search

zivillian / ism7mqtt

GNU General Public License v3.0
49 stars 8 forks source link

unsafe legacy renegotiation disabled #88

Closed Klaus-Lucas closed 6 months ago

Klaus-Lucas commented 6 months ago

Hi,

after starting ism7config I receive the following error: ` ./ism7config -i 192.168.178.46 -p xxxxxxxx

2023-12-15 21:03:39.9147|INFO|LuCon.WebPortal.StandaloneService.NetworkConnector|Try IP-resolve for host:192.168.178.46 2023-12-15 21:03:39.9686|INFO|LuCon.WebPortal.StandaloneService.NetworkConnector|Try connect destination server -> 192.168.178.46:9092, Timeout:60000 ms System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:0A000152:SSL routines::unsafe legacy renegotiation disabled --- End of inner exception stack trace --- at Interop.OpenSsl.DoSslHandshake(SafeSslHandle , ReadOnlySpan1 , Byte[]& , Int32& ) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials , SafeDeleteSslContext& , ReadOnlySpan1 , Byte[]& , SslAuthenticationOptions ) --- End of inner exception stack trace --- at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter , Boolean , Byte[] , Boolean ) at ism7config.XplatStreamHandler.GetStream(TcpClient tcpClient, Int32 port) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7config/XplatStreamHandler.cs:line 44 2023-12-15 21:03:40.3291|ERROR|LuCon.WebPortal.StandaloneService.NetworkConnector|DoConnect Unhandled exception. LuCon.Common.Declarations.BusinessServiceException: Die Verbindung zur Anlage kann nicht hergestellt werden. Aktualisieren Sie die Anlagenliste und versuchen Sie es nochmal. at LuCon.WebPortal.StandaloneService.NetworkConnector.DoConnect(String server, IPAddress localIp, Int32 port, String password, IStreamHandler streamHandler) at ism7config.Program.Main(String[] args) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7config/Program.cs:line 120 at ism7config.Program.

(String[] args) Aborted (core dumped) `

I tried this: sudo apt install --reinstall ca-certificates

I found a threat where the same error message was discussed. Add "Options = UnsafeLegacyServerConnect" https://stackoverflow.com/questions/75763525/curl-35-error0a000152ssl-routinesunsafe-legacy-renegotiation-disabled

. . [ssl_sect] system_default = system_default_sect

[system_default_sect] CipherString = DEFAULT:@SECLEVEL=2 Options = UnsafeLegacyServerConnect

I rebooted the node. Error still exists. I use a VM under Proxmox.

Environment Static hostname: flosk Icon name: computer-vm Chassis: vm Machine ID: 795096b001324a80b2bed38c3c0c6eab Boot ID: 73abe18c51b94757a74edcf58df2f2fb Virtualization: kvm Operating System: Ubuntu 22.04.3 LTS Kernel: Linux 5.15.0-91-generic Architecture: x86-64 Hardware Vendor: QEMU Hardware Model: Standard PC i440FX + PIIX, 1996

Klaus-Lucas commented 6 months ago

I found a workaround under https://github.com/openssl/openssl/issues/21296

zivillian commented 6 months ago

the required openssl.cnf is also part of this repo

Klaus-Lucas commented 6 months ago

right, a usage hint in the readme will be helpful :-)

Klaus-Lucas commented 6 months ago

Wenn du willst, kannst du meine Doku übernehmen. Siehe Link ganz am Ende.