search

rembo10 / headphones

Automatic music downloader for SABnzbd
GNU General Public License v3.0
3.39k stars 600 forks source link

SSL errors #3166

Open Nixellion opened 5 years ago

Nixellion commented 5 years ago

After updating to ubuntu 18.04 I now get these errors:

Traceback (most recent call last):
  File "Headphones.py", line 238, in <module>
    main()
  File "Headphones.py", line 207, in main
    webstart.initialize(web_config)
  File "/opt/headphones/headphones/webstart.py", line 120, in initialize
    cherrypy.server.start()
  File "lib/cherrypy/_cpserver.py", line 168, in start
    ServerAdapter.start(self)
  File "lib/cherrypy/process/servers.py", line 177, in start
    self.wait()
  File "lib/cherrypy/process/servers.py", line 226, in wait
    raise self.interrupt
OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ca md too weak')]

The question is - can I turn HTTPS\SSL off entirely? I'd like headphone to run in HTTP mode. I really don't see the point of using SSL encryption on my local network, and if I ever decide to access it from outside I'll use nginx as aproxy anyway, and it will handle encryption.

I can't access web ui, so I'd like a solution where I can edit config file. Could not find it in the docs.

Nixellion commented 5 years ago

Oh nevermind, found it. It's enable_https in config.ini

johnnyxmas commented 4 years ago

This is due to the default cert generation using MD5, which is now unsupported for pretty much all implementations / browsers / etc. Likely an easy fix as it's usually just an argument. Probably in lib/certgen.py

johnnyxmas commented 4 years ago

Specifying the supported digest of 'sha256' in certgen.py correctly causes a sha256 key & cert tp be generated, and Headphones launches without error, but browsers now hang during SSL negotiation.