Elk M1 no longer integrating after upgrade to Core 2023.6

[witoldwitkowski]

The problem

After upgrading to 6.0 from 5.x was unable to connect to the Elk M1.

What version of Home Assistant Core has the issue?

6.0

What was the last working version of Home Assistant Core?

5.4

What type of installation are you running?

Home Assistant OS

Integration causing the issue

Elk M1

Link to integration documentation on our website

https://github.com/home-assistant/core/tree/dev/homeassistant/components/elkm1

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

Logger: elkm1_lib.connection
Source: components/elkm1/__init__.py:389
First occurred: 9:00:17 PM (12 occurrences)
Last logged: 9:14:35 PM

ElkM1 at elks://192.168.1.190 disconnecting

Logger: elkm1_lib.connection
Source: runner.py:179
First occurred: 8:59:57 PM (185 occurrences)
Last logged: 9:15:39 PM

Error connecting to ElkM1 ([SSL: NO_PROTOCOLS_AVAILABLE] no protocols available (_ssl.c:1002)). Retrying in 60 seconds
Error connecting to ElkM1 ([SSL: NO_PROTOCOLS_AVAILABLE] no protocols available (_ssl.c:1002)). Retrying in 4 seconds
Error connecting to ElkM1 ([SSL: NO_PROTOCOLS_AVAILABLE] no protocols available (_ssl.c:1002)). Retrying in 8 seconds
Error connecting to ElkM1 ([SSL: NO_PROTOCOLS_AVAILABLE] no protocols available (_ssl.c:1002)). Retrying in 16 seconds
Error connecting to ElkM1 ([SSL: NO_PROTOCOLS_AVAILABLE] no protocols available (_ssl.c:1002)). Retrying in 32 seconds

Additional information

No response

[home-assistant[bot]]

Hey there @gwww, @bdraco, mind taking a look at this issue as it has been labeled with an integration (elkm1) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of `elkm1` can trigger bot actions by commenting: - `@home-assistant close` Closes the issue. - `@home-assistant rename Awesome new title` Renames the issue. - `@home-assistant reopen` Reopen the issue. - `@home-assistant unassign elkm1` Removes the current integration label and assignees on the issue, add the integration domain after the command.

_{^{(message by CodeOwnersMention)}}

---

elkm1 documentation elkm1 source _{^{(message by IssueLinks)}}

[alindner19]

I've got the same issue, definitely worked before 2023.6 upgrade.

[bdraco]

Its python 3.11's default allowed protocols likely

[gwww]

I just looked through the Python 3.11 SSL doc and did not see any change. Is there somewhere else to look?

[bdraco]

It might also be the openssl version used in the container

[bdraco]

I think we can fix it by changing

https://github.com/gwww/elkm1/blob/2a9f965508b8615cfc00eb3d4f7ee8f3038e243f/elkm1_lib/util.py#L41

to ssl_context.set_ciphers("DEFAULT")

[gwww]

I just published 2.2.3 with the suggested fix. I don't have a way to test it as I'm travelling. Just go ahead a create HA PR?

[bdraco]

If you create an HA PR, I will post commands to test it

[bdraco]

cd /config
curl -o- -sSL https://gist.githubusercontent.com/bdraco/43f8043cb04b9838383fd71353e99b18/raw/core_integration_pr | bash /dev/stdin -d elkm1 -p 92496

[bdraco]

@witoldwitkowski @alindner19 Can you try installing that PR as a custom component and see if it fixes the problem?

[bdraco]

edit:

typoed the PR#

corrected below

cd /config
curl -o- -sSL https://gist.githubusercontent.com/bdraco/43f8043cb04b9838383fd71353e99b18/raw/core_integration_pr | bash /dev/stdin -d elkm1 -p 94296

[jnoxon]

edit:

typoed the PR#

corrected below

cd /config
curl -o- -sSL https://gist.githubusercontent.com/bdraco/43f8043cb04b9838383fd71353e99b18/raw/core_integration_pr | bash /dev/stdin -d elkm1 -p 94296

Still having the same issue here.

[gwww]

@jnoxon are your logs the same as OP?

[jnoxon]

@jnoxon are your logs the same as OP?

