Opened 13 months ago
Last modified 6 weeks ago
#6783 new defect
Use of TLS v1.3 for lobby connections broken
Reported by: | Dunedan | Owned by: | |
---|---|---|---|
Priority: | Should Have | Milestone: | Alpha 27 |
Component: | Multiplayer lobby | Keywords: | |
Cc: | Dunedan | Patch: |
Description
gloox started supporting TLS v1.3 a few weeks ago with version 1.0.25. However, using TLS v1.3 doesn't work when using gloox >= 1.0.25 with 0.A.D. when trying to connect to a lobby server which has TLS v1.3 enabled. In this case 0.A.D. simply fails to connect with a "Stream error" message after a while.
We noticed this problem after we did a lobby migration and had TLS v1.3 enabled afterwards, as users using the Flatpak version of 0.A.D. (https://flathub.org/apps/details/com.play0ad.zeroad, which uses gloox 1.0.26 at the time of writing) weren't able to connect. Since then we've disabled TLS v1.3 for the lobby server again, which results in such users being able to connect again (with TLS v1.2). As the official lobby doesn't support TLS v1.3 because of that, it can't be used to reproduce the bug. However, reproducing it is possible with the virtual machine powered by Vagrant provided by https://github.com/0ad/lobby-infrastructure/ repository by manually removing the "no_tlsv1_3" TLS option in the ejabberd config (https://github.com/0ad/lobby-infrastructure/blob/3718ad9765e4c5ba21113da50deab8f05c00b08d/roles/ejabberd/templates/ejabberd.yml.j2#L52).
When 0.A.D. encounters this problem nothing gets logged in its logs. The relevant parts getting logged by ejabberd on server side can be found in the log file attached to this issue.
I did already test using gloox 1.0.26 compiled with GnuTLS to connect to ejabberd with TLS v1.3 enabled by using one of the example scripts provided by gloox and that succeeds, which leads me to believe that this bug might be caused my certain implementation details of 0.A.D.
Attachments (1)
Change History (5)
by , 13 months ago
Attachment: | ejabberd-log-0ad-with-tlsv13.txt added |
---|
comment:1 by , 13 months ago
Milestone: | → Backlog |
---|
comment:2 by , 11 months ago
Milestone: | Backlog → Alpha 27 |
---|
follow-up: 4 comment:3 by , 7 weeks ago
I did already test using gloox 1.0.26 [...] and that succeeds
Doesn't that indicate that there is a problem in gloox 1.0.25?
comment:4 by , 6 weeks ago
Replying to phosit:
Doesn't that indicate that there is a problem in gloox 1.0.25?
Not necessarily, as I didn't test with Pyrogenesis, but with one of the gloox sample scripts. Additional investigation is needed to figure out what's the reason for TLSv1.3 not working right now.
IRC 0ad-dev 6/Jan/20