} TLS_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9C} TLS_RSA_WITH_AES_128_CCM
{0xC0, 0x50} TLS_RSA_WITH_ARIA_128_GCM_SHA256
{0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 225
extension_type=server_name(0), length=67
0000 - 00 41 00 00 3e 7a 61 70-6e 33 34 71 66 65 65 .A..>zapn34qfee
000f - 64 77 32 6c 35 79 32 36-70 33 68 6e 6e 6b 75 dw2l5y26p3hnnku
001e - 73 71 6e 62 68 78 63 78-77 36 34 6c 71 35 63 sqnbhxcxw64lq5c
002d - 6f 6a 6d 76 71 34 35 79-77 34 62 63 33 73 71 ojmvq45yw4bc3sq
003c - 64 2e 6f 6e 69 6f 6e d.onion
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=12
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=session_ticket(35), length=0
extension_type=application_layer_protocol_negotiation(16), length=5
h2
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=48
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
ecdsa_sha1 (0x0203)
rsa_pkcs1_sha224 (0x0301)
rsa_pkcs1_sha1 (0x0201)
dsa_sha224 (0x0302)
dsa_sha1 (0x0202)
dsa_sha256 (0x0402)
dsa_sha384 (0x0502)
dsa_sha512 (0x0602)
extension_type=supported_versions(43), length=5
TLS 1.3 (772)
TLS 1.2 (771)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=38
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): 9690B815F4907388CCCC8F0BCB81EDA6924ED19911620023B48CE243087B7306
(node:33974) Warning: Enabling --trace-tls can expose sensitive data in the resulting log.
2020-04-18T06:42:37.744Z | subchannel | 127.0.0.1:9065 CONNECTING -> READY
2020-04-18T06:42:37.744Z | pick_first | Pick subchannel with address 127.0.0.1:9065
2020-04-18T06:42:37.744Z | pick_first | CONNECTING -> READY
2020-04-18T06:42:37.744Z | resolving_load_balancer | dns:127.0.0.1:9065 CONNECTING -> READY
2020-04-18T06:42:37.745Z | connectivity_state | dns:127.0.0.1:9065 CONNECTING -> READY
2020-04-18T06:42:37.745Z | dns_resolver | Resolution update requested for target dns:127.0.0.1:9065
2020-04-18T06:42:37.745Z | dns_resolver | Resolution update requested for target dns:127.0.0.1:9065
2020-04-18T06:42:37.745Z | subchannel | 127.0.0.1:9065 refcount 2 -> 3
2020-04-18T06:42:37.745Z | subchannel | 127.0.0.1:9065 refcount 3 -> 2
2020-04-18T06:42:37.745Z | dns_resolver | Resolved addresses for target dns:127.0.0.1:9065: [127.0.0.1:9065]
2020-04-18T06:42:37.797Z | pick_first | Connect to address list 127.0.0.1:9065
2020-04-18T06:42:37.797Z | subchannel | 127.0.0.1:9065 refcount 2 -> 3
2020-04-18T06:42:37.797Z | pick_first | Pick subchannel with address 127.0.0.1:9065
2020-04-18T06:42:37.797Z | subchannel | 127.0.0.1:9065 refcount 3 -> 2
2020-04-18T06:42:37.797Z | pick_first | READY -> READY
2020-04-18T06:42:37.797Z | resolving_load_balancer | dns:127.0.0.1:9065 READY -> READY
2020-04-18T06:42:37.797Z | connectivity_state | dns:127.0.0.1:9065 READY -> READY
2020-04-18T06:42:37.797Z | subchannel | 127.0.0.1:9065 refcount 2 -> 3
2020-04-18T06:42:37.797Z | subchannel | 127.0.0.1:9065 refcount 3 -> 2
lnrpc:service:Lightning Calling Lightning.getInfo async with: { payload: {}, options: { deadline: 1587192172797 } } +3s
2020-04-18T06:42:37.798Z | channel | dns:127.0.0.1:9065 createCall [0] method="/lnrpc.Lightning/GetInfo", deadline=1587192172797
2020-04-18T06:42:37.799Z | call_stream | [0] Sending metadata
2020-04-18T06:42:37.799Z | channel | Pick result: COMPLETE subchannel: 127.0.0.1:9065 status: undefined undefined
2020-04-18T06:42:37.800Z | call_stream | [0] write() called with message of length 0
2020-04-18T06:42:37.800Z | call_stream | [0] end() called
2020-04-18T06:42:37.801Z | subchannel | Starting stream with headers
macaroon: 0201036c6e64028a01030a10184ded6e22a77b04dc159d8f92c9c12f1201301a0f0a07616464726573731204726561641a0c0a04696e666f1204726561641a100a08696e766f696365731204726561641a0f0a076d6573736167651204726561641a100a086f6666636861696e1204726561641a0f0a076f6e636861696e1204726561641a0d0a05706565727312047265616400000620b52e70826cb6371aefef9e7870dbb64210d412e560e1172a0c4b5900e2b91783
grpc-timeout: 14997m
grpc-accept-encoding: identity,deflate,gzip
accept-encoding: identity,gzip
:authority: zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion
user-agent: grpc-node-js/0.8.1
content-type: application/grpc
:method: POST
:path: /lnrpc.Lightning/GetInfo
te: trailers
2020-04-18T06:42:37.802Z | call_stream | [0] attachHttp2Stream from subchannel 127.0.0.1:9065
2020-04-18T06:42:37.802Z | subchannel | 127.0.0.1:9065 callRefcount 0 -> 1
2020-04-18T06:42:37.802Z | call_stream | [0] sending data chunk of length 5
2020-04-18T06:42:37.802Z | call_stream | [0] calling end() on HTTP/2 stream
For comparison, here is the debug info from tls handshake when connecting to the destination directly over clearnet (no proxy, no tor)
lnrpc:service:Lightning Establishing gRPC connection to Lightning with proto file /Users/tom/workspace/node-lnd-grpc/proto/0.9.0-beta/lnrpc/rpc.proto +1ms
2020-04-18T09:24:10.041Z | resolving_load_balancer | testnet4-lnd.zaphq.io:10009 IDLE -> IDLE
2020-04-18T09:24:10.041Z | connectivity_state | testnet4-lnd.zaphq.io:10009 IDLE -> IDLE
2020-04-18T09:24:10.041Z | dns_resolver | Resolver constructed for target testnet4-lnd.zaphq.io:10009
2020-04-18T09:24:10.042Z | dns_resolver | Resolution update requested for target testnet4-lnd.zaphq.io:10009
2020-04-18T09:24:10.043Z | resolving_load_balancer | testnet4-lnd.zaphq.io:10009 IDLE -> CONNECTING
2020-04-18T09:24:10.043Z | connectivity_state | testnet4-lnd.zaphq.io:10009 IDLE -> CONNECTING
2020-04-18T09:24:10.043Z | resolving_load_balancer | testnet4-lnd.zaphq.io:10009 CONNECTING -> CONNECTING
2020-04-18T09:24:10.043Z | connectivity_state | testnet4-lnd.zaphq.io:10009 CONNECTING -> CONNECTING
2020-04-18T09:24:10.044Z | dns_resolver | Resolved addresses for target testnet4-lnd.zaphq.io:10009: [34.73.104.166:10009]
2020-04-18T09:24:10.044Z | pick_first | IDLE -> IDLE
2020-04-18T09:24:10.044Z | resolving_load_balancer | testnet4-lnd.zaphq.io:10009 CONNECTING -> IDLE
2020-04-18T09:24:10.044Z | connectivity_state | testnet4-lnd.zaphq.io:10009 CONNECTING -> IDLE
2020-04-18T09:24:10.044Z | pick_first | Connect to address list 34.73.104.166:10009
2020-04-18T09:24:10.045Z | subchannel | 34.73.104.166:10009 refcount 0 -> 1
2020-04-18T09:24:10.045Z | subchannel | 34.73.104.166:10009 refcount 1 -> 2
2020-04-18T09:24:10.045Z | pick_first | Start connecting to subchannel with address 34.73.104.166:10009
2020-04-18T09:24:10.045Z | pick_first | IDLE -> CONNECTING
2020-04-18T09:24:10.045Z | resolving_load_balancer | testnet4-lnd.zaphq.io:10009 IDLE -> CONNECTING
2020-04-18T09:24:10.051Z | connectivity_state | testnet4-lnd.zaphq.io:10009 IDLE -> CONNECTING
2020-04-18T09:24:10.051Z | subchannel | 34.73.104.166:10009 IDLE -> CONNECTING
2020-04-18T09:24:10.052Z | pick_first | CONNECTING -> CONNECTING
2020-04-18T09:24:10.052Z | resolving_load_balancer | testnet4-lnd.zaphq.io:10009 CONNECTING -> CONNECTING
2020-04-18T09:24:10.052Z | connectivity_state | testnet4-lnd.zaphq.io:10009 CONNECTING -> CONNECTING
(node:36598) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(node:36598) Warning: Enabling --trace-tls can expose sensitive data in the resulting log.
