search

shadowsocks / shadowsocks-windows

A C# port of shadowsocks
Other
58.47k stars 16.4k forks source link

SIP008 Online configuration update doesn't work with TLS1.3. #3316

Open fernvenue opened 2 years ago

fernvenue commented 2 years ago

Describe the bug

When SIP008 configuration server only allows TLS1.3, shadowsocks-windows fails to establish connection.

Environment

Steps you have tried

After I discovered this issue, I updated the SSL/TLS configuration from my service provider Cloudflare to allow TLS1.2 connections, and then shadowsocks-windows successfully connected to the server.

What did you expect to see?

I think this feature should work with TLS1.3.

What did you see instead?

SIP002 Online configuration update doesn't work with TLS1.3.

Config and error log in detail (with all sensitive info masked)

2022-05-2x xx:xx:xx.xxxx|WARN|Shadowsocks.Controller.ShadowsocksController|System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Shadowsocks.Controller.Service.OnlineConfigResolver.<GetOnline>d__0.MoveNext()
   --- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Shadowsocks.Controller.ShadowsocksController.<UpdateOnlineConfigInternal>d__109.MoveNext()
   --- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Shadowsocks.Controller.ShadowsocksController.<UpdateAllOnlineConfig>d__111.MoveNext()
...
user123321111 commented 2 years ago

.net framework 4.8 doesn't support tls1.3.