the current development version of springlobby supports to connect to the lobby server via tls.
would be nice if some people could test it before i release it! :)
To test in springlobby: server->disconnect, server->connect, select TLS... done
requires at least this commit: https://github.com/springlobby/springlo ... 83ab0ffe7d
Implementation details
For the connection openssl is used and only the certificate fingerprint is checked. Thats basicly the same es certificate-pinning.
This check is hardcoded atm, this should be changed soon.
The win32 development build has already tls-support, too.
when tls is used in springlobby.log (currently) this shows up:
Message /home/abma/dev/SpringLobby/src/socket.cpp:282 Certificate fingerprint: 0124dc0f4295b401a2d81ade3dc81b7a467eb9a70b0a4912b5e15fede735fe73
Message /home/abma/dev/SpringLobby/src/socket.cpp:286 Using TLSv1.2
Message /home/abma/dev/SpringLobby/src/socket.cpp:289 Using cipher ECDHE-RSA-AES256-GCM-SHA384
for details see https://github.com/springlobby/springlo ... socket.cpp
STARTTLS example client
This simple client written in python initates the tls connection (but does nothing else):
https://github.com/spring/uberserver/bl ... sclient.py
Note: this is my first tls-server (=uberserver) and client (=SpringLobby), so hopefully i didn't introduce some horrible security hole like others did. Hints are welcome!
TLS support
Moderators: Moderators, Lobby Developers
Re: TLS support
I compiled and started 0.256-32-g07b01a4d6
I found this in the logfile:
I am irritated though: There was chat stuff ("#3 JOIN ..." etc) before the TLS connect.
I found this in the logfile:
Code: Select all
Message /home/dtroeder/git/springlobby/src/tasserver.cpp:1010 sent: #1 STARTTLS
Message /home/dtroeder/git/springlobby/src/socket.cpp:233 Starting TLS...
Message /home/dtroeder/git/springlobby/src/socket.cpp:282 Certificate fingerprint: 0124dc0f4295b401a2d81ade3dc81b7a467eb9a70b0a4912b5e15fede735fe73
Message /home/dtroeder/git/springlobby/src/socket.cpp:285 Using TLSv1.2
Message /home/dtroeder/git/springlobby/src/socket.cpp:288 Using cipher ECDHE-RSA-AES256-GCM-SHA384
Message /home/dtroeder/git/springlobby/src/tasserver.cpp:995 sent: LOGIN ... <password removed>
Re: TLS support
full springlobby.log then please.
StartTLS is sent before login happens. Without beeing logged in JOIN etc. doesn't work. Very likely you disconnected and reconnected.
StartTLS is sent before login happens. Without beeing logged in JOIN etc. doesn't work. Very likely you disconnected and reconnected.
Re: TLS support
Absolutely correctabma wrote:Very likely you disconnected and reconnected.
First connected with old settings, disconnected to get the login dialog, enabled TLS and connected again.
Just tried it out with TLS already enabled and removed the old logfile, and nothing was sent before StartTLS :)
Re: TLS support
weird, tls should be enabled by default after the update. thats a bug then maybe...