Yes

[gwww]

@bdraco I'm home now and have done some testing. Using MacOS, Python 3.11.4, latest openssl, and both the elkm1_lib versions 2.2.2 (shipping with 2023.6.0) and 2.2.3 (proposed patch) - works on my system. I can connect using secure mode no problem.

Going off of memory, I thought I saw some SSL related update for supervisor a couple of days ago. Any way that could be related? The release notes said something about setting an SSL env variable. I poked but have not yet found the repo.

Do you know of any other system level changes that might impact this?

[gwww]

Found the release... It was supervisor release 2023.06.1; specifically this PR: https://github.com/home-assistant/supervisor/pull/4342

[alindner19]

Didn't fix it for me either. Same result.

[alindner19]

I ran it in 6.0. Didn't realize 6.1 was out, I'm getting 6.1 now to try it.

On 6/8/2023 8:24 PM, Glenn Waters wrote:

Did you just switch onto 2023.06.1 or were you already running it?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[alindner19]

I get the same thing running 2023.6.1, but without bdraco's code he published 5 hours ago. It is unclear to me if that was meant for 6.0 or 6.1.

On 6/8/2023 8:24 PM, Glenn Waters wrote:

Did you just switch onto 2023.06.1 or were you already running it?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[gwww]

I suspect that the patch for the integration won’t change anything but worth a try.

[wappinghigh]

Same issue. Went back to 5.4

[t90rak]

I had the same error message as OP and was unable to connect to Elk M1 on 2023.6 and 2023.6.1. Downgraded the docker image to 2023.5.4 and works. Running home assistant core in docker, not supervised.

[bdraco]

It’s either a change in OpenSSL or python 3.11 that is causing it. Haven’t found it yet though

[bdraco]

Looks like OpenSSL 3.1 changed things a bit and DEFAULT won’t work anymore

https://www.openssl.org/docs/man3.0/man1/openssl-ciphers.html

we likely need to try ALL next

[gwww]

Is there a way to get python to use openssl 3. Mine is using OpenSSL 1.1.1u 30 May 2023

The existing production code work, as does default and all with 1.1.1u

[gwww]

Since ALL works with my setup, I pushed 2.2.4 of the elkm1_lib and updated the HA core PR to use it. When the build is done is someone can try it out. (I'll be offline until tonight EDT).

[bdraco]

The same command I posted above can be run again to pull the new change

cd /config
curl -o- -sSL https://gist.githubusercontent.com/bdraco/43f8043cb04b9838383fd71353e99b18/raw/core_integration_pr | bash /dev/stdin -d elkm1 -p 94296

[wappinghigh]

I'm not a Python programmer, but I will say I'm a massive fan of whoever wrote the Elk HA integration. Alarm <> Smart Home interconnection is the killer interface in a project. I recall it was the main reason I went with Control4 all those years ago and when I found out Elk could be connected within HA it was also the trigger (literally) for taking the dive in the first place into HA. And installing it as my new home auto project, and ditching Control4. Since doing that I have never looked back! But it's crucial that things be stable. This is security we are talking about here. As we all know this fabulous driver exposes every alarm sensor as well as arrival/leave action triggers to automation using the alarm. There are a myriad of things that make it totally awesome. This is the second time it has broken recently due to a major upgrade in HA. Things shouldn't feel beta when it comes to home security. Is there any way the developers at Nabu Casa can test Elk integration first before a HA update release?. I know I am probably asking too much, but I feel it's important to say it. When a HA update doesn't go well like this, my whole home automation comes crashing down. Its a bad look. My wife starts to notice and complain. Security is crucial to a smart home ecosystem. Cheers

[frr032]

Sorry to bother you guys. I have the same issue with the Elk integration after upgrading from HS 5.4 to 6.1.

Error connecting to ElkM1 ([SSL: NO_PROTOCOLS_AVAILABLE] no protocols available (_ssl.c:1002)). Retrying in 60 seconds 5:06:55 PM – (WARNING) runner.py - message first occurred at 5:03:55 PM and shows up 33 times

I'm new to HA have not done much with the command line interface. I pasted the command from the post above into Terminal and there is an error "fatal: invalid refspec 'pull/94296~/head'" in the output. See below.

Any suggestions? I really need to get Elk back online. Thanks!

