search

zivillian / ism7mqtt

GNU General Public License v3.0
49 stars 8 forks source link

I get an SSL Error with my newly installed System on an Raspi 4 with newest Raspi OS 64 bit #85

Closed gnoby closed 7 months ago

gnoby commented 7 months ago

Hi there!

I had ism7mqtt running on my Raspi System, but it was very old and messy so I decided to setup the system new. The old was still with Raspi OS 32 bit.

Now I set up the System with Raspi OS 64 bit and now I get the following exception when trying to run config or the program with the old parameter.json:

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:0A000152:SSL routines::unsafe legacy renegotiation disabled --- End of inner exception stack trace --- at Interop.OpenSsl.DoSslHandshake(SafeSslHandle , ReadOnlySpan1 , Byte[]& , Int32& ) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials , SafeDeleteSslContext& , ReadOnlySpan1 , Byte[]& , SslAuthenticationOptions ) --- End of inner exception stack trace --- at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter , Boolean , Byte[] , Boolean ) at ism7mqtt.Ism7Client.ConnectAsync(CancellationToken cancellationToken) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7mqtt/ISM7/Ism7Client.cs:line 86 at ism7mqtt.Ism7Client.RunAsync(String password, CancellationToken cancellationToken) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7mqtt/ISM7/Ism7Client.cs:line 50 at ism7mqtt.Program.Main(String[] args) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7mqtt/Program.cs:line 136

So I googled this problem and the solution that is always brought up is to change the openssl.cnf to include TLSv1 and or include UnsafeLegacyRenegotiation

[system_default_sect] MinProtocol = TLSv1 Options = UnsafeLegacyRenegotiation

But this changes nothing in the behaviour.

Maybe anyone here has an idea? I am out of ideas....

gnoby commented 7 months ago

Managed to solve it. It worked with following openssl.conf. openssl_conf = openssl_init

[openssl_init] ssl_conf = ssl_sect

[ssl_sect] system_default = system_default_sect

[system_default_sect]

MinProtocol = TLSv1.0

Options = UnsafeLegacyRenegotiation

CipherString = DEFAULT@SECLEVEL=2 Options = UnsafeLegacyServerConnect

gnoby commented 7 months ago

closed