mm201 / pkmn-classic-framework

Pokémon application logic for Generation IV and V, including servers
http://pkmnclassic.net/
Other
227 stars 43 forks source link

Gen 5 SSL cert questions #114

Closed ZeikkuSSJ7 closed 2 years ago

ZeikkuSSJ7 commented 2 years ago

Hi, for the past few days I have been setting up an dwc server with this framework following the old guide at the wiki, and up until now I have been able to do everything in Gen 4 (gts, battle videos, mystery gifts), but with gen 5 I can only get mystery gifts to work. I took a look at the code and I discovered that Gen 5 uses SSL for some kind of handshake between the server and the game, but I have no idea as to which of the domains are used for the SSL cert, nor how do I set it up. The errors that I am getting are:

My games (Platinum, HeartGold, Black, Black 2) come from my original copies, and I patched them with WfcPatcher. My testing devices were:

There are two things to consider with my setup. First, I am using a Windows machine as the server with IIS pages enabled and all the requests to the GTS are going through the Apache reverse proxy, and second, I had to update this project to .NET 4.8 to get it to even open in Visual Studio 2022, but aside from that everything else works.

As for the Battle Video Server, everything works for Gen 4, but in Gen 5 the console throws an exception related to the SSL handshake I was talking about with either of this messages.

A call to SSPI failed, see inner exception. The client and server cannot communicate, because they do not possess a common algorithm.

So, is there anyone that knows exactly what the issue is? Do I have to enable SSLv3 in my server to make it work? And how do I exactly create the certificate for the server, just by using any CA like LetsEncrypt or like the nds-constraint project? Thanks for any help!

mm201 commented 2 years ago

13275 happens when it can't communicate with pkvldtprod.nintendo.co.jp which is the anti-cheat server. If you're using noSSL patches, you should just be able to add a DNS entry for it, pointing to the GTS, and it will work.

The SSPI failed exception is because the DS is trying to communicate with the Battle Video server over SSLv3 with an RC4 cipher. Check the comment at: https://github.com/mm201/pkmn-classic-framework/blob/a9ca79f6bcdff3d28977de96976b583306069521/GlobalTerminalService/GTServerBase.cs#L215-L220 You can manually enable the ciphers through the registry or with IISCrypto.