Home Assistant 2023.6.1 Supervisor 2023.06.1 Operating System 10.2 Frontend 20230608.0 - latest

[core-ssh config]$ curl -o- -sSL https://gist.githubusercontent.com/bdraco/43f8043cb04b9838383fd71353e99b18/raw/core_integration_pr | bash /dev/stdin -d elkm1 -p 94296~ INFO: Current dir is /root/config INFO: Cloning core to Cloning into '/tmp/core_git'... remote: Enumerating objects: 15502, done. remote: Counting objects: 100% (15502/15502), done. remote: Compressing objects: 100% (12984/12984), done. remote: Total 15502 (delta 2451), reused 7619 (delta 1483), pack-reused 0 Receiving objects: 100% (15502/15502), 16.93 MiB | 7.14 MiB/s, done. Resolving deltas: 100% (2451/2451), done. Updating files: 100% (13309/13309), done. INFO: Checking out PR#94296~ fatal: invalid refspec 'pull/94296~/head'** INFO: Cleaning up [core-ssh config]$

[gwww]

@frr032 You have a typo. You should not have a ~ at the end of the line.

[starman2k01]

The same command I posted above can be run again to pull the new change

cd /config
curl -o- -sSL https://gist.githubusercontent.com/bdraco/43f8043cb04b9838383fd71353e99b18/raw/core_integration_pr | bash /dev/stdin -d elkm1 -p 94296

Successfully ran the update but still same problem. Error connecting to ElkM1 ([SSL: NO_PROTOCOLS_AVAILABLE] no protocols available (_ssl.c:1002)).

[alindner19]

I have the same problem with the latest update, didn't fix issue. I also noticed I couldn't get into Elk M1 with Elk RP either with HA 6.x running. I went back to HA 5.4 and I can now get back into Elk RP and HA works still. So whatever 6.x is doing, it is ruining ElkRP connectivity in addition.

[chase314]

Ran into the same issue this morning after upgrading to 2023.6.1, reverted back to my previous backup and am going to watch this thread for a fix.

[t90rak]

The same command I posted above can be run again to pull the new change

cd /config
curl -o- -sSL https://gist.githubusercontent.com/bdraco/43f8043cb04b9838383fd71353e99b18/raw/core_integration_pr | bash /dev/stdin -d elkm1 -p 94296

Same here. The patch fix didn't work. Still getting same error.

[frr032]

I fixed the typo at the end of the line. It ran successfully, restarted HA. The patch did not work for me either. Same error.

What should we try next? Thanks.

[gwww]

A few things that could help. Try to find what changed in python 3.11 with respect to openssl support. I’ve done some searching but have not found any clues.

At the moment I’m fighting with my system trying to get python working with the openssl 3.1 library. OpenSSL 3.1 is suspected as the culprit for this problem.

Other options for the time being… use older HA or switch ElkM1 integration to use non secure.

I’m without computer tomorrow until Sunday so someone else will have to work this while I’m gone.

[gwww]

@bdraco could this problem be related to this line of code. I've looked at the openssl docs but don't fully understand why the loc is useful. https://github.com/gwww/elkm1/blob/main/elkm1_lib/util.py#L46

[dragonsoul84]

I'm having the same issue, cannot connect via ELK RP either. I tried reloading my 5.4 backup, but it doesn't seem to work. It says it is restoring the backup and just sits there with the spinning icon. If I look at the console for my VM it shows that HA is rebooted, but still on 6.1 and the web interface will not load. One attempt I got it show 5.4 on console, but no web interface. Force a reboot through the VM Supervisor and it always reboots to 6.1 and acts like I never did a restore. If I can't restore, I really need to get my ELK working again. I use UPB lighting through my elk so I have lost all my lighting controls and my security controls.

[bdraco]

@bdraco could this problem be related to this line of code. I've looked at the openssl docs but don't fully understand why the loc is useful. https://github.com/gwww/elkm1/blob/main/elkm1_lib/util.py#L46

I wouldn’t think that would be related to this issue

[bdraco]

We might need ‘ALL@SECLEVEL=1’

I get back home later today so I’ll be in a position to see if I can replicate it rather than throwing guesses on what OpenSSL has decided to change

[gwww]

I finally have a test rig.

Doing:

/opt/homebrew/opt/openssl@1.1/bin/openssl s_client -cipher ALL@SECLEVEL=1 -tls1 -connect 192.168.2.12:2601

works. As does DEFAULT, DEFAULT@SECLEVEL=1, and a few other combinations I tried.

