p0358 / notepadpp-CodeStats

Notepad++ plugin for Code::Stats (https://codestats.net)
Other
39 stars 22 forks source link

Failed to create SSL/TLS channel. #17

Closed clzls closed 2 years ago

clzls commented 5 years ago

I have used this plugin for several months. But one day I found that my Code::Stats xp was not growing any more:

Last programmed Sep 10, 2019.

And here's part of the log file. The following Chinese has a similar meaning with the sentence Request aborted: failed to create SSL / TLS secure channel.

[Code::Stats Debug 05:33:43 下午] No proxy will be used. It's either not set or badly formatted. [Code::Stats Debug 05:33:43 下午] Pulsing {"xps":[{"language":"Log","xp":1}],"coded_at":"2019-11-06T17:32:07+08:00"} [Code::Stats HandledException 05:33:44 下午] Could not pulse. Are you behind a proxy? Try setting a proxy in Code::Stats settings with format https://user:pass@host:port. Exception Traceback:: System.Net.WebException: 请求被中止: 未能创建 SSL/TLS 安全通道。 在 System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request) 在 System.Net.WebClient.UploadString(Uri address, String method, String data) 在 System.Net.WebClient.UploadString(String address, String data) 在 CodeStats.CodeStatsPackage.ProcessPulses()

I tried changing API URL's protocol from https to http but nothing changed. If I checked the usage reporting option, I would also get a warning "cannot connect to remote server". I'm able to access https://codestats.net/api/my/pulses directly using my Chrome.

Using v1.0.1. & Notepad++ v7.7.1 (32-bit)

p0358 commented 5 years ago

You are the second person reporting this, so I'll need to look into this. Please help me debug this:

  1. Open plugin settings
  2. Enter https://www.howsmyssl.com/a/check as API URL, temporarily
  3. Enable debug logging (I see you already have it enabled)
  4. Save and restart Notepad++ (or the settings won't take effect)
  5. Type something somewhere and wait for pulse
  6. Open log and paste here the results, which will contain the list of ciphers supported on your system

And also let me know what is your Windows version, including update/compilation version (winver)

clzls commented 5 years ago

You are the second person reporting this, so I'll need to look into this. Please help me debug this:

  1. Open plugin settings
  2. Enter https://www.howsmyssl.com/a/check as API URL, temporarily
  3. Enable debug logging (I see you already have it enabled)
  4. Save and restart Notepad++ (or the settings won't take effect)
  5. Type something somewhere and wait for pulse
  6. Open log and paste here the results, which will contain the list of ciphers supported on your system

And also let me know what is your Windows version, including update/compilation version (winver)

The debug log:

[Code::Stats Debug 10:01:29 上午] Pulsing {"xps":[{"language":"C++","xp":7}],"coded_at":"2019-11-11T10:01:14+08:00"} [Code::Stats HandledException 10:01:31 上午] Error pulsing, response does not contain "ok" or "success": {"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_3DES_EDE_CBC_SHA"],"ephemeral_keys_supported":true,"session_ticket_supported":true,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_splitting":true,"insecure_cipher_suites":{},"tls_version":"TLS 1.0","rating":"Bad"}:

Windows 10 Pro Education, ver. 1809 (internal version 17763.805) image

p0358 commented 5 years ago

Okay, so for now Code::Stats admin have enabled support for TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher, let us know if it fixed the issue by itself for now.

Reading further on Microsoft help pages, I've learned that it might be an issue of old .NET Framework target version. Why it only happens to seemingly minor group of users, excluding me, is unclear for me. https://docs.microsoft.com/en-us/security/solving-tls1-problem#rebuildretarget-managed-applications-using-the-latest-net-framework-version https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#systemdefaulttlsversions

I'll need to think whether I should just hardcode-enable support for newer TLS versions, change target .NET version risking incompatibility with some of the current users/systems, or try to use an external system-independent HTTP library like some libcurl wrapper.

Anyways, if the cipher change didn't help, Microsoft recommends to set these registry keys to force-enable latest TLS versions in older apps:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
danijcom commented 5 years ago

I think I should join the discussion on how long I used this plugin, and now it does not work. First problem: access violation messagebox error when trying to open plugin (but after some amount of attempts its open). The second problem: connection error (Unable to connect to the remote server messagebox) when press save button.

Adding registry keys from your previous message did not affect :C

clzls commented 5 years ago

It's getting more and more confusing now... Several 400 Bad Request after adding the registry keys... (But Code::Stats received the xp https://codestats.net/users/%E5%92%B2%E3%81%8F)

[Code::Stats Debug 03:35:27 下午] No proxy will be used. It's either not set or badly formatted. [Code::Stats Debug 03:35:27 下午] Pulsing {"xps":[{"language":"Log","xp":1}],"coded_at":"2019-11-17T15:34:38+08:00"} [Code::Stats Debug 03:35:27 下午] Pulsing {"xps":[{"language":"Log","xp":1}],"coded_at":"2019-11-17T15:35:13+08:00"} [Code::Stats HandledException 03:35:28 下午] Could not pulse. Are you behind a proxy? Try setting a proxy in Code::Stats settings with format https://user:pass@host:port. Exception Traceback:: System.Net.WebException: 远程服务器返回错误: (400) 错误的请求。 在 System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request) 在 System.Net.WebClient.UploadString(Uri address, String method, String data) 在 System.Net.WebClient.UploadString(String address, String data) 在 CodeStats.CodeStatsPackage.ProcessPulses()

clzls commented 5 years ago

I think I should join the discussion on how long I used this plugin, and now it does not work. First problem: access violation messagebox error when trying to open plugin (but after some amount of attempts its open). The second problem: connection error (Unable to connect to the remote server messagebox) when press save button.

