Multiplayer: "The server's certificate could not be verified or the TLS handshake did not complete successfully"

[JJR]

Hi! 

The connection to the multiplayer lobby today is not working, the following message has been shown "The server's certificate could not be verified or the TLS handshake did not complete successfully". I would like to know how to solve it. 

Thanks in advance.

Regards, 

JJ

[maroder]

Hey there,

You can try to disable the TLS encryption in this case. See here:

https://trac.wildfiregames.com/attachment/wiki/FAQ/lobby_tls.jpg

 

[jalalu]

Hi all

I have the exact same error:

"The server's certificate could not be verified or the TLS handshake did not complete successfully"

It occurs when trying to open the multiplayer lobby.

I discovered that while I get this error, there is a window in the background asking me to insert my "smart card device".

I do have a "smart card device" that I use for other things, but nothing to do with 0ad. But if I click cancel, the screen becomes black (if I am in full screen) or I get the error (if I am in windowed mode).

Nothing about this appears in mainlog.html

[Silier]

Refs: https://trac.wildfiregames.com/ticket/5396

[jalalu]

2 hours ago, Silier said:

Refs: https://trac.wildfiregames.com/ticket/5396

Thanks! Indeed, that's exactly my issue. But I have a different smartcard.

I'm trying to register in the bug reporting tool, but I don't receive the confirmation e-mail.

I see that in the ticket somebody says that it's not possible to reproduce it. In my case, the issue occurs always, even if the smartcard is not present. I assume that it might be possible to reproduce it just by installing the smartcard software that can be downloaded from here (first link): https://www.sede.fnmt.gob.es/en/descargas/descarga-software

Unfortunately, I don't have any spare computer to test if it's reproducible in that way. Perhaps it might also be needed to have a smartcard reader.

[BreakfastBurrito_007]

On 29/01/2022 at 11:02 PM, maroder said:

Hey there,

You can try to disable the TLS encryption in this case. See here:

https://trac.wildfiregames.com/attachment/wiki/FAQ/lobby_tls.jpg

 

I have this same problem, it started 4-5 days ago. I tried disabling the TLS encryption and I got into the lobby just fine. Is it ok or safe to run without TLS encryption in the MP lobby? or is there a better way to solve this issue? 

 

[Norse_Harold]

What OS are you using? If you're using Windows then this bug report explains why TLS encryption doesn't always work. Which version of WIndows are you using, though?

You have asked whether it is ok or safe to run without TLS encryption in the MP lobby. I don't think so. It means that your (hashed) lobby password can be sniffed and potentially stolen. Whether it's safe depends on how often you do it and whether there's a determined adversary trying to steal your password.

Edited December 5, 2022 by Norse_Harold

[BreakfastBurrito_007]

11 minutes ago, Norse_Harold said:

What OS are you using? If you're using Windows then this bug report explains why TLS encryption doesn't always work. Which version of WIndows are you using, though?

You have asked whether it is ok or safe to run without TLS encryption in the MP lobby. I don't think so. It means that your (hashed) lobby password can be sniffed and potentially stolen. Whether it's safe depends on how often you do it and whether there's a determined adversary trying to steal your password.

Hmm I have heard of this happening to players such as berhudar. I am using Windows 10 home, and the weird thing is that this issue suddenly started. Since it has been constant since the onset of the problem, the frequency of me not using TLS to keep playing MP would be 100%. Obviously I shouldn't do that since I don't want my pw stolen. Do you think its worth trying to re-install 0ad and the mods?

[Norse_Harold]

5 minutes ago, BreakfastBurrito_007 said:

I am using Windows 10 home, and the weird thing is that this issue suddenly started.

Yeah, on the surface it's weird. But, Windows changes over time due to Windows Update. It's possible that after a certain critical update, certain TLS protocol versions were disabled, and others were enabled. The 0ad lobby server only allows certain TLS protocol versions to be used (1.2 and above, I think). This article explains some of the registry settings available for controlling which TLS protocol versions are available. Realize that protocols earlier than 1.2 are considered broken by most security professionals, so adjusting the settings should only be done after learning about the pros and cons.

Alternatively, you could build the development version of gloox from source, rebuild glooxwrapper, and install it to the library folder of 0ad. Or, you could wait for a version of gloox to be released that is higher than 1.0.24.

[Stan`]

2 hours ago, Norse_Harold said:

(1.2 and above, I think)

Actually 1.0 and above because of Windows;

2 hours ago, Norse_Harold said:

 

Alternatively, you could build the development version of gloox from source, rebuild glooxwrapper, and install it to the library folder of 0ad. Or, you could wait for a version of gloox to be released that is higher than 1.0.24.

Sadly it seems some stuff broke on newer versions of Gloox at least @maroder could not compile.

I fixed their implementation for WinTLS 1.2 but I didn't go as far as fixing the glooxwrapper yet.

[BreakfastBurrito_007]

I looked at the auto-update history of windows 10 and it seems like none of the listed updates happened near to when the TLS problem started. @Norse_Harold was suggesting it could be a windows update, so perhaps there are some hidden ones not listed? Right now I am doing the "wait" method. Thanks @Stan` for taking a look at this.