Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bad ssl #104

Open
RoelWeening opened this issue Jun 10, 2020 · 6 comments
Open

bad ssl #104

RoelWeening opened this issue Jun 10, 2020 · 6 comments

Comments

@RoelWeening
Copy link

when executing

python3 example.py -c NL -l en-US
Log in here:
https://us.m.lgaccount.com/login/sign_in?country=NL&language=en-US&svcCode=SVC202&authSvr=oauth2&client_id=LGAO221A02&division=ha&grant_type=password
Then paste the URL where the browser is redirected:
https://us.m.lgaccount.com/login/iabClose?access_token=1234&refresh_token=1234&oauth2_backend_url=https://gb.lgeapi.com/
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 488, in wrap_socket
cnx.do_handshake()
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1915, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error
_raise_current_error()
File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)

requests.exceptions.SSLError: HTTPSConnectionPool(host='aic.lgthinq.com', port=46030): Max retries exceeded with url: /api/member/login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl_choose_client_version', 'unsupported protocol')])")))

@town3r
Copy link

town3r commented Jun 26, 2020

Getting a very similar error:

wideq auth -c US -l en-US

Log in here: https://us.m.lgaccount.com/login/sign_in?country=US&language=en-US&svcCode=SVC202&authSvr=oauth2&client_id=LGAO221A02&division=ha&grant_type=password

Then paste the URL where the browser is redirected:

https://us.m.lgaccount.com/login/iabClose?access_token=1234&refresh_token=1234&oauth2_backend_url=https://us.lgeapi.com/

Get the following error:

(node:9719) UnhandledPromiseRejectionWarning: Error: write EPROTO 3070035152:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1942:

at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:92:16)

(node:9719) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag —unhandled-rejections=strict (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)

(node:9719) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

@pifou25
Copy link
Contributor

pifou25 commented Jul 19, 2020

I had several SSL errors, this one and also another ( DH key too small ) on debian 10 buster, seems related to this OS. I added this proc to fix the TLS version and other SSL context:
https://gist.github.com/pifou25/dff5f64979d4d07bd1a05c310e35c792

@RoelWeening
Copy link
Author

RoelWeening commented Jul 31, 2020 via email

@pifou25
Copy link
Contributor

pifou25 commented Aug 12, 2020

just add the last line in the correct proc, usually def main():

  # call for init with only TLSv1
  context = _build_ssl_context( 'TLSv1', 'TLSv1')

(i dont see your posted image)

@RoelWeening
Copy link
Author

RoelWeening commented Aug 19, 2020 via email

@Flip76
Copy link

Flip76 commented Sep 10, 2020

You can try to edit your openssl.cnf (on debian usually it is /etc/ssl/openssl.cnf). Search for:

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

Replace
CipherString = DEFAULT@SECLEVEL=2

by
CipherString = DEFAULT@SECLEVEL=1

But please be in mind that this might be a security risk...

@pifou25 pifou25 mentioned this issue Oct 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants