TLS support

TLS support

Moderators: Moderators, Lobby Developers

Post Reply
abma
Spring Developer
Posts: 3798
Joined: 01 Jun 2009, 00:08

TLS support

Post by abma »

the current development version of springlobby supports to connect to the lobby server via tls.

would be nice if some people could test it before i release it! :)

To test in springlobby: server->disconnect, server->connect, select TLS... done :-)

requires at least this commit: https://github.com/springlobby/springlo ... 83ab0ffe7d
screenshot.png
screenshot.png (24.2 KiB) Viewed 5973 times
Implementation details
For the connection openssl is used and only the certificate fingerprint is checked. Thats basicly the same es certificate-pinning.
This check is hardcoded atm, this should be changed soon.

The win32 development build has already tls-support, too.

when tls is used in springlobby.log (currently) this shows up:

Message /home/abma/dev/SpringLobby/src/socket.cpp:282 Certificate fingerprint: 0124dc0f4295b401a2d81ade3dc81b7a467eb9a70b0a4912b5e15fede735fe73
Message /home/abma/dev/SpringLobby/src/socket.cpp:286 Using TLSv1.2
Message /home/abma/dev/SpringLobby/src/socket.cpp:289 Using cipher ECDHE-RSA-AES256-GCM-SHA384

for details see https://github.com/springlobby/springlo ... socket.cpp


STARTTLS example client
This simple client written in python initates the tls connection (but does nothing else):

https://github.com/spring/uberserver/bl ... sclient.py

Note: this is my first tls-server (=uberserver) and client (=SpringLobby), so hopefully i didn't introduce some horrible security hole like others did. Hints are welcome! :wink:
dansan
Server Owner & Developer
Posts: 1203
Joined: 29 May 2010, 23:40

Re: TLS support

Post by dansan »

I compiled and started 0.256-32-g07b01a4d6

I found this in the logfile:

Code: Select all

Message  /home/dtroeder/git/springlobby/src/tasserver.cpp:1010 sent: #1 STARTTLS
Message  /home/dtroeder/git/springlobby/src/socket.cpp:233 Starting TLS...
Message  /home/dtroeder/git/springlobby/src/socket.cpp:282 Certificate fingerprint: 0124dc0f4295b401a2d81ade3dc81b7a467eb9a70b0a4912b5e15fede735fe73
Message  /home/dtroeder/git/springlobby/src/socket.cpp:285 Using TLSv1.2
Message  /home/dtroeder/git/springlobby/src/socket.cpp:288 Using cipher ECDHE-RSA-AES256-GCM-SHA384
Message  /home/dtroeder/git/springlobby/src/tasserver.cpp:995 sent: LOGIN ... <password removed>
I am irritated though: There was chat stuff ("#3 JOIN ..." etc) before the TLS connect.
abma
Spring Developer
Posts: 3798
Joined: 01 Jun 2009, 00:08

Re: TLS support

Post by abma »

full springlobby.log then please.

StartTLS is sent before login happens. Without beeing logged in JOIN etc. doesn't work. Very likely you disconnected and reconnected.
dansan
Server Owner & Developer
Posts: 1203
Joined: 29 May 2010, 23:40

Re: TLS support

Post by dansan »

abma wrote:Very likely you disconnected and reconnected.
Absolutely correct :oops:
First connected with old settings, disconnected to get the login dialog, enabled TLS and connected again.
Just tried it out with TLS already enabled and removed the old logfile, and nothing was sent before StartTLS :)
abma
Spring Developer
Posts: 3798
Joined: 01 Jun 2009, 00:08

Re: TLS support

Post by abma »

weird, tls should be enabled by default after the update. thats a bug then maybe...
Post Reply

Return to “SpringLobby Client”