Sent Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 379
ClientHello, Length=375
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x8A1F321D
random_bytes (len=28): B4226197803A665EF9CA589A7C6AE28A980A14F6D301431420C58B0E
session_id (len=32): 67B055C9634AE7B4EDF31894CBFB6A68A27D3304654DFB0096188732E7D79821
cipher_suites (len=118)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
{0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0xA3} TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
{0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
{0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xC0, 0xAF} TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
{0xC0, 0xAD} TLS_ECDHE_ECDSA_WITH_AES_256_CCM
{0xC0, 0xA3} TLS_DHE_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9F} TLS_DHE_RSA_WITH_AES_256_CCM
{0xC0, 0x5D} TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x61} TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x57} TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x53} TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0xA2} TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
{0xC0, 0xAE} TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
{0xC0, 0xAC} TLS_ECDHE_ECDSA_WITH_AES_128_CCM
{0xC0, 0xA2} TLS_DHE_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9E} TLS_DHE_RSA_WITH_AES_128_CCM
{0xC0, 0x5C} TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x60} TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x56} TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x52} TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6A} TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
{0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
{0x00, 0x40} TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
{0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
{0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x38} TLS_DHE_DSS_WITH_AES_256_CBC_SHA
{0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
{0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x32} TLS_DHE_DSS_WITH_AES_128_CBC_SHA
{0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0xA1} TLS_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9D} TLS_RSA_WITH_AES_256_CCM
{0xC0, 0x51} TLS_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0xA0} TLS_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9C} TLS_RSA_WITH_AES_128_CCM
{0xC0, 0x50} TLS_RSA_WITH_ARIA_128_GCM_SHA256
{0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 184
extension_type=server_name(0), length=26
0000 - 00 18 00 00 15 74 65 73-74 6e 65 74 34 2d 6c .....testnet4-l
000f - 6e 64 2e 7a 61 70 68 71-2e 69 6f nd.zaphq.io
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=12
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=session_ticket(35), length=0
extension_type=application_layer_protocol_negotiation(16), length=5
h2
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=48
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
ecdsa_sha1 (0x0203)
rsa_pkcs1_sha224 (0x0301)
rsa_pkcs1_sha1 (0x0201)
dsa_sha224 (0x0302)
dsa_sha1 (0x0202)
dsa_sha256 (0x0402)
dsa_sha384 (0x0502)
dsa_sha512 (0x0602)
extension_type=supported_versions(43), length=5
TLS 1.3 (772)
TLS 1.2 (771)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=38
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): 3601212E35C9ADF4053853881A0669209845FB4C02CF219828E4D90E48360C64
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 122
ServerHello, Length=118
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0xE7D6FAA4
random_bytes (len=28): 746D38BB66248AEBE87103B8310055564E577CCB9CC65BE1EE083D27
session_id (len=32): 67B055C9634AE7B4EDF31894CBFB6A68A27D3304654DFB0096188732E7D79821
cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384
compression_method: No Compression (0x00)
extensions, length = 46
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
extension_type=key_share(51), length=36
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): E7D2FAC0FC157CDC1A69B10AA7C702D503555C48AABC85A9DC1871778F0DCB77
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 32
Inner Content Type = Handshake (22)
EncryptedExtensions, Length=11
extensions, length = 9
extension_type=application_layer_protocol_negotiation(16), length=5
h2
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 643
Inner Content Type = Handshake (22)
Certificate, Length=622
context (len=0):
certificate_list, length=618
ASN.1Cert, length=613
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
93:13:16:77:3b:de:3e:22:3f:a5:40:53:ff:a7:48:ea
Signature Algorithm: ecdsa-with-SHA256
Issuer: O = lnd autogenerated cert, CN = zap-testnet4-lnd-0
Validity
Not Before: Oct 23 10:02:26 2019 GMT
Not After : Dec 17 10:02:26 2020 GMT
Subject: O = lnd autogenerated cert, CN = zap-testnet4-lnd-0
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:11:29:dd:92:9b:48:0d:c8:15:01:d1:fb:ba:50:
55:0c:f6:4d:b0:a5:a0:0f:5d:96:26:12:08:d9:59:
9b:50:df:48:53:56:45:15:cb:f8:de:48:3f:0f:2c:
c2:1f:4f:f5:e7:cb:43:1a:a1:e9:f8:da:72:7f:d2:
44:43:ef:b2:e1
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Alternative Name:
DNS:zap-testnet4-lnd-0, DNS:localhost, DNS:testnet4-lnd.zaphq.io, DNS:zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion, DNS:unix, DNS:unixpacket, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:10.52.4.62, IP Address:34.73.104.166, IP Address:10.55.252.96
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:88:18:82:16:68:18:ae:04:32:17:f3:8a:a1:
96:ff:23:8e:f1:9d:a6:58:4e:47:54:35:e6:a3:a2:63:28:14:
aa:02:21:00:ba:5f:76:04:00:c5:76:af:5a:db:36:cd:1f:68:
e5:18:4b:78:42:4e:61:4a:ef:97:28:5c:12:47:1d:61:6c:17
-----BEGIN CERTIFICATE-----
MIICYTCCAgagAwIBAgIRAJMTFnc73j4iP6VAU/+nSOowCgYIKoZIzj0EAwIwPjEf
MB0GA1UEChMWbG5kIGF1dG9nZW5lcmF0ZWQgY2VydDEbMBkGA1UEAxMSemFwLXRl
c3RuZXQ0LWxuZC0wMB4XDTE5MTAyMzEwMDIyNloXDTIwMTIxNzEwMDIyNlowPjEf
MB0GA1UEChMWbG5kIGF1dG9nZW5lcmF0ZWQgY2VydDEbMBkGA1UEAxMSemFwLXRl
c3RuZXQ0LWxuZC0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEESndkptIDcgV
AdH7ulBVDPZNsKWgD12WJhII2VmbUN9IU1ZFFcv43kg/DyzCH0/158tDGqHp+Npy
f9JEQ++y4aOB5DCB4TAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zCB
vQYDVR0RBIG1MIGyghJ6YXAtdGVzdG5ldDQtbG5kLTCCCWxvY2FsaG9zdIIVdGVz
dG5ldDQtbG5kLnphcGhxLmlvgj56YXBuMzRxZmVlZHcybDV5MjZwM2hubmt1c3Fu
Ymh4Y3h3NjRscTVjb2ptdnE0NXl3NGJjM3NxZC5vbmlvboIEdW5peIIKdW5peHBh
Y2tldIcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAAYcECjQEPocEIklopocECjf8YDAK
BggqhkjOPQQDAgNJADBGAiEAiBiCFmgYrgQyF/OKoZb/I47xnaZYTkdUNeajomMo
FKoCIQC6X3YEAMV2r1rbNs0faOUYS3hCTmFK75coXBJHHWFsFw==
-----END CERTIFICATE-----
------------------
No extensions
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 96
Inner Content Type = Handshake (22)
CertificateVerify, Length=75
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature (len=71): 3045022100BD50E5E430224FCB53E2EB43371F150D909199AE04296EBCFD8FD23CE0C0F07A0220794D3C65474E7510DBD63883D0170121904DD1C93E591CE68049754BF707065D
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 69
Inner Content Type = Handshake (22)
Finished, Length=48
verify_data (len=48): 965D922A963E55AD57052C7FD1F93E9FBA6D2E1535FE474277354A854E5FC64BF6C403199B113650D9487C4E5467E845
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
change_cipher_spec (1)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 69
Inner Content Type = Handshake (22)
Finished, Length=48
verify_data (len=48): 9F51A4EED7F1AD1445EFB9A7466628744F91978B789C1E4D20B49EFBBEEE1B7314B8999A03AFBE97956C18C43381EC4D
2020-04-18T09:24:10.328Z | subchannel | 34.73.104.166:10009 CONNECTING -> READY
2020-04-18T09:24:10.328Z | pick_first | Pick subchannel with address 34.73.104.166:10009
2020-04-18T09:24:10.328Z | pick_first | CONNECTING -> READY
2020-04-18T09:24:10.328Z | resolving_load_balancer | testnet4-lnd.zaphq.io:10009 CONNECTING -> READY
2020-04-18T09:24:10.328Z | connectivity_state | testnet4-lnd.zaphq.io:10009 CONNECTING -> READY
2020-04-18T09:24:10.328Z | dns_resolver | Resolution update requested for target testnet4-lnd.zaphq.io:10009
