Spring RTS Engine

Posted: **04 Apr 2021, 10:53**

Uberserver will soon require that users/bots hosting battles are connected to the lobbyserver via TLS. Given the way our infra is set up, I think its fair to say that GDPR doesn't actually require this but it does heavily hint that it is preferable. This is currently planned to take effect in ~2 months on June 1st.

I've just forced all battlehosts to reconnect and found that the following hosts are affected:

Code: Select all

2021-04-04 10:17:55 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: nebula2
2021-04-04 10:18:02 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: Metal_Server
2021-04-04 10:18:09 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: [HOPE]Host
2021-04-04 10:18:16 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: s44_dev_host1
2021-04-04 10:18:19 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: Common_Server
2021-04-04 10:18:21 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: [TAP]Autohost2
2021-04-04 10:18:51 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: [TAP]Autohost
2021-04-04 10:18:51 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: notAvault103
2021-04-04 10:18:55 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: nebula1
2021-04-04 10:19:58 INFO  Protocol.in_OPENBATTLE:1774  Battlehost not using TLS: nebula3

Afaik these are all running SPADS, which uses TLS by default for a very long time already (https://github.com/Yaribz/SPADS/blob/ma ... GELOG#L833). So, I guess they are running very old versions of SPADS still. Owners of these hosts: please reply/pm to say if anything blocks you from updating, I'm not aware of any such issues.

Ingame UDP connections to the spring engine itself are unaffected. Non-host players are also unaffected, but ofc are recommend to use a lobby client supporting TLS e.g. Springlobby.

update: TLS is now required for battle hosting.

Posted: **04 Apr 2021, 11:35**

It seems only the notAvault103 host is using an obsolete version of SPADS (from 2016), which doesn't support TLS.

Other hosts aren't using TLS because I guess they are missing the IO::Socket:SSL Perl module (required by SPADS to enable TLS).

For the record, instructions to install the IO::Socket::SSL Perl module are available here.

Posted: **04 Apr 2021, 15:08**

I've installed that perl module and restarted the spads hosts.

old

20210312221517 - NOTICE - [SpringLobbyInterface] Connecting to lobby.springrts.com:8200
20210312221517 - INFO - [SPADS] Lobby server has no default engine set, UnitSync is using Spring 105.0
20210312221517 - INFO - [SPADS] No local LAN IP address found
20210312221517 - INFO - [SPADS] Logged on lobby server

new

20210404130233 - NOTICE - [SpringLobbyInterface] Connecting to lobby.springrts.com:8200
20210404130233 - INFO - [SPADS] Lobby server has no default engine set, UnitSync is using Spring 105.0
20210404130233 - NOTICE - [SpringLobbyInterface] TLS enabled (TLSv1_3,TLS_AES_256_GCM_SHA384)
20210404130233 - INFO - [SPADS] No local LAN IP address found
20210404130234 - INFO - [SPADS] Logged on lobby server

apparently it's working. Thanks.

Posted: **14 Jun 2021, 16:06**

Sorry, does not work for me.
Downloaded springlobby newest, tryied to host a game.

Code: Select all

Engine 105.0
Nat-Traversal: None
Game: $MOSAIC
Springlobby Version: 0.271-13-g1200ba007

Error Message:

Code: Select all

[16:05:18] ** Server ** A TLS connection is required to host battles. Please upgrade your client.

Posted: **14 Jun 2021, 22:49**

Without more info (like a username, SL logs) I can't help - I can host battles and I don't even have the latest SL.

Posted: **15 Jun 2021, 09:25**

Silentwings wrote: ↑14 Jun 2021, 22:49 Without more info (like a username, SL logs) I can't help - I can host battles and I don't even have the latest SL.

Were do i post these logs usually if i need advice?

Posted: **15 Jun 2021, 14:35**

From server logs:

Code: Select all

2021-06-14 23:48:06 INFO  Protocol._checkCompat:257  [14161] <Picassore> client "SpringLobby 0.271-13-g1200ba007 (linux64)" logged in without TLS

You're logging in without TLS. If you look in the server panel when you login, you'll see a warning message there.

Afaik these days SL actually forces TLS, so I wonder if there is a (maybe hidden?) SL setting to disable it that you've set at some point in the past, in which case check your "Config dir: /home/picasso/.springlobby/". Failing that, you'll have to report a bug to https://github.com/springlobby/springlobby. Or if its self compiled, you may have to check that you have the right libs available.

Posted: **16 Jun 2021, 00:35**

Thank you silent wings - i will look into it

Posted: **20 Jun 2021, 12:51**

Silentwings wrote: ↑15 Apr 2020, 08:51 Accounts that don't accept the user agreement (which you will not be able to do without entering the correct verification code) are automatically deleted after 1 week.

If you try to login with your new account, you may still be able to verify it - 3 attempts are allowed.

So i looked into this. Opened the TLS ports in the firewall, just in case.

Tried to register a new account on my email, but never received the confirmation email.
If a system does not work, allow rollback to pre-tls?

edit:
So i found a solution. Turns out my system-libraries were outdated
If you build springlobby yourself, make sure to adhere to every warning cmake is throwing.
Get all libraries to the newest level.
In my case it was openssl.
Rebuild and it checks into the the server correctly.
The error message is worse then useless.

Spring RTS Engine

TLS will be required for battle hosting

TLS will be required for battle hosting

Re: TLS will be required for battle hosting

Re: TLS will be required for battle hosting

Re: TLS will be required for battle hosting

Re: TLS will be required for battle hosting

Re: TLS will be required for battle hosting

Re: TLS will be required for battle hosting

Re: TLS will be required for battle hosting

Re: TLS will be required for battle hosting