When I switch to @3.1 version of openssl nothing connects.

I too am trying to see what changed in openssl 3.1.

[starman2k01]

I'm having the same issue, cannot connect via ELK RP either. I tried reloading my 5.4 backup, but it doesn't seem to work. It says it is restoring the backup and just sits there with the spinning icon. If I look at the console for my VM it shows that HA is rebooted, but still on 6.1 and the web interface will not load. One attempt I got it show 5.4 on console, but no web interface. Force a reboot through the VM Supervisor and it always reboots to 6.1 and acts like I never did a restore. If I can't restore, I really need to get my ELK working again. I use UPB lighting through my elk so I have lost all my lighting controls and my security controls.

I can't restore to 5.4 either, same problem. Weird combination of bugs...I run my whole house via ELK so this hurts...

[frr032]

Same issue with ELK RP even if I disabled the integration and rebooting the M1XEP. Had to stop HA in order to connect via Elk RP.

Don't know of this is related but the Roku and Magic Home integrations will not load either. Other network devices wired and wireless do work.

[wappinghigh]

I'm having the same issue, cannot connect via ELK RP either. I tried reloading my 5.4 backup, but it doesn't seem to work. It says it is restoring the backup and just sits there with the spinning icon. If I look at the console for my VM it shows that HA is rebooted, but still on 6.1 and the web interface will not load. One attempt I got it show 5.4 on console, but no web interface. Force a reboot through the VM Supervisor and it always reboots to 6.1 and acts like I never did a restore. If I can't restore, I really need to get my ELK working again. I use UPB lighting through my elk so I have lost all my lighting controls and my security controls.

I can't restore to 5.4 either, same problem. Weird combination of bugs...I run my whole house via ELK so this hurts...

I also run my whole house via ELK...(see comment above) so I am with you dude.. I managed to restore a full 5.4 backup. Maybe try again? Can I be so bold as suggest the fantastic developers of this wonderful integration get a heads up of possible breaks with future HA upgrades? Or maybe get a look at things in beta first before any release to mainstream users? Like I said this is the major integration for some of us with alarms. Whole houses can be shut down with a break like this. Cheers

[dragonsoul84]

Unfortunately, the restore that HA created is only a partial. I tried using the CLI to do a restore and the HA supervisor log has an error that basically just cries about it being a partial. I don't know why it wouldn't be able to restore it though, what is the point of a partial update if the system is just going to say "sorry, can't restore because it is a partial update".

In my attempts to get the system to do the restore, it appears I have somehow broken something further because now I can't get it to stay booted. It will fully boot, allow me into the web interface for maybe a minute, then shutdown. One thing after another.

[gwww]

I just pushed a fix that works for me. Fingers crossed! @bdraco the magic incantation was SECLEVEL=0. Found it when I found the right release notes.

[wappinghigh]

^I wish I could fund you somehow gw - even if it was a small fraction for the obvious toil you put into this - just as an appreciation of all yr work. And bd as well... This integration is so so important ... Thanks to both for all yr efforts

[wappinghigh]

Unfortunately, the restore that HA created is only a partial. I tried using the CLI to do a restore and the HA supervisor log has an error that basically just cries about it being a partial. I don't know why it wouldn't be able to restore it though, what is the point of a partial update if the system is just going to say "sorry, can't restore because it is a partial update".

In my attempts to get the system to do the restore, it appears I have somehow broken something further because now I can't get it to stay booted. It will fully boot, allow me into the web interface for maybe a minute, then shutdown. One thing after another.

maybe note to self (next time) ? Always do a full back up. Hopefully the fix is coming shortly

[gwww]

I get enough love by just writing code. Sometimes its painful... especially this SSL stuff which I only know about by writing this integration. Fortunately I have the very talented @bdraco to lean on ❤️

It would be great if someone could test using the same procedure earlier in the thread.

[t90rak]

I get enough love by just writing code. Sometimes its painful... especially this SSL stuff which I only know about by writing this integration. Fortunately I have the very talented @bdraco to lean on ❤️

It would be great if someone could test using the same procedure earlier in the thread.

Thank you so much. I can confirm the latest fix works for me on 2023.6.1.