2020-04-18T09:24:10.328Z | dns_resolver | Resolution update requested for target testnet4-lnd.zaphq.io:10009
2020-04-18T09:24:10.329Z | subchannel | 34.73.104.166:10009 refcount 2 -> 3
2020-04-18T09:24:10.329Z | subchannel | 34.73.104.166:10009 refcount 3 -> 2
lnrpc:service:Lightning Established gRPC connection to Lightning +356ms
lnrpc:service:Lightning Calling Lightning.getInfo async with: { payload: {}, options: { deadline: 1587201880329 } } +0ms
2020-04-18T09:24:10.330Z | channel | testnet4-lnd.zaphq.io:10009 createCall [0] method="/lnrpc.Lightning/GetInfo", deadline=1587201880329
2020-04-18T09:24:10.331Z | call_stream | [0] Sending metadata
2020-04-18T09:24:10.331Z | channel | Pick result: COMPLETE subchannel: 34.73.104.166:10009 status: undefined undefined
2020-04-18T09:24:10.332Z | call_stream | [0] write() called with message of length 0
2020-04-18T09:24:10.332Z | call_stream | [0] end() called
2020-04-18T09:24:10.334Z | subchannel | Starting stream with headers
macaroon: 0201036c6e64028a01030a10184ded6e22a77b04dc159d8f92c9c12f1201301a0f0a07616464726573731204726561641a0c0a04696e666f1204726561641a100a08696e766f696365731204726561641a0f0a076d6573736167651204726561641a100a086f6666636861696e1204726561641a0f0a076f6e636861696e1204726561641a0d0a05706565727312047265616400000620b52e70826cb6371aefef9e7870dbb64210d412e560e1172a0c4b5900e2b91783
grpc-timeout: 29997m
grpc-accept-encoding: identity,deflate,gzip
accept-encoding: identity,gzip
:authority: testnet4-lnd.zaphq.io
user-agent: grpc-node-js/0.8.1
content-type: application/grpc
:method: POST
:path: /lnrpc.Lightning/GetInfo
te: trailers
2020-04-18T09:24:10.365Z | call_stream | [0] attachHttp2Stream from subchannel 34.73.104.166:10009
2020-04-18T09:24:10.365Z | subchannel | 34.73.104.166:10009 callRefcount 0 -> 1
2020-04-18T09:24:10.366Z | call_stream | [0] sending data chunk of length 5
2020-04-18T09:24:10.366Z | call_stream | [0] calling end() on HTTP/2 stream
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 163
Inner Content Type = Handshake (22)
NewSessionTicket, Length=142
ticket_lifetime_hint=604800
ticket_age_add=0
ticket_nonce (len=0):
ticket (len=129): 788BC919AC0964A26C446E8337628ADBFB6A219570FD4A5C3BD85E6B3A537A686BE0BFBA1A9CC1520BE524AA121D88E5F0BBA2B916E4AF9EF9B0FD29C45AA561D4EF91C4CF749B36932D91D0A96A7F96B5DE9F3101C1BA84BCE28EC50FEEF97B3A2B830E8760D2E5D25E2F9422A5D7688C478830B69FCFD05503BD2D9A00C3E041
No extensions
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 494
Inner Content Type = ApplicationData (23)
2020-04-18T09:24:10.366Z | dns_resolver | Resolved addresses for target testnet4-lnd.zaphq.io:10009: [34.73.104.166:10009]
2020-04-18T09:24:10.366Z | pick_first | Connect to address list 34.73.104.166:10009
2020-04-18T09:24:10.367Z | subchannel | 34.73.104.166:10009 refcount 2 -> 3
2020-04-18T09:24:10.367Z | pick_first | Pick subchannel with address 34.73.104.166:10009
2020-04-18T09:24:10.367Z | subchannel | 34.73.104.166:10009 refcount 3 -> 2
2020-04-18T09:24:10.367Z | pick_first | READY -> READY
2020-04-18T09:24:10.367Z | resolving_load_balancer | testnet4-lnd.zaphq.io:10009 READY -> READY
2020-04-18T09:24:10.367Z | connectivity_state | testnet4-lnd.zaphq.io:10009 READY -> READY
2020-04-18T09:24:10.367Z | subchannel | 34.73.104.166:10009 refcount 2 -> 3
2020-04-18T09:24:10.367Z | subchannel | 34.73.104.166:10009 refcount 3 -> 2
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 26
Inner Content Type = ApplicationData (23)
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 26
Inner Content Type = ApplicationData (23)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 26
Inner Content Type = ApplicationData (23)
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 73
Inner Content Type = ApplicationData (23)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 34
Inner Content Type = ApplicationData (23)
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 787
Inner Content Type = ApplicationData (23)
2020-04-18T09:24:10.515Z | call_stream | [0] Received server headers:
:status: 200
content-type: application/grpc
2020-04-18T09:24:10.516Z | call_stream | [0] receive HTTP/2 data frame of length 705
2020-04-18T09:24:10.517Z | call_stream | [0] parsed message of length 705
2020-04-18T09:24:10.517Z | call_stream | [0] filterReceivedMessage of length 705
2020-04-18T09:24:10.518Z | call_stream | [0] pushing to reader message of length 700
2020-04-18T09:24:10.523Z | call_stream | [0] Received server trailers:
grpc-status: 0
grpc-message:
2020-04-18T09:24:10.523Z | call_stream | [0] received status code 0 from server
2020-04-18T09:24:10.523Z | call_stream | [0] received status details string "" from server
2020-04-18T09:24:10.524Z | call_stream | [0] ended with status: code=0 details=""
2020-04-18T09:24:10.524Z | subchannel | 34.73.104.166:10009 callRefcount 1 -> 0
2020-04-18T09:24:10.524Z | call_stream | [0] HTTP/2 stream closed with code 8
lnrpc:service:Lightning Connected to Lightning gRPC: {
lnrpc:service:Lightning uris: [
lnrpc:service:Lightning '029e87deb7d99e4660437a3fb5eb76fb8ebae1778152f72c3aac1bcd0f5e9986bc@34.73.104.166:9735',
lnrpc:service:Lightning '029e87deb7d99e4660437a3fb5eb76fb8ebae1778152f72c3aac1bcd0f5e9986bc@zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion:9735'
lnrpc:service:Lightning ],
lnrpc:service:Lightning chains: [ { chain: 'bitcoin', network: 'testnet' } ],
lnrpc:service:Lightning features: {
lnrpc:service:Lightning '0': { name: 'data-loss-protect', is_required: true, is_known: true },
lnrpc:service:Lightning '5': {
lnrpc:service:Lightning name: 'upfront-shutdown-script',
lnrpc:service:Lightning is_required: false,
lnrpc:service:Lightning is_known: true
lnrpc:service:Lightning },
lnrpc:service:Lightning '7': { name: 'gossip-queries', is_required: false, is_known: true },
lnrpc:service:Lightning '9': { name: 'tlv-onion', is_required: false, is_known: true },
lnrpc:service:Lightning '13': { name: 'static-remote-key', is_required: false, is_known: true },
lnrpc:service:Lightning '15': { name: 'payment-addr', is_required: false, is_known: true },
lnrpc:service:Lightning '17': { name: 'multi-path-payments', is_required: false, is_known: true }
lnrpc:service:Lightning },
lnrpc:service:Lightning identity_pubkey: '029e87deb7d99e4660437a3fb5eb76fb8ebae1778152f72c3aac1bcd0f5e9986bc',
lnrpc:service:Lightning alias: 'testnet4-lnd.zaphq.io',
lnrpc:service:Lightning num_pending_channels: 0,
lnrpc:service:Lightning num_active_channels: 13,
lnrpc:service:Lightning num_peers: 15,
lnrpc:service:Lightning block_height: 1720034,
lnrpc:service:Lightning block_hash: '0000000000000047ac531cfb543ee12f7d8d3cadaf8a32952d300522de37bfb1',
lnrpc:service:Lightning synced_to_chain: true,
lnrpc:service:Lightning testnet: true,
lnrpc:service:Lightning best_header_timestamp: 1587201805,
lnrpc:service:Lightning version: '0.9.1-beta commit=v0.9.1-beta-2-g24b5a2017a40e57821fe161bb35423177e4f8ee8',
lnrpc:service:Lightning num_inactive_channels: 1,
lnrpc:service:Lightning color: '#3399ff',
lnrpc:service:Lightning synced_to_graph: true
lnrpc:service:Lightning } +196ms
lnrpc:proto Testing version string: 0.9.1-beta commit=v0.9.1-beta-2-g24b5a2017a40e57821fe161bb35423177e4f8ee8 +0ms
lnrpc:proto Parsed version string into version: 0.9.1-beta, commitString: commit=v0.9.1-beta-2-g24b5a2017a40e57821fe161bb35423177e4f8ee8 +0ms
lnrpc:proto Searching for closest match for version 0.9.1-beta in range: [ '0.9.0-beta', '0.8.0-beta', '0.7.1-beta', '0.7.0-beta', '0.6.0-beta', '0.5.2-beta', '0.5.1-beta', '0.5.0-beta', '0.4.2-beta' ] +0ms
lnrpc:proto Determined closest rpc.proto match as: 0.9.0-beta +1ms
lnrpc:service:Lightning Connected to Lightning gRPC service +36ms
Perhaps something like this is needed:
https://github.com/grpc/grpc-node/pull/1369
With this, the tls handshake looks a lot more promising. It looks like it does establish a proper connection when I'm doing waitForReady
, but the subsequent call to on e of the servers grpc methods (Lightning.getInfo
) still times out.