Adding registry keys from your previous message did not affect :C

I got several Access violation just like you... The second problem may be caused by Anonymous usage stats reporting (just uncheck that checkbox)

p0358 commented 5 years ago

Access violation sounds strange, I've never encountered it personally. Usage stats reporting errors will be fixed in the next update

Nicd commented 5 years ago

@clzls Hello, I'm the administrator of Code::Stats. I want to get the site working for you. Can you join our Discord server at https://discord.gg/gyzRfjc (or some other of our channels, you can find the links in our site footer)? I would need your IP address to search through the Nginx request logs.

p0358 commented 5 years ago

I suppose I know what might had happened with the 400 error. I'm slowly rewriting async pulse code, and during throttling testing similiar thing happened to me, the response was {"error":"Invalid xps format."} and it was caused by some headers not being appended by the client for some reason at some times. But after that happened, the plugin is going to keep retrying the pulse, where it will work and get accepted eventually.

client.Headers[HttpRequestHeader.UserAgent] = Constants.PluginUserAgent;
client.Headers[HttpRequestHeader.ContentType] = "application/json";
client.Headers[HttpRequestHeader.Accept] = "*/*";
client.Headers["X-API-Token"] = ApiKey;

It seems that the first 3 are lost, and the last one was appended successfully. I'm going to specify header names manually, instead of using these enums then and see if I can encounter the issue again. But in general the fact that you get a HTTP response (whatever it was) means that the registry change did indeed help, and TLS connection was estabilished

clzls commented 5 years ago

@clzls Hello, I'm the administrator of Code::Stats. I want to get the site working for you. Can you join our Discord server at https://discord.gg/gyzRfjc (or some other of our channels, you can find the links in our site footer)? I would need your IP address to search through the Nginx request logs.

@Nicd Thanks, but it may be working for me now... (And I am trying to read all messages about this issue on https://gitter.im/code-stats/Lobby now...)

danijcom commented 4 years ago

Well, I downloaded the project files from here, did a rebuild (since there were no updates in the releases for a very long time), and installed the built plugin instead of the old one in notepad.

After the replacement, the plugin first displayed an error (something about trouble with pulse URL), but then it worked (I can notice that I also replaced the URL with https://codestats.net/api/my/pulses, although it is exactly the same by standard).

In general, everything finally worked for me, I'm so happy 🎉 You can download last build (i guess fixed build) from here or you can also build it itself from project files.

@p0358, I think you should update plugin file in releases 😃

p0358 commented 4 years ago

@danijcom I will need to do this eventually, but I still need to finish some half-done features before most likely, and I seem to do it in bursts and then loose the motivation again for some time :D

danijcom commented 4 years ago

I understand you, it happens to me too. I just really wanted a working plugin, could not stand it, and decided to make a build myself :D

titalvi commented 4 years ago

Okay, so for now Code::Stats admin have enabled support for TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher, let us know if it fixed the issue by itself for now.

Reading further on Microsoft help pages, I've learned that it might be an issue of old .NET Framework target version. Why it only happens to seemingly minor group of users, excluding me, is unclear for me. https://docs.microsoft.com/en-us/security/solving-tls1-problem#rebuildretarget-managed-applications-using-the-latest-net-framework-version https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#systemdefaulttlsversions

I'll need to think whether I should just hardcode-enable support for newer TLS versions, change target .NET version risking incompatibility with some of the current users/systems, or try to use an external system-independent HTTP library like some libcurl wrapper.

Anyways, if the cipher change didn't help, Microsoft recommends to set these registry keys to force-enable latest TLS versions in older apps:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

I've had the same issue and can confirm that adding the Windows registry keys mentioned above solved it for me.

meechew commented 4 years ago

Well, I downloaded the project files from here, did a rebuild (since there were no updates in the releases for a very long time), and installed the built plugin instead of the old one in notepad.

After the replacement, the plugin first displayed an error (something about trouble with pulse URL), but then it worked (I can notice that I also replaced the URL with https://codestats.net/api/my/pulses, although it is exactly the same by standard).

In general, everything finally worked for me, I'm so happy 🎉 You can download last build (i guess fixed build) from here or you can also build it itself from project files.

@p0358, I think you should update plugin file in releases 😃

The 32 bit plugin would not work with my version onf NPP

p0358 commented 2 years ago

This should be fixed in the latest release now. If the error still occurs, it is likely that the installed OS is Windows 7 or older without appropriate TLS version support, which should be unlikely, but can be fixed by installing appropriate system updates (these versions should support newer TLS already generally, but old version of the plugin didn't explicitly enable it, and on old .NET it defaulted to disabled...).

Of course if this happens again to someone, they're free to comment here and we can diagnose the cause again...