Can't login due to SSL error

Question

Can't login due to SSL error

Rall3n opened this issue a year ago · 6 comments

After what seems to be an update of openssl on my distro (Manjaro), trying to login with 2FA fails with following error message:

2023-12-25 23:53:18.954 +01:00 [ERR] Task failed
System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.)
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
 ---> Interop+Crypto+OpenSslCryptographicException: error:0A00018A:SSL routines::dh key too small
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at XIVLauncher.Common.Game.Launcher.RegisterSession(OauthLoginResult loginResult, DirectoryInfo gamePath, Boolean forceBaseVersion) in C:/goatsoft/xl/XIVLauncher.Common/Game/Launcher.cs:line 420
   at XIVLauncher.Common.Game.Launcher.Login(String userName, String password, String otp, Boolean isSteam, Boolean useCache, DirectoryInfo gamePath, Boolean forceBaseVersion, Boolean isFreeTrial) in C:/goatsoft/xl/XIVLauncher.Common/Game/Launcher.cs:line 205
   at XIVLauncher.Core.Components.MainPage.MainPage.TryLoginToGame(String username, String password, String otp, Boolean isSteam, LoginAction action) in C:/goatsoft/xl/XIVLauncher.Core/Components/MainPage/MainPage.cs:line 260
   at XIVLauncher.Core.Components.MainPage.MainPage.Login(String username, String password, Boolean isOtp, Boolean isSteam, Boolean doingAutoLogin, LoginAction action) in C:/goatsoft/xl/XIVLauncher.Core/Components/MainPage/MainPage.cs:line 198
   at XIVLauncher.Core.Components.MainPage.MainPage.<>c__DisplayClass17_0.<<ProcessLogin>b__0>d.MoveNext() in C:/goatsoft/xl/XIVLauncher.Core/Components/MainPage/MainPage.cs:line 143

openssl version is 3.2.0-1

Answer 1 · 2023-12-26T00:19:11.000Z

I should add the issue occurs on AUR version of launcher, flatpak seems to work without the mentioned issue.

Answer 2 · 2023-12-26T02:55:15.000Z

This is known. It's because Arch and Arch-based distros have finally joined every other major distro in tightening their security to match OpenSSL 3.0 suggestions. (Congrats on catching up with Ubuntu and Fedora!)

I have an update PR for the AUR with a fix to match what we do on other community builds. Centzilius/aur-xivlauncher#10

There's also a script you can find on our Discord server's known_issues channel to make the adjustments for you.

Answer 3 · 2023-12-26T04:42:30.000Z

Here's the script, in case you don't want to join the discord:

#!/bin/bash
echo "Making/remaking openssl_fix.cnf file"
sudo bash -c 'cat > /opt/XIVLauncher/openssl_fix.cnf' << EOF
openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_module

[ ssl_module ]
system_default = crypto_policy

[ crypto_policy ]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=1
EOF
echo "##### /opt/XIVLauncher/openssl_fix.cnf"
sudo cat /opt/XIVLauncher/openssl_fix.cnf
echo "#####"
echo ""

echo "Making/Remaking xivlauncher-core script"
sudo bash -c 'cat > /usr/bin/xivlauncher-core' << EOF
#!/bin/sh
OPENSSL_CONF=/opt/XIVLauncher/openssl_fix.cnf exec /opt/XIVLauncher/XIVLauncher.Core
EOF
sudo chmod +x /usr/bin/xivlauncher-core
echo "##### /usr/bin/xivlauncher-core"
sudo cat /usr/bin/xivlauncher-core
echo "#####"
echo ""

echo "Adjusting .desktop file"
echo "##### /usr/share/applications/XIVLauncher.desktop"
echo "BEFORE:"
cat /usr/share/applications/XIVLauncher.desktop | grep "Exec"
sudo bash -c "sed -i 's/Exec=XIVLauncher.Core/Exec=xivlauncher-core/' /usr/share/applications/XIVLauncher.desktop /usr/share/applications/XIVLauncher.desktop"
echo ""
echo "AFTER: Please verify the Exec line now says xivlauncher-core"
cat /usr/share/applications/XIVLauncher.desktop | grep "Exec"
echo "#####"
echo ""

echo "All steps should be completed. Please check output above."

Answer 4 · 2023-12-28T04:30:46.000Z

Here's the script, in case you don't want to join the discord:

Appreciate this. Should hold over until the PR for the AUR is integrated.

Answer 5 · 2024-01-01T20:44:23.000Z

@reiichi001 Thank you for the answer and the effort for the PR to the aur repo.

The PR has been merged recently and I can confirm it works.
Therefore i will close this issue.