lnrpc:tor Setting grpc_proxy as: http://127.0.0.1:9065 +0ms
lnrpc:tor Started tor process with pid: 36521 +4ms
lnrpc:torproc Apr 18 11:07:33.853 [notice] Tor 0.4.2.5 running on Darwin with Libevent 2.1.11-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
lnrpc:torproc Apr 18 11:07:33.854 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning +0ms
lnrpc:torproc Apr 18 11:07:33.854 [notice] Read configuration file "/var/folders/1b/496ss_hn7dx7wntf1w8qn6200000gn/T/lnd-grpc-Fmtcwy/torrc". +0ms
lnrpc:torproc Apr 18 11:07:33.854 [notice] Opening HTTP tunnel listener on 127.0.0.1:9065 +1ms
lnrpc:torproc Apr 18 11:07:33.855 [notice] Opened HTTP tunnel listener on 127.0.0.1:9065 +0ms
lnrpc:torproc Apr 18 11:07:33.000 [notice] Parsing GEOIP IPv4 file /usr/local/Cellar/tor/0.4.2.5/share/tor/geoip. +1ms
lnrpc:torproc Apr 18 11:07:33.000 [notice] Parsing GEOIP IPv6 file /usr/local/Cellar/tor/0.4.2.5/share/tor/geoip6. +110ms
lnrpc:torproc Apr 18 11:07:34.000 [notice] Bootstrapped 0% (starting): Starting +53ms
lnrpc:torproc Apr 18 11:07:34.000 [notice] Starting with guard context "default" +0ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 5% (conn): Connecting to a relay +1s
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay +53ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay +47ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection +108ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus +49ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus +45ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. +337ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 40% (loading_keys): Loading authority key certs +52ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services. +105ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
lnrpc:torproc Apr 18 11:07:35.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6765, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.) +1ms
lnrpc:torproc Apr 18 11:07:35.000 [notice] Bootstrapped 50% (loading_descriptors): Loading relay descriptors +108ms
lnrpc:torproc Apr 18 11:07:36.000 [notice] The current consensus contains exit nodes. Tor can build exit and internal paths. +176ms
lnrpc:torproc Apr 18 11:07:36.000 [notice] Bootstrapped 57% (loading_descriptors): Loading relay descriptors +660ms
lnrpc:torproc Apr 18 11:07:36.000 [notice] Bootstrapped 64% (loading_descriptors): Loading relay descriptors +107ms
lnrpc:torproc Apr 18 11:07:37.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits +444ms
lnrpc:torproc Apr 18 11:07:38.000 [notice] Bootstrapped 80% (ap_conn): Connecting to a relay to build circuits +717ms
lnrpc:torproc Apr 18 11:07:38.000 [notice] Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits +21ms
lnrpc:torproc Apr 18 11:07:38.000 [notice] Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits +32ms
lnrpc:torproc Apr 18 11:07:38.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits +14ms
lnrpc:torproc Apr 18 11:07:38.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit +1ms
lnrpc:torproc Apr 18 11:07:38.000 [notice] Bootstrapped 100% (done): Done +374ms
lnrpc:service:Lightning Connecting to Lightning gRPC service +0ms
lnrpc:service:Lightning Establishing gRPC connection to Lightning with proto file /Users/tom/workspace/node-lnd-grpc/proto/0.9.0-beta/lnrpc/rpc.proto +4ms
2020-04-18T09:07:41.557Z | proxy | Proxy server 127.0.0.1:9065 set by environment variable grpc_proxy
2020-04-18T09:07:41.558Z | resolving_load_balancer | dns:127.0.0.1:9065 IDLE -> IDLE
2020-04-18T09:07:41.558Z | connectivity_state | dns:127.0.0.1:9065 IDLE -> IDLE
2020-04-18T09:07:41.558Z | dns_resolver | Resolver constructed for target dns:127.0.0.1:9065
2020-04-18T09:07:41.559Z | dns_resolver | Resolution update requested for target dns:127.0.0.1:9065
2020-04-18T09:07:41.560Z | resolving_load_balancer | dns:127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T09:07:41.560Z | connectivity_state | dns:127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T09:07:41.560Z | resolving_load_balancer | dns:127.0.0.1:9065 CONNECTING -> CONNECTING
2020-04-18T09:07:41.560Z | connectivity_state | dns:127.0.0.1:9065 CONNECTING -> CONNECTING
2020-04-18T09:07:41.560Z | dns_resolver | Resolved addresses for target dns:127.0.0.1:9065: [127.0.0.1:9065]
2020-04-18T09:07:41.560Z | pick_first | IDLE -> IDLE
2020-04-18T09:07:41.561Z | resolving_load_balancer | dns:127.0.0.1:9065 CONNECTING -> IDLE
2020-04-18T09:07:41.561Z | connectivity_state | dns:127.0.0.1:9065 CONNECTING -> IDLE
2020-04-18T09:07:41.561Z | pick_first | Connect to address list 127.0.0.1:9065
2020-04-18T09:07:41.561Z | subchannel | 127.0.0.1:9065 refcount 0 -> 1
2020-04-18T09:07:41.561Z | subchannel | 127.0.0.1:9065 refcount 1 -> 2
2020-04-18T09:07:41.561Z | pick_first | Start connecting to subchannel with address 127.0.0.1:9065
2020-04-18T09:07:41.561Z | pick_first | IDLE -> CONNECTING
2020-04-18T09:07:41.562Z | resolving_load_balancer | dns:127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T09:07:41.562Z | connectivity_state | dns:127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T09:07:41.562Z | subchannel | 127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T09:07:41.562Z | proxy | Using proxy 127.0.0.1:9065 to connect to zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion:10009
2020-04-18T09:07:41.564Z | pick_first | CONNECTING -> CONNECTING
2020-04-18T09:07:41.564Z | resolving_load_balancer | dns:127.0.0.1:9065 CONNECTING -> CONNECTING
2020-04-18T09:07:41.564Z | connectivity_state | dns:127.0.0.1:9065 CONNECTING -> CONNECTING
2020-04-18T09:07:45.465Z | proxy | Successfully connected to zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion:10009 through proxy 127.0.0.1:9065
Sent Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 340
ClientHello, Length=336
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x5BB70FD0
random_bytes (len=28): 81C1303D2F6A400632A4AE84FEAF6AC17622DD0E5448902455654861
session_id (len=32): 92053BFC44C192A5E749C216FA04C64FF62777FE0C672915E7535E25FBE5799D
cipher_suites (len=118)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
{0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0xA3} TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
{0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
{0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xC0, 0xAF} TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
{0xC0, 0xAD} TLS_ECDHE_ECDSA_WITH_AES_256_CCM
{0xC0, 0xA3} TLS_DHE_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9F} TLS_DHE_RSA_WITH_AES_256_CCM
{0xC0, 0x5D} TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x61} TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x57} TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x53} TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0xA2} TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
{0xC0, 0xAE} TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
{0xC0, 0xAC} TLS_ECDHE_ECDSA_WITH_AES_128_CCM
{0xC0, 0xA2} TLS_DHE_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9E} TLS_DHE_RSA_WITH_AES_128_CCM
{0xC0, 0x5C} TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x60} TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x56} TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x52} TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6A} TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
{0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
{0x00, 0x40} TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
{0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
{0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x38} TLS_DHE_DSS_WITH_AES_256_CBC_SHA
{0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
{0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x32} TLS_DHE_DSS_WITH_AES_128_CBC_SHA
{0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0xA1} TLS_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9D} TLS_RSA_WITH_AES_256_CCM
{0xC0, 0x51} TLS_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0xA0} TLS_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9C} TLS_RSA_WITH_AES_128_CCM
{0xC0, 0x50} TLS_RSA_WITH_ARIA_128_GCM_SHA256
{0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 145
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=12
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=session_ticket(35), length=0
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=48
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
ecdsa_sha1 (0x0203)
rsa_pkcs1_sha224 (0x0301)
rsa_pkcs1_sha1 (0x0201)
dsa_sha224 (0x0302)
dsa_sha1 (0x0202)
dsa_sha256 (0x0402)
dsa_sha384 (0x0502)
dsa_sha512 (0x0602)
extension_type=supported_versions(43), length=5
TLS 1.3 (772)
TLS 1.2 (771)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=38
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): 5EC150972CC98886DBB38B802B2B527D821D10CB3A6FFC71E702D79E3C517559
(node:36520) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(node:36520) Warning: Enabling --trace-tls can expose sensitive data in the resulting log.
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 122
ServerHello, Length=118
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x56E2448E
random_bytes (len=28): BAD312D52AFFB7C51796904CF01A595A2221C43469E44DCE0B2C0A21
session_id (len=32): 92053BFC44C192A5E749C216FA04C64FF62777FE0C672915E7535E25FBE5799D
cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384
compression_method: No Compression (0x00)
extensions, length = 46
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
extension_type=key_share(51), length=36
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): 54D528DA61959D0DFA469ECB5D86B63FAF7C1DAE3768065BD72E5C76B024A153
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 23
Inner Content Type = Handshake (22)
EncryptedExtensions, Length=2
No extensions
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 643
Inner Content Type = Handshake (22)
Certificate, Length=622
context (len=0):
certificate_list, length=618
ASN.1Cert, length=613
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
93:13:16:77:3b:de:3e:22:3f:a5:40:53:ff:a7:48:ea
Signature Algorithm: ecdsa-with-SHA256
Issuer: O = lnd autogenerated cert, CN = zap-testnet4-lnd-0
Validity
Not Before: Oct 23 10:02:26 2019 GMT
Not After : Dec 17 10:02:26 2020 GMT
Subject: O = lnd autogenerated cert, CN = zap-testnet4-lnd-0
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:11:29:dd:92:9b:48:0d:c8:15:01:d1:fb:ba:50:
55:0c:f6:4d:b0:a5:a0:0f:5d:96:26:12:08:d9:59:
9b:50:df:48:53:56:45:15:cb:f8:de:48:3f:0f:2c:
c2:1f:4f:f5:e7:cb:43:1a:a1:e9:f8:da:72:7f:d2:
44:43:ef:b2:e1
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Alternative Name:
DNS:zap-testnet4-lnd-0, DNS:localhost, DNS:testnet4-lnd.zaphq.io, DNS:zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion, DNS:unix, DNS:unixpacket, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:10.52.4.62, IP Address:34.73.104.166, IP Address:10.55.252.96
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:88:18:82:16:68:18:ae:04:32:17:f3:8a:a1:
96:ff:23:8e:f1:9d:a6:58:4e:47:54:35:e6:a3:a2:63:28:14:
aa:02:21:00:ba:5f:76:04:00:c5:76:af:5a:db:36:cd:1f:68:
e5:18:4b:78:42:4e:61:4a:ef:97:28:5c:12:47:1d:61:6c:17
-----BEGIN CERTIFICATE-----
MIICYTCCAgagAwIBAgIRAJMTFnc73j4iP6VAU/+nSOowCgYIKoZIzj0EAwIwPjEf
MB0GA1UEChMWbG5kIGF1dG9nZW5lcmF0ZWQgY2VydDEbMBkGA1UEAxMSemFwLXRl
