search

sampsyo / wideq

reverse-engineered client for the LG SmartThinQ API
https://pypi.org/project/wideq/
MIT License
326 stars 160 forks source link

bad ssl #104

Open RoelWeening opened 4 years ago

RoelWeening commented 4 years ago

when executing

python3 example.py -c NL -l en-US Log in here: https://us.m.lgaccount.com/login/sign_in?country=NL&language=en-US&svcCode=SVC202&authSvr=oauth2&client_id=LGAO221A02&division=ha&grant_type=password Then paste the URL where the browser is redirected: https://us.m.lgaccount.com/login/iabClose?access_token=1234&refresh_token=1234&oauth2_backend_url=https://gb.lgeapi.com/ Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 488, in wrap_socket cnx.do_handshake() File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1915, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error _raise_current_error() File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors)

requests.exceptions.SSLError: HTTPSConnectionPool(host='aic.lgthinq.com', port=46030): Max retries exceeded with url: /api/member/login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl_choose_client_version', 'unsupported protocol')])")))

town3r commented 4 years ago

Getting a very similar error:

wideq auth -c US -l en-US

Log in here: https://us.m.lgaccount.com/login/sign_in?country=US&language=en-US&svcCode=SVC202&authSvr=oauth2&client_id=LGAO221A02&division=ha&grant_type=password

Then paste the URL where the browser is redirected:

https://us.m.lgaccount.com/login/iabClose?access_token=1234&refresh_token=1234&oauth2_backend_url=https://us.lgeapi.com/

Get the following error:

(node:9719) UnhandledPromiseRejectionWarning: Error: write EPROTO 3070035152:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1942:

at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:92:16)

(node:9719) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag —unhandled-rejections=strict (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)

(node:9719) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

pifou25 commented 4 years ago

I had several SSL errors, this one and also another ( DH key too small ) on debian 10 buster, seems related to this OS. I added this proc to fix the TLS version and other SSL context: https://gist.github.com/pifou25/dff5f64979d4d07bd1a05c310e35c792

RoelWeening commented 4 years ago

Thanks, but how should I implement it? I've installed Debian buster. I'm now receiving the DH to small ( damm you LG ) I've tried to copy paste into example.py

[image: afbeelding.png]

Grt, Roel

Op zo 19 jul. 2020 om 11:12 schreef pifou25 notifications@github.com:

I had several SSL errors, this one and also another ( DH key too small ) on debian 10 buster, seems related to this OS. I added this proc to fix the TLS version and other SSL context: https://gist.github.com/pifou25/dff5f64979d4d07bd1a05c310e35c792

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sampsyo/wideq/issues/104#issuecomment-660613978, or unsubscribe https://github.com/notifications/unsubscribe-auth/AP4DQXPZMJDCIRBCSXYN64DR4K2JJANCNFSM4N2WJGBA .

-- Met vriendelijk groet, Roel Weening

pifou25 commented 4 years ago

just add the last line in the correct proc, usually def main():

  # call for init with only TLSv1
  context = _build_ssl_context( 'TLSv1', 'TLSv1')

(i dont see your posted image)

RoelWeening commented 4 years ago

Hi,

I've tried a few things. First : I've searched in " https://github.com/sampsyo/wideq/blob/master/example.py" for "main" and found 1 def main () I've added the line " context = _build_ssl_context( 'TLSv1', 'TLSv1') " on line number 254. in a second attempt also tried to put it on line 250.

Both without success, so I thought copy and paste the whole code ( troubleshooting for dummies) and paste it on line 254 and second attempt on line 250. Also both attempts without success.

grt

Op wo 12 aug. 2020 om 18:34 schreef pifou25 notifications@github.com:

just add the last line in the correct proc, usually def main(): call for init with only TLSv1

context = _build_ssl_context( 'TLSv1', 'TLSv1')

(i dont see your posted image)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sampsyo/wideq/issues/104#issuecomment-672982062, or unsubscribe https://github.com/notifications/unsubscribe-auth/AP4DQXOYNBDCWJ6TR5SZTFTSALAAHANCNFSM4N2WJGBA .

-- Met vriendelijk groet, Roel Weening

Flip76 commented 4 years ago

You can try to edit your openssl.cnf (on debian usually it is /etc/ssl/openssl.cnf). Search for:

[system_default_sect] MinProtocol = TLSv1.2 CipherString = DEFAULT@SECLEVEL=2

Replace CipherString = DEFAULT@SECLEVEL=2

by CipherString = DEFAULT@SECLEVEL=1

But please be in mind that this might be a security risk...