unsafe legacy renegotiation disabled
Closed this issue · 4 comments
Hi,
after starting ism7config I receive the following error:
` ./ism7config -i 192.168.178.46 -p xxxxxxxx
2023-12-15 21:03:39.9147|INFO|LuCon.WebPortal.StandaloneService.NetworkConnector|Try IP-resolve for host:192.168.178.46
2023-12-15 21:03:39.9686|INFO|LuCon.WebPortal.StandaloneService.NetworkConnector|Try connect destination server -> 192.168.178.46:9092, Timeout:60000 ms
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
---> Interop+Crypto+OpenSslCryptographicException: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
--- End of inner exception stack trace ---
at Interop.OpenSsl.DoSslHandshake(SafeSslHandle , ReadOnlySpan1 , Byte[]& , Int32& ) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials , SafeDeleteSslContext& , ReadOnlySpan
1 , Byte[]& , SslAuthenticationOptions )
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter , Boolean , Byte[] , Boolean )
at ism7config.XplatStreamHandler.GetStream(TcpClient tcpClient, Int32 port) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7config/XplatStreamHandler.cs:line 44
2023-12-15 21:03:40.3291|ERROR|LuCon.WebPortal.StandaloneService.NetworkConnector|DoConnect
Unhandled exception. LuCon.Common.Declarations.BusinessServiceException: Die Verbindung zur Anlage kann nicht hergestellt werden. Aktualisieren Sie die Anlagenliste und versuchen Sie es nochmal.
at LuCon.WebPortal.StandaloneService.NetworkConnector.DoConnect(String server, IPAddress localIp, Int32 port, String password, IStreamHandler streamHandler)
at ism7config.Program.Main(String[] args) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7config/Program.cs:line 120
at ism7config.Program.
Aborted (core dumped)
`
I tried this:
sudo apt install --reinstall ca-certificates
I found a threat where the same error message was discussed.
Add "Options = UnsafeLegacyServerConnect"
https://stackoverflow.com/questions/75763525/curl-35-error0a000152ssl-routinesunsafe-legacy-renegotiation-disabled
.
.
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=2
Options = UnsafeLegacyServerConnect
I rebooted the node. Error still exists.
I use a VM under Proxmox.
Environment
Static hostname: flosk
Icon name: computer-vm
Chassis: vm
Machine ID: 795096b001324a80b2bed38c3c0c6eab
Boot ID: 73abe18c51b94757a74edcf58df2f2fb
Virtualization: kvm
Operating System: Ubuntu 22.04.3 LTS
Kernel: Linux 5.15.0-91-generic
Architecture: x86-64
Hardware Vendor: QEMU
Hardware Model: Standard PC i440FX + PIIX, 1996
I found a workaround under openssl/openssl#21296
the required openssl.cnf is also part of this repo
right, a usage hint in the readme will be helpful :-)
Wenn du willst, kannst du meine Doku übernehmen. Siehe Link ganz am Ende.