Description of problem: Mumble fails to connect to server and reports SSL issues. Version-Release number of selected component (if applicable): mumble-1.2.19-12.fc30.x86_64 How reproducible: Start mumble and try to connect to a server. Steps to Reproduce: 1. Start mumble. 2. Pick server from list. 3. Click connect. Actual results: stdout shows: OpenSSL Support: 1 (OpenSSL 1.1.1b FIPS 26 Feb 2019) ServerHandler: TLS cipher preference is "TLS_AES_256_GCM_SHA384" client shows: [8:14 PM] Server connection failed: Invalid or empty cipher list (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match). ... and repeats this over and over as it tries to reconnect. - Server does not connect. - Clicking configure->settings causes a a SIGSEGV: (gdb) bt #0 0x0000555555740112 in () #1 0x0000555555741b8d in () #2 0x0000555555615172 in () #3 0x0000555555779609 in () #4 0x00007ffff649e62a in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () at /lib64/libQtCore.so.4 #5 0x00007ffff6dd7b95 in QComboBox::currentIndexChanged(int) () at /lib64/libQtGui.so.4 #6 0x00007ffff6dd7c46 in () at /lib64/libQtGui.so.4 #7 0x00007ffff6dd7f53 in () at /lib64/libQtGui.so.4 #8 0x00007ffff6dd81c3 in QComboBox::setCurrentIndex(int) () at /lib64/libQtGui.so.4 #9 0x00007ffff649e966 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () at /lib64/libQtCore.so.4 #10 0x00007ffff64e9b58 in QAbstractItemModel::rowsInserted(QModelIndex const&, int, int) () at /lib64/libQtCore.so.4 #11 0x00007ffff6482e8e in QAbstractItemModel::endInsertRows() () at /lib64/libQtCore.so.4 #12 0x00007ffff6faac63 in () at /lib64/libQtGui.so.4 #13 0x00007ffff6fab2f6 in () at /lib64/libQtGui.so.4 #14 0x00007ffff6dd91b4 in QComboBox::insertItem(int, QIcon const&, QString const&, QVariant const&) () at /lib64/libQtGui.so.4 #15 0x0000555555614331 in () --Type <RET> for more, q to quit, c to continue without paging-- #16 0x0000555555614726 in () #17 0x00005555556ae771 in () #18 0x000055555563e5f6 in () #19 0x000055555577b2af in () #20 0x000055555577b5fb in () #21 0x00007ffff649e62a in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () at /lib64/libQtCore.so.4 #22 0x00007ffff69fe616 in QAction::triggered(bool) () at /lib64/libQtGui.so.4 #23 0x00007ffff69ff9bf in QAction::activate(QAction::ActionEvent) () at /lib64/libQtGui.so.4 #24 0x00007ffff6e3da0b in () at /lib64/libQtGui.so.4 #25 0x00007ffff6e41fa1 in () at /lib64/libQtGui.so.4 #26 0x00007ffff6a59a96 in QWidget::event(QEvent*) () at /lib64/libQtGui.so.4 #27 0x00007ffff6e454bb in QMenu::event(QEvent*) () at /lib64/libQtGui.so.4 #28 0x00007ffff6a04461 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /lib64/libQtGui.so.4 #29 0x00007ffff6a0c034 in QApplication::notify(QObject*, QEvent*) () at /lib64/libQtGui.so.4 #30 0x00007ffff648a2af in QCoreApplication::notifyInternal(QObject*, QEvent*) () at /lib64/libQtCore.so.4 #31 0x00007ffff6a0a7e5 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () at /lib64/libQtGui.so.4 #32 0x00007ffff6a816ab in () at /lib64/libQtGui.so.4 #33 0x00007ffff6a80159 in QApplication::x11ProcessEvent(_XEvent*) () at /lib64/libQtGui.so.4 #34 0x00007ffff6aa6fff in () at /lib64/libQtGui.so.4 #35 0x00007ffff5caefa0 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 #36 0x00007ffff5caf338 in () at /lib64/libglib-2.0.so.0 #37 0x00007ffff5caf3e3 in g_main_context_iteration () at /lib64/libglib-2.0.so.0 #38 0x00007ffff64b8206 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQtCore.so.4 #39 0x00007ffff6aa719b in () at /lib64/libQtGui.so.4 #40 0x00007ffff6488a93 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQtCore.so.4 #41 0x00007ffff6488dae in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQtCore.so.4 #42 0x00007ffff648e23e in QCoreApplication::exec() () at /lib64/libQtCore.so.4 #43 0x00005555555e72dc in () --Type <RET> for more, q to quit, c to continue without paging-- #44 0x00007ffff5dd5f33 in __libc_start_main () at /lib64/libc.so.6 #45 0x00005555555e9c7e in () (gdb) Expected results: - It works and connects to server.
