qbittorrent / qBittorrent

qBittorrent BitTorrent client
https://www.qbittorrent.org
Other
28.33k stars 3.98k forks source link

[BUG] OpenSSL doesn't work with TLS v1.2 Endpoint #20226

Open alphamike-1612 opened 10 months ago

alphamike-1612 commented 10 months ago

qBittorrent & operating system versions

qBittorrent: 4.6.2 x64 Operating System: Debian 12 BookWorm x64 Qt: 6.6.1 Libtorrent: 2.0.9.0 Boost: 1.83.0 OpenSSL: 1.1.1w zlib: 1.2.13

What is the problem?

Trying to configure e-mail notifications with oracle e-mail delivery. Oracle requires TLS to be v1.2 with a set of ciphers that are accepted. (Concerned link- https://docs.oracle.com/en-us/iaas/Content/Email/Reference/gettingstarted_topic-Configure_the_SMTP_connection.htm)

On setting up Notifications in qBittorrent with SSL enabled, I get the error:

03/01/24 11:26 AM - Email Notification Error: Error during SSL handshake: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

If SSL is disabled and only Authentication is used, I get the error:

03/01/24 11:32 AM - Email Notification Error: <mail from> was rejected by server, msg: 535 Authentication required

I have confirmed that the endpoint (Domain:Port) and Credentials all work. Sending a cURL e-mail from the system on which qBittorrent is installed works. Using other e-mail providers such as Google work. The endpoint mentioned in the Oracle docs is "smtp.email.ap-hyderabad-1.oci.oraclecloud.com" (Port 25 or 587, both require TLS) Changing this to include the protocol ie.) http://,smtp://,https:// gives the error message

03/01/24 11:29 AM - Email Notification Error: Host not found

My initial assumption was that qBittorrent was on an older TLS protocol, but that appears to not be the case. I am now leaning towards 2 things,

  1. qBittorrent doesn't send authentication values if SSL required is not checked.
  2. OpenSSL is unable to negotiate a TLS v1.2 connection.

Is this fixable by qBittorrent or should the issue be raised in openSSL?

Thank you

Steps to reproduce

  1. Install qBittorrent appimage
  2. Setup Email delivery with the following settings: a.) From - qbittorrent@homelab.internal b.)To - your-email-id-here c.)SMTP Server - smtp.email.ap-hyderabad-1.oci.oraclecloud.com:587 d.) Make sure This server requires SSL is unchecked e.) Check Authentication and enter your authentication details.
  3. Download a torrent and check logs to catch the authentication required 535 error.
  4. Check the "This server requires SSL" option.
  5. Download a torrent and check logs to see the Wrong SSL version error

Additional context

No response

Log(s) & preferences file(s)

No response

sledgehammer999 commented 10 months ago

FYI, the email notification code lives here: https://github.com/qbittorrent/qBittorrent/blob/v4_6_x/src/base/net/smtp.cpp

We don't initialized to some specific TLS version. According to the Qt docs the default protocol is QSsl::SecureProtocols (whatever that means in your specific environment).

I don't know if you're savvy enough to put debug print statements in smtp.cpp and build+test yourself in order to pinpoint the exact cause of the problem.

Znerox commented 8 months ago

For the record, I've experienced something similar in qBittorrent. Multiple times the last year, all communication with trackers has been with TLSv1. If the tracker doesn't support that, then those torrents don't work. At a later point, without updating the qBittorrent docker image, TLSv2 and TLSv3 is being used, as it should.