c3RuZXQ0LWxuZC0wMB4XDTE5MTAyMzEwMDIyNloXDTIwMTIxNzEwMDIyNlowPjEf
MB0GA1UEChMWbG5kIGF1dG9nZW5lcmF0ZWQgY2VydDEbMBkGA1UEAxMSemFwLXRl
c3RuZXQ0LWxuZC0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEESndkptIDcgV
AdH7ulBVDPZNsKWgD12WJhII2VmbUN9IU1ZFFcv43kg/DyzCH0/158tDGqHp+Npy
f9JEQ++y4aOB5DCB4TAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zCB
vQYDVR0RBIG1MIGyghJ6YXAtdGVzdG5ldDQtbG5kLTCCCWxvY2FsaG9zdIIVdGVz
dG5ldDQtbG5kLnphcGhxLmlvgj56YXBuMzRxZmVlZHcybDV5MjZwM2hubmt1c3Fu
Ymh4Y3h3NjRscTVjb2ptdnE0NXl3NGJjM3NxZC5vbmlvboIEdW5peIIKdW5peHBh
Y2tldIcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAAYcECjQEPocEIklopocECjf8YDAK
BggqhkjOPQQDAgNJADBGAiEAiBiCFmgYrgQyF/OKoZb/I47xnaZYTkdUNeajomMo
FKoCIQC6X3YEAMV2r1rbNs0faOUYS3hCTmFK75coXBJHHWFsFw==
-----END CERTIFICATE-----
------------------
No extensions
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 95
Inner Content Type = Handshake (22)
CertificateVerify, Length=74
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature (len=70): 3044022029FB5DB03399F87C74A600C5F1CBE232E51977854AB4B1289F32AAE854C714CB02207B0F311DBED8DC48522912FBE46A9C0772CA62DCEF2A03957FF81EBF4AF34B86
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 69
Inner Content Type = Handshake (22)
Finished, Length=48
verify_data (len=48): AA9FBDE46B51ED583E82D082B2961261EF57054D31764808214BDF1DF85DF4B973034591CE53EC1A5CBDC90C00B5DB15
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
change_cipher_spec (1)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 69
Inner Content Type = Handshake (22)
Finished, Length=48
verify_data (len=48): 61B3E4468866F35F8BBFF29967F7DB01996412FC2487D1AC8622AE1D47EFDCBB570BE428273DFB1D121531592D30AD01
Sent Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 420
ClientHello, Length=416
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x68D1F14C
random_bytes (len=28): F53C5603EDB1E178AAAE0AE858247B76057BC5F19D3F36EBEDF44DBE
session_id (len=32): 0966F166924FCB359F94692149ED74995F0AFD1C4DF36A473F3A3647AD801FE5
cipher_suites (len=118)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
{0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0xA3} TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
{0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
{0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xC0, 0xAF} TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
{0xC0, 0xAD} TLS_ECDHE_ECDSA_WITH_AES_256_CCM
{0xC0, 0xA3} TLS_DHE_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9F} TLS_DHE_RSA_WITH_AES_256_CCM
{0xC0, 0x5D} TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x61} TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x57} TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x53} TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0xA2} TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
{0xC0, 0xAE} TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
{0xC0, 0xAC} TLS_ECDHE_ECDSA_WITH_AES_128_CCM
{0xC0, 0xA2} TLS_DHE_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9E} TLS_DHE_RSA_WITH_AES_128_CCM
{0xC0, 0x5C} TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x60} TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x56} TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x52} TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6A} TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
{0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
{0x00, 0x40} TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
{0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
{0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x38} TLS_DHE_DSS_WITH_AES_256_CBC_SHA
{0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
{0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x32} TLS_DHE_DSS_WITH_AES_128_CBC_SHA
{0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0xA1} TLS_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9D} TLS_RSA_WITH_AES_256_CCM
{0xC0, 0x51} TLS_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0xA0} TLS_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9C} TLS_RSA_WITH_AES_128_CCM
{0xC0, 0x50} TLS_RSA_WITH_ARIA_128_GCM_SHA256
{0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 225
extension_type=server_name(0), length=67
0000 - 00 41 00 00 3e 7a 61 70-6e 33 34 71 66 65 65 .A..>zapn34qfee
000f - 64 77 32 6c 35 79 32 36-70 33 68 6e 6e 6b 75 dw2l5y26p3hnnku
001e - 73 71 6e 62 68 78 63 78-77 36 34 6c 71 35 63 sqnbhxcxw64lq5c
002d - 6f 6a 6d 76 71 34 35 79-77 34 62 63 33 73 71 ojmvq45yw4bc3sq
003c - 64 2e 6f 6e 69 6f 6e d.onion
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=12
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=session_ticket(35), length=0
extension_type=application_layer_protocol_negotiation(16), length=5
h2
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=48
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
ecdsa_sha1 (0x0203)
rsa_pkcs1_sha224 (0x0301)
rsa_pkcs1_sha1 (0x0201)
dsa_sha224 (0x0302)
dsa_sha1 (0x0202)
dsa_sha256 (0x0402)
dsa_sha384 (0x0502)
dsa_sha512 (0x0602)
extension_type=supported_versions(43), length=5
TLS 1.3 (772)
TLS 1.2 (771)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=38
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): D91C133A991593B9D4C8B6F943AF1B16CE7A57F84F44A4700CDBAE045B643A7E
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 442
Inner Content Type = ApplicationData (23)
2020-04-18T09:07:45.964Z | subchannel | 127.0.0.1:9065 CONNECTING -> READY
2020-04-18T09:07:45.964Z | pick_first | Pick subchannel with address 127.0.0.1:9065
2020-04-18T09:07:45.964Z | pick_first | CONNECTING -> READY
2020-04-18T09:07:45.964Z | resolving_load_balancer | dns:127.0.0.1:9065 CONNECTING -> READY
2020-04-18T09:07:45.964Z | connectivity_state | dns:127.0.0.1:9065 CONNECTING -> READY
2020-04-18T09:07:45.964Z | dns_resolver | Resolution update requested for target dns:127.0.0.1:9065
2020-04-18T09:07:45.964Z | dns_resolver | Resolution update requested for target dns:127.0.0.1:9065
2020-04-18T09:07:45.965Z | subchannel | 127.0.0.1:9065 refcount 2 -> 3
2020-04-18T09:07:45.965Z | subchannel | 127.0.0.1:9065 refcount 3 -> 2
lnrpc:service:Lightning Established gRPC connection to Lightning +4s
2020-04-18T09:07:45.965Z | dns_resolver | Resolved addresses for target dns:127.0.0.1:9065: [127.0.0.1:9065]
2020-04-18T09:07:45.965Z | pick_first | Connect to address list 127.0.0.1:9065
2020-04-18T09:07:45.965Z | subchannel | 127.0.0.1:9065 refcount 2 -> 3
2020-04-18T09:07:45.965Z | pick_first | Pick subchannel with address 127.0.0.1:9065
2020-04-18T09:07:45.965Z | subchannel | 127.0.0.1:9065 refcount 3 -> 2
2020-04-18T09:07:45.965Z | pick_first | READY -> READY
2020-04-18T09:07:45.965Z | resolving_load_balancer | dns:127.0.0.1:9065 READY -> READY
2020-04-18T09:07:45.965Z | connectivity_state | dns:127.0.0.1:9065 READY -> READY
2020-04-18T09:07:45.965Z | subchannel | 127.0.0.1:9065 refcount 2 -> 3
2020-04-18T09:07:45.965Z | subchannel | 127.0.0.1:9065 refcount 3 -> 2
lnrpc:service:Lightning Calling Lightning.getInfo async with: { payload: {}, options: { deadline: 1587200895966 } } +1ms
2020-04-18T09:07:45.966Z | channel | dns:127.0.0.1:9065 createCall [0] method="/lnrpc.Lightning/GetInfo", deadline=1587200895966
2020-04-18T09:07:45.967Z | call_stream | [0] Sending metadata
2020-04-18T09:07:45.967Z | channel | Pick result: COMPLETE subchannel: 127.0.0.1:9065 status: undefined undefined
2020-04-18T09:07:45.968Z | call_stream | [0] write() called with message of length 0
2020-04-18T09:07:45.968Z | call_stream | [0] end() called
2020-04-18T09:07:45.970Z | subchannel | Starting stream with headers
macaroon: 0201036c6e64028a01030a10184ded6e22a77b04dc159d8f92c9c12f1201301a0f0a07616464726573731204726561641a0c0a04696e666f1204726561641a100a08696e766f696365731204726561641a0f0a076d6573736167651204726561641a100a086f6666636861696e1204726561641a0f0a076f6e636861696e1204726561641a0d0a05706565727312047265616400000620b52e70826cb6371aefef9e7870dbb64210d412e560e1172a0c4b5900e2b91783
grpc-timeout: 29997m
grpc-accept-encoding: identity,deflate,gzip
accept-encoding: identity,gzip
:authority: zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion
user-agent: grpc-node-js/0.8.1
content-type: application/grpc
:method: POST
:path: /lnrpc.Lightning/GetInfo
te: trailers
2020-04-18T09:07:45.970Z | call_stream | [0] attachHttp2Stream from subchannel 127.0.0.1:9065
2020-04-18T09:07:45.970Z | subchannel | 127.0.0.1:9065 callRefcount 0 -> 1
2020-04-18T09:07:45.971Z | call_stream | [0] sending data chunk of length 5
2020-04-18T09:07:45.971Z | call_stream | [0] calling end() on HTTP/2 stream
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 163
Inner Content Type = Handshake (22)
NewSessionTicket, Length=142
ticket_lifetime_hint=604800
ticket_age_add=0
ticket_nonce (len=0):
ticket (len=129): 788BC919AC0964A26C446E8337628ADB4514B3A27D7FE0325A036F4E7C3DE3FFCCD75A5F90404F49125F4744364C96D89FB32C097191B8CB7ACE0F1D6A208CEC37562922A4454480AD9773E1432A65429F14CB1EACAF0776B96B033352A60A54F2E57F19870DD1FF97F482FDFA3BD4299BF12191933AE117E3E926594A3982DA64
No extensions
2020-04-18T09:08:05.971Z | subchannel | 127.0.0.1:9065 READY -> IDLE
2020-04-18T09:08:05.972Z | subchannel | 127.0.0.1:9065 refcount 2 -> 1
2020-04-18T09:08:05.972Z | pick_first | READY -> IDLE
2020-04-18T09:08:05.972Z | resolving_load_balancer | dns:127.0.0.1:9065 READY -> IDLE
2020-04-18T09:08:05.972Z | connectivity_state | dns:127.0.0.1:9065 READY -> IDLE
2020-04-18T09:08:11.568Z | subchannel | 127.0.0.1:9065 refcount 1 -> 0
2020-04-18T09:08:15.970Z | call_stream | [0] cancelWithStatus code: 4 details: "Deadline exceeded"
2020-04-18T09:08:15.971Z | call_stream | [0] ended with status: code=4 details="Deadline exceeded"
2020-04-18T09:08:15.972Z | subchannel | 127.0.0.1:9065 callRefcount 1 -> 0
2020-04-18T09:08:15.972Z | subchannel | 127.0.0.1:9065 IDLE -> TRANSIENT_FAILURE
lnrpc:grpc Disconnecting from all gRPC services +42s
lnrpc:grpc Disconnected from all gRPC services +0ms
(node:36520) UnhandledPromiseRejectionWarning: Error: 4 DEADLINE_EXCEEDED: Deadline exceeded
at Object.callErrorFromStatus (/Users/tom/workspace/node-lnd-grpc/node_modules/@grpc/grpc-js/src/call.ts:81:24)
at Object.onReceiveStatus (/Users/tom/workspace/node-lnd-grpc/node_modules/@grpc/grpc-js/src/client.ts:334:36)
at Object.onReceiveStatus (/Users/tom/workspace/node-lnd-grpc/node_modules/@grpc/grpc-js/src/client-interceptors.ts:434:34)
at Object.onReceiveStatus (/Users/tom/workspace/node-lnd-grpc/node_modules/@grpc/grpc-js/src/client-interceptors.ts:397:48)
at Http2CallStream.outputStatus (/Users/tom/workspace/node-lnd-grpc/node_modules/@grpc/grpc-js/src/call-stream.ts:230:22)
at Http2CallStream.maybeOutputStatus (/Users/tom/workspace/node-lnd-grpc/node_modules/@grpc/grpc-js/src/call-stream.ts:280:14)
at Http2CallStream.endCall (/Users/tom/workspace/node-lnd-grpc/node_modules/@grpc/grpc-js/src/call-stream.ts:264:12)
at Http2CallStream.cancelWithStatus (/Users/tom/workspace/node-lnd-grpc/node_modules/@grpc/grpc-js/src/call-stream.ts:592:10)
at Timeout.<anonymous> (/Users/tom/workspace/node-lnd-grpc/node_modules/@grpc/grpc-js/src/deadline-filter.ts:64:20)
at listOnTimeout (internal/timers.js:531:17)
(node:36520) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:36520) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
BINGO!
