TLS will be required for battle hosting

TLS will be required for battle hosting

Discuss development of lobby clients, server, autohosts and auto-download software.

Moderators: Moderators, Lobby Developers

Post Reply
User avatar
Silentwings
Moderator
Posts: 3709
Joined: 25 Oct 2008, 00:23

TLS will be required for battle hosting

Post by Silentwings »

Uberserver will soon require that users/bots hosting battles are connected to the lobbyserver via TLS. Given the way our infra is set up, I think its fair to say that GDPR doesn't actually require this but it does heavily hint that it is preferable. This is currently planned to take effect in ~2 months on June 1st.

I've just forced all battlehosts to reconnect and found that the following hosts are affected:

Code: Select all

2021-04-04 10:17:55 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: nebula2
2021-04-04 10:18:02 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: Metal_Server
2021-04-04 10:18:09 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: [HOPE]Host
2021-04-04 10:18:16 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: s44_dev_host1
2021-04-04 10:18:19 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: Common_Server
2021-04-04 10:18:21 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: [TAP]Autohost2
2021-04-04 10:18:51 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: [TAP]Autohost
2021-04-04 10:18:51 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: notAvault103
2021-04-04 10:18:55 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: nebula1
2021-04-04 10:19:58 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: nebula3 
Afaik these are all running SPADS, which uses TLS by default for a very long time already (https://github.com/Yaribz/SPADS/blob/ma ... GELOG#L833). So, I guess they are running very old versions of SPADS still. Owners of these hosts: please reply/pm to say if anything blocks you from updating, I'm not aware of any such issues.

Ingame UDP connections to the spring engine itself are unaffected. Non-host players are also unaffected, but ofc are recommend to use a lobby client supporting TLS e.g. Springlobby.


update: TLS is now required for battle hosting.
User avatar
bibim
Lobby Developer
Posts: 937
Joined: 06 Dec 2007, 11:12

Re: TLS will be required for battle hosting

Post by bibim »

It seems only the notAvault103 host is using an obsolete version of SPADS (from 2016), which doesn't support TLS.

Other hosts aren't using TLS because I guess they are missing the IO::Socket:SSL Perl module (required by SPADS to enable TLS).

For the record, instructions to install the IO::Socket::SSL Perl module are available here.
raaar
Metal Factions Developer
Posts: 964
Joined: 20 Feb 2010, 12:17

Re: TLS will be required for battle hosting

Post by raaar »

I've installed that perl module and restarted the spads hosts.

old

20210312221517 - NOTICE - [SpringLobbyInterface] Connecting to lobby.springrts.com:8200
20210312221517 - INFO - [SPADS] Lobby server has no default engine set, UnitSync is using Spring 105.0
20210312221517 - INFO - [SPADS] No local LAN IP address found
20210312221517 - INFO - [SPADS] Logged on lobby server


new

20210404130233 - NOTICE - [SpringLobbyInterface] Connecting to lobby.springrts.com:8200
20210404130233 - INFO - [SPADS] Lobby server has no default engine set, UnitSync is using Spring 105.0
20210404130233 - NOTICE - [SpringLobbyInterface] TLS enabled (TLSv1_3,TLS_AES_256_GCM_SHA384)
20210404130233 - INFO - [SPADS] No local LAN IP address found
20210404130234 - INFO - [SPADS] Logged on lobby server


apparently it's working. Thanks.
User avatar
PicassoCT
Journeywar Developer & Mapper
Posts: 10408
Joined: 24 Jan 2006, 21:12

Re: TLS will be required for battle hosting

Post by PicassoCT »

Sorry, does not work for me.
Downloaded springlobby newest, tryied to host a game.

Code: Select all

Engine 105.0
Nat-Traversal: None
Game: $MOSAIC
Springlobby Version: 0.271-13-g1200ba007
Error Message:

Code: Select all

[16:05:18] ** Server ** A TLS connection is required to host battles. Please upgrade your client.
User avatar
Silentwings
Moderator
Posts: 3709
Joined: 25 Oct 2008, 00:23

Re: TLS will be required for battle hosting

Post by Silentwings »

Without more info (like a username, SL logs) I can't help - I can host battles and I don't even have the latest SL.
User avatar
PicassoCT
Journeywar Developer & Mapper
Posts: 10408
Joined: 24 Jan 2006, 21:12

Re: TLS will be required for battle hosting

Post by PicassoCT »

Silentwings wrote: 14 Jun 2021, 22:49 Without more info (like a username, SL logs) I can't help - I can host battles and I don't even have the latest SL.
Were do i post these logs usually if i need advice?
Attachments
20210615_092113-springlobby.log
(50.93 KiB) Downloaded 2 times
User avatar
Silentwings
Moderator
Posts: 3709
Joined: 25 Oct 2008, 00:23

Re: TLS will be required for battle hosting

Post by Silentwings »

From server logs:

Code: Select all

2021-06-14 23:48:06 INFO  Protocol._checkCompat:257  [14161] <Picassore> client "SpringLobby 0.271-13-g1200ba007 (linux64)" logged in without TLS
You're logging in without TLS. If you look in the server panel when you login, you'll see a warning message there.

Afaik these days SL actually forces TLS, so I wonder if there is a (maybe hidden?) SL setting to disable it that you've set at some point in the past, in which case check your "Config dir: /home/picasso/.springlobby/". Failing that, you'll have to report a bug to https://github.com/springlobby/springlobby. Or if its self compiled, you may have to check that you have the right libs available.
User avatar
PicassoCT
Journeywar Developer & Mapper
Posts: 10408
Joined: 24 Jan 2006, 21:12

Re: TLS will be required for battle hosting

Post by PicassoCT »

Thank you silent wings - i will look into it
User avatar
PicassoCT
Journeywar Developer & Mapper
Posts: 10408
Joined: 24 Jan 2006, 21:12

Re: TLS will be required for battle hosting

Post by PicassoCT »

Silentwings wrote: 15 Apr 2020, 08:51 Accounts that don't accept the user agreement (which you will not be able to do without entering the correct verification code) are automatically deleted after 1 week.

If you try to login with your new account, you may still be able to verify it - 3 attempts are allowed.
So i looked into this. Opened the TLS ports in the firewall, just in case.

Tried to register a new account on my email, but never received the confirmation email.
If a system does not work, allow rollback to pre-tls?


edit:
So i found a solution. Turns out my system-libraries were outdated
If you build springlobby yourself, make sure to adhere to every warning cmake is throwing.
Get all libraries to the newest level.
In my case it was openssl.
Rebuild and it checks into the the server correctly.
The error message is worse then useless.
Post Reply

Return to “Lobby Clients & Server”