Connecting to the server works (server name redacted) and seems to work. openssl s_client -showcerts -connect xxx.xxxx.xxx:64738 CONNECTED(00000003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 335 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
Can you retest trying: openssl s_client -cipher 'TLS_AES_256_GCM_SHA384' -connect xxx.xxxx.xxx:64738 ?? Another thing to try, use update-crypto-policy to be more permissive, (as root): update-crypto-policies --set LEGACY (to put things back they way they were, run: update-crypto-policies --set DEFAULT ) and see if that helps?
I too have this problem. Entering the openssl command you suggested generates this output: Error with command: "-cipher TLS_AES_256_GCM_SHA384" 140636483376960:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2549: Changing the crypto policy to LEGACY does not change the output of that command, or behaviour of mumble.
Additionally, without -cipher argument I get output containing the following: No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1559 bytes and written 467 bytes Verification error: self signed certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated
Building mumble 1.3-rc1 fixes this for me. I suggest resolving this bug by bumping mumble to a more recent version.
This seems to be a problem of murmur. Since the upgrade from F29 to F30 it only offers TLS_AES_256_GCM_SHA384 as cipher and completely ignores crypto-policy settings. I've seen murmur-1.2.19-10.fc29 offering a lot more ciphers, after updating to F30 with 1.2.19-12.fc30 there's only one left (s.a.). mumble-1.2.19-12.fc30 crashes every time I'm trying to start it, there's already another bug filed at https://bugzilla.redhat.com/show_bug.cgi?id=1706626 Sad days for mumble / murmur users on F30 :-/
It's not just murmur - connecting to public murmur instances also fails for me.
I also have this problem, setting crypto-policies to LEGACY does not solve the issue.
I wrote a patch for the SSL error that fixes my mumble issues, can anyone confirm that murmur issues are also addressed -- if there were any? https://bugzilla.redhat.com/show_bug.cgi?id=1708925#c15 Made scratch-built packages for x86_64 (they will disappear in few days) check https://koji.fedoraproject.org/koji/taskinfo?taskID=34800322 This build uses the patch from 1706626, and mine from 1708925 in a single .patch file. Works for me.
Came to report I'm having the same issue, it's not possible to downgrade to the fc29 mumble without breaking libprotobuf
(In reply to Stepan Broz from comment #9) > I wrote a patch for the SSL error that fixes my mumble issues, can anyone > confirm that murmur issues are also addressed -- if there were any? > > https://bugzilla.redhat.com/show_bug.cgi?id=1708925#c15 > > Made scratch-built packages for x86_64 (they will disappear in few days) > check https://koji.fedoraproject.org/koji/taskinfo?taskID=34800322 > > This build uses the patch from 1706626, and mine from 1708925 in a single > .patch file. Works for me. Hey Stephan, I can confirm that I'm able to connect to servers again with your patched RPM. However I keep getting disconnected after some short period of time.
Hi, thanks for the feedback. Hopefully the package maintainer will address the issues soon. I don't have any disconnect issues, though. Maybe that is a different/unrelated issue? Check the murmur logs, if you have access to them, and mumble client console for errors.
(In reply to Will Foster from comment #11) > (In reply to Stepan Broz from comment #9) > > I wrote a patch for the SSL error that fixes my mumble issues, can anyone > > confirm that murmur issues are also addressed -- if there were any? > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1708925#c15 > > > > Made scratch-built packages for x86_64 (they will disappear in few days) > > check https://koji.fedoraproject.org/koji/taskinfo?taskID=34800322 > > > > This build uses the patch from 1706626, and mine from 1708925 in a single > > .patch file. Works for me. > > Hey Stephan, I can confirm that I'm able to connect to servers again with > your patched RPM. > > However I keep getting disconnected after some short period of time. After some further testing the disconnects were on my end, the patched RPM from Stephan work fine for me here: https://koji.fedoraproject.org/koji/taskinfo?taskID=34800322
I can help pull in fixes into packaging today
mumble-1.2.19-13.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-03f5772e40
mumble-1.2.19-13.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-0f25c63522
Thanks for the update, it also fixes https://bugzilla.redhat.com/show_bug.cgi?id=1706626
mumble-1.2.19-13.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-0f25c63522
mumble-1.2.19-13.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-03f5772e40
mumble-1.2.19-14.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-03f5772e40
mumble-1.2.19-14.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-0f25c63522
mumble-1.2.19-14.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-03f5772e40
mumble-1.2.19-14.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-0f25c63522
mumble-1.2.19-14.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
mumble-1.2.19-14.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.