I've just updated https://github.com/grpc/grpc-node/pull/1369 with an additional commit which actually gets this working correctly!
I've probably broken some other stuff in the process so you should take a close look @murgatroid99 but essentially I have patched subchannel.createSession
to ensure that the proxied socket is used.
Here are the logs from a successful run with #1369 in place.
However still seems to be an issue with the cert because this only works if I also set NODE_TLS_REJECT_UNAUTHORIZED=0
but I have a feeling that to fix that I may need to include a cert from the tor proxy in my cert chain.
macbook-pro:node-lnd-grpc tom$ GRPC_TRACE=all GRPC_VERBOSITY=DEBUG DEBUG=lnrpc* TOR=true NODE_TLS_REJECT_UNAUTHORIZED=0 ./node_modules/.bin/babel-node --trace-tls test/servives.Lightning.test.js
lnrpc:grpc Initializing LndGrpc with config: { host: 'zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion:10009', cert: '/Users/tom/workspace/node-lnd-grpc/test/fixtures/testnet4/tls.cert', macaroon: '/Users/tom/workspace/node-lnd-grpc/test/fixtures/testnet4/readonly.macaroon' } +0ms
lnrpc:grpc Connecting to lnd gRPC service +6ms
lnrpc:tor Starting tor with settings: { DataDirectory: '/var/folders/1b/496ss_hn7dx7wntf1w8qn6200000gn/T/lnd-grpc-tCDHsg/data', HTTPTunnelPort: '127.0.0.1:9065', SocksPort: 0, 'Log notice': 'stdout' } +0ms
lnrpc:tor Generated torrc at /var/folders/1b/496ss_hn7dx7wntf1w8qn6200000gn/T/lnd-grpc-tCDHsg/torrc:
lnrpc:tor DataDirectory /var/folders/1b/496ss_hn7dx7wntf1w8qn6200000gn/T/lnd-grpc-tCDHsg/data
HTTPTunnelPort 127.0.0.1:9065
SocksPort 0
Log notice stdout
+1ms
lnrpc:tor Setting grpc_proxy as: http://127.0.0.1:9065 +0ms
lnrpc:tor Started tor process with pid: 36867 +5ms
lnrpc:torproc Apr 18 13:06:27.121 [notice] Tor 0.4.2.5 running on Darwin with Libevent 2.1.11-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
lnrpc:torproc Apr 18 13:06:27.122 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning +0ms
lnrpc:torproc Apr 18 13:06:27.122 [notice] Read configuration file "/var/folders/1b/496ss_hn7dx7wntf1w8qn6200000gn/T/lnd-grpc-tCDHsg/torrc". +0ms
lnrpc:torproc Apr 18 13:06:27.123 [notice] Opening HTTP tunnel listener on 127.0.0.1:9065 +1ms
lnrpc:torproc Apr 18 13:06:27.123 [notice] Opened HTTP tunnel listener on 127.0.0.1:9065 +0ms
lnrpc:torproc Apr 18 13:06:27.000 [notice] Parsing GEOIP IPv4 file /usr/local/Cellar/tor/0.4.2.5/share/tor/geoip. +1ms
lnrpc:torproc Apr 18 13:06:27.000 [notice] Parsing GEOIP IPv6 file /usr/local/Cellar/tor/0.4.2.5/share/tor/geoip6. +104ms
lnrpc:torproc Apr 18 13:06:27.000 [notice] Bootstrapped 0% (starting): Starting +52ms
lnrpc:torproc Apr 18 13:06:27.000 [notice] Starting with guard context "default" +0ms
lnrpc:torproc Apr 18 13:06:28.000 [notice] Bootstrapped 5% (conn): Connecting to a relay +1s
lnrpc:torproc Apr 18 13:06:28.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay +86ms
lnrpc:torproc Apr 18 13:06:28.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay +163ms
lnrpc:torproc Apr 18 13:06:28.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
lnrpc:torproc Apr 18 13:06:28.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection +111ms
lnrpc:torproc Apr 18 13:06:28.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus +84ms
lnrpc:torproc Apr 18 13:06:28.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus +106ms
lnrpc:torproc Apr 18 13:06:29.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. +1s
lnrpc:torproc Apr 18 13:06:30.000 [notice] Bootstrapped 40% (loading_keys): Loading authority key certs +88ms
lnrpc:torproc Apr 18 13:06:30.000 [notice] The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services. +142ms
lnrpc:torproc Apr 18 13:06:30.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
lnrpc:torproc Apr 18 13:06:30.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6812, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.) +1ms
lnrpc:torproc Apr 18 13:06:30.000 [notice] Bootstrapped 50% (loading_descriptors): Loading relay descriptors +285ms
lnrpc:torproc Apr 18 13:06:30.000 [notice] The current consensus contains exit nodes. Tor can build exit and internal paths. +318ms
lnrpc:torproc Apr 18 13:06:31.000 [notice] Bootstrapped 55% (loading_descriptors): Loading relay descriptors +248ms
lnrpc:torproc Apr 18 13:06:31.000 [notice] Bootstrapped 60% (loading_descriptors): Loading relay descriptors +51ms
lnrpc:torproc Apr 18 13:06:31.000 [notice] Bootstrapped 65% (loading_descriptors): Loading relay descriptors +193ms
lnrpc:torproc Apr 18 13:06:31.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits +321ms
lnrpc:torproc Apr 18 13:06:32.000 [notice] Bootstrapped 80% (ap_conn): Connecting to a relay to build circuits +658ms
lnrpc:torproc Apr 18 13:06:32.000 [notice] Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits +37ms
lnrpc:torproc Apr 18 13:06:32.000 [notice] Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits +40ms
lnrpc:torproc Apr 18 13:06:32.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
lnrpc:torproc Apr 18 13:06:32.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit +102ms
lnrpc:torproc Apr 18 13:06:33.000 [notice] Bootstrapped 100% (done): Done +833ms
lnrpc:service:Lightning Connecting to Lightning gRPC service +0ms
lnrpc:service:Lightning Establishing gRPC connection to Lightning with proto file /Users/tom/workspace/node-lnd-grpc/proto/0.9.0-beta/lnrpc/rpc.proto +3ms
2020-04-18T11:06:36.389Z | proxy | Proxy server 127.0.0.1:9065 set by environment variable grpc_proxy
2020-04-18T11:06:36.390Z | resolving_load_balancer | dns:127.0.0.1:9065 IDLE -> IDLE
2020-04-18T11:06:36.390Z | connectivity_state | dns:127.0.0.1:9065 IDLE -> IDLE
2020-04-18T11:06:36.390Z | dns_resolver | Resolver constructed for target dns:127.0.0.1:9065
2020-04-18T11:06:36.392Z | dns_resolver | Resolution update requested for target dns:127.0.0.1:9065
2020-04-18T11:06:36.392Z | resolving_load_balancer | dns:127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T11:06:36.392Z | connectivity_state | dns:127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T11:06:36.392Z | resolving_load_balancer | dns:127.0.0.1:9065 CONNECTING -> CONNECTING
2020-04-18T11:06:36.392Z | connectivity_state | dns:127.0.0.1:9065 CONNECTING -> CONNECTING
2020-04-18T11:06:36.393Z | dns_resolver | Resolved addresses for target dns:127.0.0.1:9065: [127.0.0.1:9065]
2020-04-18T11:06:36.393Z | pick_first | IDLE -> IDLE
2020-04-18T11:06:36.393Z | resolving_load_balancer | dns:127.0.0.1:9065 CONNECTING -> IDLE
2020-04-18T11:06:36.393Z | connectivity_state | dns:127.0.0.1:9065 CONNECTING -> IDLE
2020-04-18T11:06:36.393Z | pick_first | Connect to address list 127.0.0.1:9065
2020-04-18T11:06:36.394Z | subchannel | 127.0.0.1:9065 refcount 0 -> 1
2020-04-18T11:06:36.394Z | subchannel | 127.0.0.1:9065 refcount 1 -> 2
2020-04-18T11:06:36.394Z | pick_first | Start connecting to subchannel with address 127.0.0.1:9065
2020-04-18T11:06:36.394Z | pick_first | IDLE -> CONNECTING
2020-04-18T11:06:36.394Z | resolving_load_balancer | dns:127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T11:06:36.394Z | connectivity_state | dns:127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T11:06:36.394Z | subchannel | 127.0.0.1:9065 IDLE -> CONNECTING
2020-04-18T11:06:36.395Z | proxy | Using proxy 127.0.0.1:9065 to connect to zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion:10009
2020-04-18T11:06:36.396Z | pick_first | CONNECTING -> CONNECTING
2020-04-18T11:06:36.397Z | resolving_load_balancer | dns:127.0.0.1:9065 CONNECTING -> CONNECTING
2020-04-18T11:06:36.397Z | connectivity_state | dns:127.0.0.1:9065 CONNECTING -> CONNECTING
2020-04-18T11:06:40.086Z | proxy | Successfully connected to zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion:10009 through proxy 127.0.0.1:9065
Sent Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 340
ClientHello, Length=336
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0xCA82CAFE
random_bytes (len=28): 67D0ED2CBC4E84686BA139B5E7A6DBF5FEDE527D5E789E5259FFFA12
session_id (len=32): 995E91049C1AC5269B3FBABDB37C59A4899526AF7B498CC7BBE7BA9D681B421C
cipher_suites (len=118)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
