VH Client 5.0.7 and SSL server

Submitted by phipill on #1

Hello,

We recently went from VH client 4.6.7 to 5.0.7, and lost the ability to connect to SSL-ed VH servers (connection to non-SSL-ed VH servers is okay).
Rolling back to VH client 4.6.7 solved this access problem.

Server (linux-backed) is either 4.1.6 or 4.2.0, same problem.

Server-side, logs say :

Error -0x0050 during SSL handshake, NET - Connection was reset by peer

Client-side (when using 5.0.7), we have :
Error -0x6800 during SSL handshake when connecting to target:7574, SSL - The operation timed out

Any idea as to how solve the problem ?

Tia.

Submitted by Michael on Tue, 2020/09/29 - 09:08

#2

Between 4.6.7 and the latest version there was some bug fixes that tightened up the ssl verification when negotiating the connection.

In the client you must specify the certificate authority file (in USB Hubs->Advanced Settings->SSL). Double check you have done that

Also can you post your server config.ini file and your client file c:\users\username\appdata\roaming\vhui.ini file and ill take a look

(You can remove things identifiying things like ip addresses etc in there)

Submitted by phipill on Tue, 2020/10/27 - 05:53

#3

Here is the server's config file :

It=numbers
License=license value
sslCert=/etc/VirtualHere/pivh.pem
UseAVAHI=0
EasyFindId=lots of chars
EasyFindPin=fewer chars
ServerName=Our VH server
IgnoredDevices=424/ec00,5dc/a833

And the client one :

AutoRefreshLookupPeriod=30
[General]
AdminMode=0
HideMenuItems=
MainFrameWidth=584
MainFrameHeight=631
AutoFind=0
ReverseLookup=0
AutoMinimize=0
SSLClientCert=
SSLPort=7574
AutoRefreshLookupPeriod=30
Language=EN-US
QualifyByHostname=0
SetAddressInstanceId=0
QualifyByName=0
QualifyByInterface=0
AutoUseDelaySec=0
RetryAutoUseDelaySec=2
BonjourLookupTimeout=4
BonjourResolverTimeout=2
SSLCAFile=C:\\Users\\UserName\\Documents\\ACServices.pem
[Settings]
ManualHubs=list of hubs
[Transport]
CompressionLimit=384
PingInterval=3
PingTimeout=10
HighCompressionLimit=16384
EasyFindId=lots of letters
EasyFindPin=fewer letters
[AutoShare]
All=0

The CA File (ACServices.pem above) is a single certificate, not a chained one (no certificate chain up to the root AC). Could this be the problem ?

Submitted by Michael on Tue, 2020/10/27 - 11:42

#4

If possible would you be able to email me those pem files and ill test on my system here? mail [at] virtualhere.com (mail[at]virtualhere[dot]com)

Submitted by phipill on Mon, 2021/02/01 - 19:19

#5

Hello,
Server is 4.2.4 on a PI2, client 5.1.4 on W10. Everything is up to date.

Same config files as previously, and the errors are the same. Client and server are on our local network.

Server-side :
Error -0x0050 during SSL handshake, NET - Connection was reset by peer

Client-side :
Error -0x6800 during SSL handshake when connecting to target:7574, SSL - The operation timed out

Submitted by Michael on Mon, 2021/02/01 - 21:18

#6

Looking back through our emails it ended up being a network latency issue. VirtualHere was waiting 1000ms for the SSL to negotiate and sometimes your latency > 1000ms and it was timing out. So i bumped the timeout period to 5000ms and that fixed this issue.

Everything was running OK on server 4.2.0 and now you've update to 4.2.4 and the issue is back again?

What is your latency like?

Submitted by phipill on Tue, 2021/02/02 - 05:25

#7

No, we had the same config as previously. The updates (client and server) were made « just in case » it could solve the problem.
But it's not latency-related, nor network related.

We are using a Raspberrypi 2. For some reasons, the machine was recently reconfigured on a « powersave » cpu state, running at 600 MHz. That seems to be slow enough for a client-side timeout to be triggered. We rebooted the Rasp into its « performance » cpu state (900 MHz), and the server was again seen by its clients.

So nothing (really) to do with VHere.

Submitted by Michael on Tue, 2021/02/02 - 07:38

#8

OK thats interesting