Opened 13 months ago

Last modified 6 weeks ago

#6783 new defect

Use of TLS v1.3 for lobby connections broken

Reported by: Dunedan Owned by:
Priority: Should Have Milestone: Alpha 27
Component: Multiplayer lobby Keywords:
Cc: Dunedan Patch:

Description

gloox started supporting TLS v1.3 a few weeks ago with version 1.0.25. However, using TLS v1.3 doesn't work when using gloox >= 1.0.25 with 0.A.D. when trying to connect to a lobby server which has TLS v1.3 enabled. In this case 0.A.D. simply fails to connect with a "Stream error" message after a while.

We noticed this problem after we did a lobby migration and had TLS v1.3 enabled afterwards, as users using the Flatpak version of 0.A.D. (https://flathub.org/apps/details/com.play0ad.zeroad, which uses gloox 1.0.26 at the time of writing) weren't able to connect. Since then we've disabled TLS v1.3 for the lobby server again, which results in such users being able to connect again (with TLS v1.2). As the official lobby doesn't support TLS v1.3 because of that, it can't be used to reproduce the bug. However, reproducing it is possible with the virtual machine powered by Vagrant provided by https://github.com/0ad/lobby-infrastructure/ repository by manually removing the "no_tlsv1_3" TLS option in the ejabberd config (https://github.com/0ad/lobby-infrastructure/blob/3718ad9765e4c5ba21113da50deab8f05c00b08d/roles/ejabberd/templates/ejabberd.yml.j2#L52).

When 0.A.D. encounters this problem nothing gets logged in its logs. The relevant parts getting logged by ejabberd on server side can be found in the log file attached to this issue.

I did already test using gloox 1.0.26 compiled with GnuTLS to connect to ejabberd with TLS v1.3 enabled by using one of the example scripts provided by gloox and that succeeds, which leads me to believe that this bug might be caused my certain implementation details of 0.A.D.

Attachments (1)

ejabberd-log-0ad-with-tlsv13.txt (6.0 KB ) - added by Dunedan 13 months ago.

Download all attachments as: .zip

Change History (5)

by Dunedan, 13 months ago

Attachment: ejabberd-log-0ad-with-tlsv13.txt added

comment:1 by Langbart, 13 months ago

Milestone: Backlog

IRC 0ad-dev 6/Jan/20 

19:25 < elexis> ... no closed tickets on Backlog (and no open tickets without milestone)

comment:2 by Dunedan, 11 months ago

Milestone: BacklogAlpha 27

comment:3 by phosit, 7 weeks ago

I did already test using gloox 1.0.26 [...] and that succeeds

Doesn't that indicate that there is a problem in gloox 1.0.25?

in reply to:  3 comment:4 by Dunedan, 6 weeks ago

Replying to phosit:

Doesn't that indicate that there is a problem in gloox 1.0.25?

Not necessarily, as I didn't test with Pyrogenesis, but with one of the gloox sample scripts. Additional investigation is needed to figure out what's the reason for TLSv1.3 not working right now.

Note: See TracTickets for help on using tickets.