{0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0xA3} TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
{0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
{0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xC0, 0xAF} TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
{0xC0, 0xAD} TLS_ECDHE_ECDSA_WITH_AES_256_CCM
{0xC0, 0xA3} TLS_DHE_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9F} TLS_DHE_RSA_WITH_AES_256_CCM
{0xC0, 0x5D} TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x61} TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x57} TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384
{0xC0, 0x53} TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0xA2} TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
{0xC0, 0xAE} TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
{0xC0, 0xAC} TLS_ECDHE_ECDSA_WITH_AES_128_CCM
{0xC0, 0xA2} TLS_DHE_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9E} TLS_DHE_RSA_WITH_AES_128_CCM
{0xC0, 0x5C} TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x60} TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x56} TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x52} TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
{0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
{0x00, 0x6A} TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
{0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
{0x00, 0x40} TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
{0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
{0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x38} TLS_DHE_DSS_WITH_AES_256_CBC_SHA
{0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
{0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x32} TLS_DHE_DSS_WITH_AES_128_CBC_SHA
{0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0xA1} TLS_RSA_WITH_AES_256_CCM_8
{0xC0, 0x9D} TLS_RSA_WITH_AES_256_CCM
{0xC0, 0x51} TLS_RSA_WITH_ARIA_256_GCM_SHA384
{0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0xA0} TLS_RSA_WITH_AES_128_CCM_8
{0xC0, 0x9C} TLS_RSA_WITH_AES_128_CCM
{0xC0, 0x50} TLS_RSA_WITH_ARIA_128_GCM_SHA256
{0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 145
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=12
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=session_ticket(35), length=0
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=48
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
ecdsa_sha1 (0x0203)
rsa_pkcs1_sha224 (0x0301)
rsa_pkcs1_sha1 (0x0201)
dsa_sha224 (0x0302)
dsa_sha1 (0x0202)
dsa_sha256 (0x0402)
dsa_sha384 (0x0502)
dsa_sha512 (0x0602)
extension_type=supported_versions(43), length=5
TLS 1.3 (772)
TLS 1.2 (771)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=38
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): 4CD00046825BF973A19FEFCD88CB7FBEF461056AECEE4C5C72BCD0D16F048025
(node:36866) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(node:36866) Warning: Enabling --trace-tls can expose sensitive data in the resulting log.
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 122
ServerHello, Length=118
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x38D447A0
random_bytes (len=28): D93E2B171A2E8158000C820D75D0CBA2048C091E08F2E68950A35E99
session_id (len=32): 995E91049C1AC5269B3FBABDB37C59A4899526AF7B498CC7BBE7BA9D681B421C
cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384
compression_method: No Compression (0x00)
extensions, length = 46
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
extension_type=key_share(51), length=36
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): F46330C29343B2246EC1B26539DF7BBBD8CF7417B4D00A8E9E37E7250EFFF547
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 23
Inner Content Type = Handshake (22)
EncryptedExtensions, Length=2
No extensions
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 643
Inner Content Type = Handshake (22)
Certificate, Length=622
context (len=0):
certificate_list, length=618
ASN.1Cert, length=613
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
93:13:16:77:3b:de:3e:22:3f:a5:40:53:ff:a7:48:ea
Signature Algorithm: ecdsa-with-SHA256
Issuer: O = lnd autogenerated cert, CN = zap-testnet4-lnd-0
Validity
Not Before: Oct 23 10:02:26 2019 GMT
Not After : Dec 17 10:02:26 2020 GMT
Subject: O = lnd autogenerated cert, CN = zap-testnet4-lnd-0
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:11:29:dd:92:9b:48:0d:c8:15:01:d1:fb:ba:50:
55:0c:f6:4d:b0:a5:a0:0f:5d:96:26:12:08:d9:59:
9b:50:df:48:53:56:45:15:cb:f8:de:48:3f:0f:2c:
c2:1f:4f:f5:e7:cb:43:1a:a1:e9:f8:da:72:7f:d2:
44:43:ef:b2:e1
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Alternative Name:
DNS:zap-testnet4-lnd-0, DNS:localhost, DNS:testnet4-lnd.zaphq.io, DNS:zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion, DNS:unix, DNS:unixpacket, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:10.52.4.62, IP Address:34.73.104.166, IP Address:10.55.252.96
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:88:18:82:16:68:18:ae:04:32:17:f3:8a:a1:
96:ff:23:8e:f1:9d:a6:58:4e:47:54:35:e6:a3:a2:63:28:14:
aa:02:21:00:ba:5f:76:04:00:c5:76:af:5a:db:36:cd:1f:68:
e5:18:4b:78:42:4e:61:4a:ef:97:28:5c:12:47:1d:61:6c:17
-----BEGIN CERTIFICATE-----
MIICYTCCAgagAwIBAgIRAJMTFnc73j4iP6VAU/+nSOowCgYIKoZIzj0EAwIwPjEf
MB0GA1UEChMWbG5kIGF1dG9nZW5lcmF0ZWQgY2VydDEbMBkGA1UEAxMSemFwLXRl
c3RuZXQ0LWxuZC0wMB4XDTE5MTAyMzEwMDIyNloXDTIwMTIxNzEwMDIyNlowPjEf
MB0GA1UEChMWbG5kIGF1dG9nZW5lcmF0ZWQgY2VydDEbMBkGA1UEAxMSemFwLXRl
c3RuZXQ0LWxuZC0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEESndkptIDcgV
AdH7ulBVDPZNsKWgD12WJhII2VmbUN9IU1ZFFcv43kg/DyzCH0/158tDGqHp+Npy
f9JEQ++y4aOB5DCB4TAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zCB
vQYDVR0RBIG1MIGyghJ6YXAtdGVzdG5ldDQtbG5kLTCCCWxvY2FsaG9zdIIVdGVz
dG5ldDQtbG5kLnphcGhxLmlvgj56YXBuMzRxZmVlZHcybDV5MjZwM2hubmt1c3Fu
Ymh4Y3h3NjRscTVjb2ptdnE0NXl3NGJjM3NxZC5vbmlvboIEdW5peIIKdW5peHBh
Y2tldIcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAAYcECjQEPocEIklopocECjf8YDAK
BggqhkjOPQQDAgNJADBGAiEAiBiCFmgYrgQyF/OKoZb/I47xnaZYTkdUNeajomMo
FKoCIQC6X3YEAMV2r1rbNs0faOUYS3hCTmFK75coXBJHHWFsFw==
-----END CERTIFICATE-----
------------------
No extensions
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 96
Inner Content Type = Handshake (22)
CertificateVerify, Length=75
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature (len=71): 304502201FE62BED82F843AC87C3A23622C2FECA0F1F06EC2B1A84ED3D5639A107308751022100FB76EACDBD02C44AC22F8B684019CB50EEF897318A188C3CD18D6926E32D9396
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 69
Inner Content Type = Handshake (22)
Finished, Length=48
verify_data (len=48): DAF05B65D14036C729A1C90D5422FBA5AD861117904BE11FC67098DEF934230D44F3165766BC68AE1AF362A87E13C0D3
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
change_cipher_spec (1)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 69
Inner Content Type = Handshake (22)
Finished, Length=48
verify_data (len=48): F7215109104F34EFAFC8585AEC254EA71995EC8E6FF952B74CC0C30B777B644884AAF84A0B1C8CF45588E57D3D4110B6
connectionOptions---------------------------------------- { secureContext: SecureContext { context: SecureContext {} } }
2020-04-18T11:06:40.966Z | subchannel | 127.0.0.1:9065 CONNECTING -> READY
2020-04-18T11:06:40.966Z | pick_first | Pick subchannel with address 127.0.0.1:9065
2020-04-18T11:06:40.967Z | pick_first | CONNECTING -> READY
2020-04-18T11:06:40.967Z | resolving_load_balancer | dns:127.0.0.1:9065 CONNECTING -> READY
2020-04-18T11:06:40.967Z | connectivity_state | dns:127.0.0.1:9065 CONNECTING -> READY
2020-04-18T11:06:40.967Z | dns_resolver | Resolution update requested for target dns:127.0.0.1:9065
2020-04-18T11:06:40.967Z | dns_resolver | Resolution update requested for target dns:127.0.0.1:9065
2020-04-18T11:06:40.967Z | subchannel | 127.0.0.1:9065 refcount 2 -> 3
2020-04-18T11:06:40.967Z | subchannel | 127.0.0.1:9065 refcount 3 -> 2
lnrpc:service:Lightning Established gRPC connection to Lightning +5s
2020-04-18T11:06:40.967Z | dns_resolver | Resolved addresses for target dns:127.0.0.1:9065: [127.0.0.1:9065]
2020-04-18T11:06:40.968Z | pick_first | Connect to address list 127.0.0.1:9065
2020-04-18T11:06:40.968Z | subchannel | 127.0.0.1:9065 refcount 2 -> 3
2020-04-18T11:06:40.968Z | pick_first | Pick subchannel with address 127.0.0.1:9065
2020-04-18T11:06:40.968Z | subchannel | 127.0.0.1:9065 refcount 3 -> 2
2020-04-18T11:06:40.968Z | pick_first | READY -> READY
2020-04-18T11:06:40.968Z | resolving_load_balancer | dns:127.0.0.1:9065 READY -> READY
2020-04-18T11:06:40.968Z | connectivity_state | dns:127.0.0.1:9065 READY -> READY
2020-04-18T11:06:40.968Z | subchannel | 127.0.0.1:9065 refcount 2 -> 3
2020-04-18T11:06:40.968Z | subchannel | 127.0.0.1:9065 refcount 3 -> 2
lnrpc:service:Lightning Calling Lightning.getInfo async with: { payload: {}, options: { deadline: 1587208030968 } } +1ms
2020-04-18T11:06:40.969Z | channel | dns:127.0.0.1:9065 createCall [0] method="/lnrpc.Lightning/GetInfo", deadline=1587208030968
2020-04-18T11:06:40.970Z | call_stream | [0] Sending metadata
2020-04-18T11:06:40.970Z | channel | Pick result: COMPLETE subchannel: 127.0.0.1:9065 status: undefined undefined
2020-04-18T11:06:40.971Z | call_stream | [0] write() called with message of length 0
2020-04-18T11:06:40.971Z | call_stream | [0] end() called
2020-04-18T11:06:40.973Z | subchannel | Starting stream with headers
macaroon: 0201036c6e64028a01030a10184ded6e22a77b04dc159d8f92c9c12f1201301a0f0a07616464726573731204726561641a0c0a04696e666f1204726561641a100a08696e766f696365731204726561641a0f0a076d6573736167651204726561641a100a086f6666636861696e1204726561641a0f0a076f6e636861696e1204726561641a0d0a05706565727312047265616400000620b52e70826cb6371aefef9e7870dbb64210d412e560e1172a0c4b5900e2b91783
grpc-timeout: 29997m
grpc-accept-encoding: identity,deflate,gzip
accept-encoding: identity,gzip
:authority: zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion
user-agent: grpc-node-js/0.8.1
content-type: application/grpc
:method: POST
:path: /lnrpc.Lightning/GetInfo
te: trailers
2020-04-18T11:06:40.973Z | call_stream | [0] attachHttp2Stream from subchannel 127.0.0.1:9065
2020-04-18T11:06:40.973Z | subchannel | 127.0.0.1:9065 callRefcount 0 -> 1
2020-04-18T11:06:40.973Z | call_stream | [0] sending data chunk of length 5
2020-04-18T11:06:40.974Z | call_stream | [0] calling end() on HTTP/2 stream
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 163
Inner Content Type = Handshake (22)
NewSessionTicket, Length=142
ticket_lifetime_hint=604800
ticket_age_add=0
ticket_nonce (len=0):
ticket (len=129): 788BC919AC0964A26C446E8337628ADBC2FEA0B7D736A324B234C349426D5130ED5F40F81306597C32D42D8043ABD10DA001454C6B3F9A2D4EDCEF59D86ABD2232BFA0C9DC3E7AEB75D068DB082B139B1A91B3D3E1C18E2E99AA62A01E5EFC477F4E97F90D9EAD545707324899CF101946F5E94CF894B49DB53691CB5C22FAC81F
No extensions
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 526
Inner Content Type = ApplicationData (23)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 26
Inner Content Type = ApplicationData (23)
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 26
Inner Content Type = ApplicationData (23)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 26
Inner Content Type = ApplicationData (23)
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 43
Inner Content Type = ApplicationData (23)
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 47
Inner Content Type = ApplicationData (23)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 34
Inner Content Type = ApplicationData (23)
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 787
Inner Content Type = ApplicationData (23)
2020-04-18T11:06:42.537Z | call_stream | [0] Received server headers:
:status: 200
content-type: application/grpc
2020-04-18T11:06:42.538Z | call_stream | [0] receive HTTP/2 data frame of length 705
2020-04-18T11:06:42.538Z | call_stream | [0] parsed message of length 705
2020-04-18T11:06:42.538Z | call_stream | [0] filterReceivedMessage of length 705
2020-04-18T11:06:42.539Z | call_stream | [0] pushing to reader message of length 700
2020-04-18T11:06:42.544Z | call_stream | [0] Received server trailers:
grpc-status: 0
grpc-message:
2020-04-18T11:06:42.545Z | call_stream | [0] received status code 0 from server
2020-04-18T11:06:42.545Z | call_stream | [0] received status details string "" from server
2020-04-18T11:06:42.545Z | call_stream | [0] ended with status: code=0 details=""
2020-04-18T11:06:42.546Z | subchannel | 127.0.0.1:9065 callRefcount 1 -> 0
2020-04-18T11:06:42.546Z | call_stream | [0] HTTP/2 stream closed with code 8
lnrpc:service:Lightning Connected to Lightning gRPC: {
lnrpc:service:Lightning uris: [
lnrpc:service:Lightning '029e87deb7d99e4660437a3fb5eb76fb8ebae1778152f72c3aac1bcd0f5e9986bc@34.73.104.166:9735',
lnrpc:service:Lightning '029e87deb7d99e4660437a3fb5eb76fb8ebae1778152f72c3aac1bcd0f5e9986bc@zapn34qfeedw2l5y26p3hnnkusqnbhxcxw64lq5cojmvq45yw4bc3sqd.onion:9735'
lnrpc:service:Lightning ],
lnrpc:service:Lightning chains: [ { chain: 'bitcoin', network: 'testnet' } ],
lnrpc:service:Lightning features: {
lnrpc:service:Lightning '0': { name: 'data-loss-protect', is_required: true, is_known: true },
lnrpc:service:Lightning '5': {
lnrpc:service:Lightning name: 'upfront-shutdown-script',
lnrpc:service:Lightning is_required: false,
lnrpc:service:Lightning is_known: true
lnrpc:service:Lightning },
lnrpc:service:Lightning '7': { name: 'gossip-queries', is_required: false, is_known: true },
lnrpc:service:Lightning '9': { name: 'tlv-onion', is_required: false, is_known: true },
lnrpc:service:Lightning '13': { name: 'static-remote-key', is_required: false, is_known: true },
lnrpc:service:Lightning '15': { name: 'payment-addr', is_required: false, is_known: true },
lnrpc:service:Lightning '17': { name: 'multi-path-payments', is_required: false, is_known: true }
lnrpc:service:Lightning },
lnrpc:service:Lightning identity_pubkey: '029e87deb7d99e4660437a3fb5eb76fb8ebae1778152f72c3aac1bcd0f5e9986bc',
lnrpc:service:Lightning alias: 'testnet4-lnd.zaphq.io',
lnrpc:service:Lightning num_pending_channels: 0,
lnrpc:service:Lightning num_active_channels: 13,
lnrpc:service:Lightning num_peers: 15,
lnrpc:service:Lightning block_height: 1720067,
lnrpc:service:Lightning block_hash: '00000000000001e7ddf9fe1b4a42fa5b552c5f5c7746e93e0c2130780d0bb2fb',
lnrpc:service:Lightning synced_to_chain: true,
lnrpc:service:Lightning testnet: true,
lnrpc:service:Lightning best_header_timestamp: 1587207509,
lnrpc:service:Lightning version: '0.9.1-beta commit=v0.9.1-beta-2-g24b5a2017a40e57821fe161bb35423177e4f8ee8',
lnrpc:service:Lightning num_inactive_channels: 1,
lnrpc:service:Lightning color: '#3399ff',
lnrpc:service:Lightning synced_to_graph: true
lnrpc:service:Lightning } +2s
lnrpc:proto Testing version string: 0.9.1-beta commit=v0.9.1-beta-2-g24b5a2017a40e57821fe161bb35423177e4f8ee8 +0ms
lnrpc:proto Parsed version string into version: 0.9.1-beta, commitString: commit=v0.9.1-beta-2-g24b5a2017a40e57821fe161bb35423177e4f8ee8 +0ms
lnrpc:proto Searching for closest match for version 0.9.1-beta in range: [ '0.9.0-beta', '0.8.0-beta', '0.7.1-beta', '0.7.0-beta', '0.6.0-beta', '0.5.2-beta', '0.5.1-beta', '0.5.0-beta', '0.4.2-beta' ] +0ms
lnrpc:proto Determined closest rpc.proto match as: 0.9.0-beta +1ms
lnrpc:service:Lightning Connected to Lightning gRPC service +2ms
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 30
Inner Content Type = ApplicationData (23)
Right, after a little more hackery I now have a version that works including properly validating the certs. See updated #1369. Again, the way I have done it in that PR is probably wrong and certainly needs some cleanup and more knowledgable eyes on it, but in summary what I believe needs to happen is:
1) Initate tls connection with destination as part of proxy socket instantiation (inspiration from https://www.vanamco.com/2014/06/24/proxy-requests-in-node-js/)
2) when setting up this proxied tls socket, ensure that aspects of the secure config is used, specifically custom checkServerIdentity
handler.
2) Ensure that proxied socket is used in conjunction with secure connections.
Is this fixed for you now that #1369 and #1381 have been published?
Problem description
Hi. I am trying to connect to a server over Tor via grpc and haven't had any success. Is this because Tor has
http/2
disabled for now? Has anyone had any success with grpc + Tor? Any pointers would be super helpful.Reproduction steps
Attempt to connect to a server over Tor