github-starred/barrier
2
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-05-15 14:16:02 -06:00
Code Issues 1.0k Projects Packages Wiki Activity Actions

[GH-ISSUE #1556] OpenSSL Version 1.0.2l on windows release #1173

New issue
Open
opened 2026-05-05 07:33:19 -06:00 by gitea-mirror · 8 comments
gitea-mirror commented 2026-05-05 07:33:19 -06:00
Owner
Copy link

Originally created by @ccoenen on GitHub (Feb 8, 2022).
Original GitHub issue: https://github.com/debauchee/barrier/issues/1556

What happened?

On the Wayland-Support ticket (#109) I reported this issue earlier, but it's a separate issue that only clutters that thread. Currently, my barrier on windows is in version 2.4.0 (current version at time of writing) and it seems to ship with OpenSSL 1.0.2l from 2017.

openssl 1.0.2l

on my system, there would be a more recent openssl available, this is the one on the system's PATH:
openssl 1.1.1j

But from within barrier, the shipped 1.0.2l seems to be used:

[2022-02-08T10:25:23] INFO: connecting to service...
[2022-02-08T10:25:23] INFO: SSL fingerprint generated.
[2022-02-08T10:25:23] INFO: connection established
server status: not active

[2022-02-08T10:27:25] INFO: starting server
[2022-02-08T10:27:25] INFO: config file: C:/Users/user/AppData/Local/Temp/Barrier.PubDUE
[2022-02-08T10:27:25] INFO: log level: INFO
[2022-02-08T10:27:25] INFO: service command updated
[2022-02-08T10:27:26] INFO: starting new process as privileged user
[2022-02-08T10:27:26] INFO: drag and drop enabled
started server (IPv4/IPv6), waiting for clients
server status: active
[2022-02-08T10:27:35] INFO: OpenSSL 1.0.2l  25 May 2017                          <----------------
[2022-02-08T10:27:36] ERROR: ssl error occurred (system call failure)
[2022-02-08T10:27:36] ERROR: eof violates ssl protocol
[2022-02-08T10:27:36] ERROR: failed to accept secure socket
[2022-02-08T10:27:36] INFO: client connection may not be secure
[2022-02-08T10:27:37] INFO: OpenSSL 1.0.2l  25 May 2017
[2022-02-08T10:27:47] ERROR: ssl error occurred (system call failure)
[2022-02-08T10:27:47] ERROR: eof violates ssl protocol
[2022-02-08T10:27:47] ERROR: failed to accept secure socket
[2022-02-08T10:27:47] INFO: client connection may not be secure
[2022-02-08T10:27:48] INFO: OpenSSL 1.0.2l  25 May 2017

This leads to connection problems with waynergy compiled with a more recent openssl version (and therefore no matching ciphers, apparently). The connection attempts can be seen above.

(originally from https://github.com/debauchee/barrier/issues/109#issuecomment-1016539840, and I already tried the suggestions by @joshskidmore https://github.com/debauchee/barrier/issues/109#issuecomment-1016526113 and @brmnjsh https://github.com/debauchee/barrier/issues/109#issuecomment-1030988825 )

Version

v2.4.0

Git commit hash (if applicable)

3e0d758b

If applicable, where did you install Barrier from?

BarrierSetup-2.4.0-release.exe from this project's release page.

What OSes are you seeing the problem on? (Check all that apply)

Windows

What OS versions are you using?

Windows 10, Version 21H1 Build 19043.1466)

Relevant log output

(see above)

Any other information

I am trying to connect a waynergy client (linux) to the barrier server (windows)

Originally created by @ccoenen on GitHub (Feb 8, 2022). Original GitHub issue: https://github.com/debauchee/barrier/issues/1556 ### What happened? On the Wayland-Support ticket (#109) I reported this issue earlier, but it's a separate issue that only clutters that thread. Currently, my barrier on windows is in version 2.4.0 (current version at time of writing) and it seems to ship with OpenSSL 1.0.2l from 2017. ![openssl 1.0.2l](https://user-images.githubusercontent.com/124909/152957416-93933b90-6c12-4acd-9e87-9e194541cdf3.png) on my system, there _would_ be a more recent openssl available, this is the one on the system's `PATH`: ![openssl 1.1.1j](https://user-images.githubusercontent.com/124909/152958570-badc2248-ceed-4aa7-85c8-f83b0c50bfcc.png) But from within barrier, the shipped 1.0.2l seems to be used: ``` [2022-02-08T10:25:23] INFO: connecting to service... [2022-02-08T10:25:23] INFO: SSL fingerprint generated. [2022-02-08T10:25:23] INFO: connection established server status: not active [2022-02-08T10:27:25] INFO: starting server [2022-02-08T10:27:25] INFO: config file: C:/Users/user/AppData/Local/Temp/Barrier.PubDUE [2022-02-08T10:27:25] INFO: log level: INFO [2022-02-08T10:27:25] INFO: service command updated [2022-02-08T10:27:26] INFO: starting new process as privileged user [2022-02-08T10:27:26] INFO: drag and drop enabled started server (IPv4/IPv6), waiting for clients server status: active [2022-02-08T10:27:35] INFO: OpenSSL 1.0.2l 25 May 2017 <---------------- [2022-02-08T10:27:36] ERROR: ssl error occurred (system call failure) [2022-02-08T10:27:36] ERROR: eof violates ssl protocol [2022-02-08T10:27:36] ERROR: failed to accept secure socket [2022-02-08T10:27:36] INFO: client connection may not be secure [2022-02-08T10:27:37] INFO: OpenSSL 1.0.2l 25 May 2017 [2022-02-08T10:27:47] ERROR: ssl error occurred (system call failure) [2022-02-08T10:27:47] ERROR: eof violates ssl protocol [2022-02-08T10:27:47] ERROR: failed to accept secure socket [2022-02-08T10:27:47] INFO: client connection may not be secure [2022-02-08T10:27:48] INFO: OpenSSL 1.0.2l 25 May 2017 ``` This leads to connection problems with waynergy compiled with a more recent openssl version (and therefore no matching ciphers, apparently). The connection attempts can be seen above. (originally from https://github.com/debauchee/barrier/issues/109#issuecomment-1016539840, and I already tried the suggestions by @joshskidmore https://github.com/debauchee/barrier/issues/109#issuecomment-1016526113 and @brmnjsh https://github.com/debauchee/barrier/issues/109#issuecomment-1030988825 ) ### Version v2.4.0 ### Git commit hash (if applicable) 3e0d758b ### If applicable, where did you install Barrier from? `BarrierSetup-2.4.0-release.exe` from this project's release page. ### What OSes are you seeing the problem on? (Check all that apply) Windows ### What OS versions are you using? Windows 10, Version 21H1 Build 19043.1466) ### Relevant log output ```shell (see above) ``` ### Any other information I am trying to connect a waynergy client (linux) to the barrier server (windows)
gitea-mirror commented 2026-05-05 07:33:21 -06:00
Author
Owner
Copy link

@joshskidmore commented on GitHub (Feb 8, 2022):

@ccoenen - I apologize for the delay in replying.

I unfortunately don't have a Windows machine to test, but I would still assume your issue is either around the SSL certificate and/or options being passed to the Barrier server or Waynergy client. I may be wrong, but I don't this this is related to your Windows OpenSSL versions. Though my Barrier server is in Linux, I thought I would share my options and configurations to see if there is something strikingly obvious.

(Linux) Barrier server:

/usr/bin/barriers \
  --config ~/.barrier.conf \
  --no-daemon \
  --enable-crypto \
  --disable-client-cert-checking \
  --debug  INFO
  • My ~/.barrier.conf file contains nothing related to SSL or encryption.
  • I have a combined OpenSSL key+certificate at ~/.local/share/barrier/SSL/Barrier.pem. I believe this was generated by Barrier at some point.
  • In the ~/.local/share/barrier/SSL/Fingerprints/Local.txt file, I have two lines. The first starts with v2:sha1: and the second starts with v2:sha256:.

Waynergy client (also Linux)

/usr/bin/waynergy \
  --loglevel 1 \
  --host [IPV4_OF_ABOVE_BARRIER_SERVER] \
  --name [NAME_OF_THIS_CLIENT_MACHINE_USED_IN_BARRIERS_CONFIG] \
  --enable-crypto \
  --enable-tofu \
  --fatal-none
  • I have an keymap file at ~/.config/waynergy/xkb_keymap.
  • Waynergy automatically generated a subfolder at ~/.config/waynergy/tls/hash/, and automatically generated what appear to be OpenSSL SHA256 hashes of Barrier servers it connects to. I didn't do anything here; it generated these automatically.

Whenever the Waynergy client attempts to the Barrier server, occasionally it does throw an SSL connection/protocol error, but ends up connecting on the next retry.

<!-- gh-comment-id:1032888116 --> @joshskidmore commented on GitHub (Feb 8, 2022): @ccoenen - I apologize for the delay in replying. I unfortunately don't have a Windows machine to test, but I would still assume your issue is either around the SSL certificate and/or options being passed to the Barrier server or Waynergy client. I may be wrong, but I don't this this is related to your Windows OpenSSL versions. Though my Barrier server is in Linux, I thought I would share my options and configurations to see if there is something strikingly obvious. ## (Linux) Barrier server: ``` /usr/bin/barriers \ --config ~/.barrier.conf \ --no-daemon \ --enable-crypto \ --disable-client-cert-checking \ --debug INFO ``` * My `~/.barrier.conf` file contains nothing related to SSL or encryption. * I have a combined OpenSSL key+certificate at `~/.local/share/barrier/SSL/Barrier.pem`. I believe this was generated by Barrier at some point. * In the `~/.local/share/barrier/SSL/Fingerprints/Local.txt` file, I have two lines. The first starts with `v2:sha1:` and the second starts with `v2:sha256:`. ## Waynergy client (also Linux) ``` /usr/bin/waynergy \ --loglevel 1 \ --host [IPV4_OF_ABOVE_BARRIER_SERVER] \ --name [NAME_OF_THIS_CLIENT_MACHINE_USED_IN_BARRIERS_CONFIG] \ --enable-crypto \ --enable-tofu \ --fatal-none ``` * I have an keymap file at `~/.config/waynergy/xkb_keymap`. * Waynergy automatically generated a subfolder at `~/.config/waynergy/tls/hash/`, and automatically generated what appear to be OpenSSL SHA256 hashes of Barrier servers it connects to. I didn't do anything here; it generated these automatically. Whenever the Waynergy client attempts to the Barrier server, occasionally it does throw an SSL connection/protocol error, but ends up connecting on the next retry.
gitea-mirror commented 2026-05-05 07:33:23 -06:00
Author
Owner
Copy link

@ccoenen commented on GitHub (Feb 8, 2022):

My Barrier appears to be started with this command, according to the logfile (configured from the gui, yes the "SSL" checkbox is checked.)

"C:/Program Files/Barrier/barriers.exe" \
  -f \            (=== --no-daemon)
  --no-tray \
  --debug DEBUG1 \
  --name name-redacted \
  --ipc \
  --stop-on-desk-switch \
  --enable-drag-drop \
  --profile-dir "C:\Users\redacted\AppData\Local\Barrier" \
  --disable-client-cert-checking \
  -c "C:/Users/redacted/AppData/Local/Temp/Barrier.gUvJOo" \   (=== --config)
  --address :24800

The previous parameters are not working.

I now tried manually starting barrier server with parameters more closely resembling yours:

"C:/Program Files/Barrier/barriers.exe" \
  --config "C:/Users/redacted/AppData/Local/Temp/Barrier.gUvJOo" \
  --no-daemon \
  --enable-crypto \
  --disable-client-cert-checking \
  --debug DEBUG1 \
  --name name-redacted \
  --profile-dir "C:\Users\redacted\AppData\Local\Barrier" \
  --address :24800

This still does not work. On my wanyergy/linux/client I get the same error as before, and the client is a little more forthcoming with info:

[2022-02-08T19:08:06] DEBUG: Opening new socket: F18C3100
[2022-02-08T19:08:06] INFO: OpenSSL 1.0.2l  25 May 2017
[2022-02-08T19:08:06] DEBUG1: openSSL : compiler: cl  /MD /Ox -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE
[2022-02-08T19:08:06] DEBUG1: openSSL : built on: reproducible build, date unspecified
[2022-02-08T19:08:06] DEBUG1: openSSL : VC-WIN64A
[2022-02-08T19:08:06] DEBUG1: OPENSSLDIR: "C:\OpenSSL/ssl"
[2022-02-08T19:08:06] ERROR: ssl error occurred (generic failure)
[2022-02-08T19:08:06] ERROR: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
[2022-02-08T19:08:06] ERROR: failed to accept secure socket
[2022-02-08T19:08:06] INFO: client connection may not be secure

It should be noted that --enable-crypto is the default now, and it's deprecated to explicitly specify.

I can also offer a wireshark packet capture. My client is trying to do a TLSv1.2 handshake and offers these suites as part of the Client Hello:
grafik
The direct response to that is the server sending back the handshake-failure:
grafik

So, I tried to find which cipher suites the server would have accepted, using this script found on Stack Overflow:

$ ./test_server.sh 192.168.--.--:24800
Obtaining cipher list from LibreSSL 3.3.3.
Testing AEAD-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing AEAD-CHACHA20-POLY1305-SHA256...NO (sslv3 alert handshake failure)
Testing AEAD-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure)
Testing GOST2012256-GOST89-GOST89...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing GOST2001-GOST89-GOST89...NO (sslv3 alert handshake failure)
Testing AECDH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA256-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...YES
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA256...NO (sslv3 alert handshake failure)
Testing CAMELLIA256-SHA...YES
Testing ECDHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA128-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA256...YES
Testing AES128-SHA...YES
Testing CAMELLIA128-SHA256...NO (sslv3 alert handshake failure)
Testing CAMELLIA128-SHA...YES
Testing ECDHE-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing RC4-SHA...YES
Testing RC4-MD5...YES
Testing ECDHE-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...YES
Testing ECDHE-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing GOST2012256-NULL-STREEBOG256...NO (sslv3 alert handshake failure)
Testing GOST2001-NULL-GOST94...NO (sslv3 alert handshake failure)
Testing AECDH-NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-SHA256...NO (sslv3 alert handshake failure)
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)

So the overlap would be:

Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)

But somehow the server does not want to use them.

<!-- gh-comment-id:1032953810 --> @ccoenen commented on GitHub (Feb 8, 2022): My Barrier appears to be started with this command, according to the logfile (configured from the gui, yes the "SSL" checkbox is checked.) ``` "C:/Program Files/Barrier/barriers.exe" \ -f \ (=== --no-daemon) --no-tray \ --debug DEBUG1 \ --name name-redacted \ --ipc \ --stop-on-desk-switch \ --enable-drag-drop \ --profile-dir "C:\Users\redacted\AppData\Local\Barrier" \ --disable-client-cert-checking \ -c "C:/Users/redacted/AppData/Local/Temp/Barrier.gUvJOo" \ (=== --config) --address :24800 ``` The previous parameters are **not** working. I now tried manually starting barrier server with parameters more closely resembling yours: ``` "C:/Program Files/Barrier/barriers.exe" \ --config "C:/Users/redacted/AppData/Local/Temp/Barrier.gUvJOo" \ --no-daemon \ --enable-crypto \ --disable-client-cert-checking \ --debug DEBUG1 \ --name name-redacted \ --profile-dir "C:\Users\redacted\AppData\Local\Barrier" \ --address :24800 ``` This still does not work. On my wanyergy/linux/client I get the same error as before, and the client is a little more forthcoming with info: ``` [2022-02-08T19:08:06] DEBUG: Opening new socket: F18C3100 [2022-02-08T19:08:06] INFO: OpenSSL 1.0.2l 25 May 2017 [2022-02-08T19:08:06] DEBUG1: openSSL : compiler: cl /MD /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE [2022-02-08T19:08:06] DEBUG1: openSSL : built on: reproducible build, date unspecified [2022-02-08T19:08:06] DEBUG1: openSSL : VC-WIN64A [2022-02-08T19:08:06] DEBUG1: OPENSSLDIR: "C:\OpenSSL/ssl" [2022-02-08T19:08:06] ERROR: ssl error occurred (generic failure) [2022-02-08T19:08:06] ERROR: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher [2022-02-08T19:08:06] ERROR: failed to accept secure socket [2022-02-08T19:08:06] INFO: client connection may not be secure ``` It should be noted that `--enable-crypto` is the default now, and it's deprecated to explicitly specify. I can also offer a wireshark packet capture. My client is trying to do a TLSv1.2 handshake and offers these suites as part of the Client Hello: ![grafik](https://user-images.githubusercontent.com/124909/153054711-71ea1de1-ffbd-48ae-a3ad-4181f168867d.png) The direct response to that is the server sending back the handshake-failure: ![grafik](https://user-images.githubusercontent.com/124909/153055099-961e9422-1a77-4bb3-a59b-4435836857f3.png) So, I tried to find [which cipher suites the server would have accepted, using this script found on Stack Overflow](https://superuser.com/a/224263/286021): ``` $ ./test_server.sh 192.168.--.--:24800 Obtaining cipher list from LibreSSL 3.3.3. Testing AEAD-AES256-GCM-SHA384...NO (sslv3 alert handshake failure) Testing AEAD-CHACHA20-POLY1305-SHA256...NO (sslv3 alert handshake failure) Testing AEAD-AES128-GCM-SHA256...NO (sslv3 alert handshake failure) Testing ECDHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure) Testing ECDHE-RSA-AES256-SHA384...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure) Testing ECDHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure) Testing DHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure) Testing DHE-RSA-AES256-SHA256...NO (sslv3 alert handshake failure) Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure) Testing ECDHE-RSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure) Testing DHE-RSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure) Testing GOST2012256-GOST89-GOST89...NO (sslv3 alert handshake failure) Testing DHE-RSA-CAMELLIA256-SHA256...NO (sslv3 alert handshake failure) Testing DHE-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure) Testing GOST2001-GOST89-GOST89...NO (sslv3 alert handshake failure) Testing AECDH-AES256-SHA...NO (sslv3 alert handshake failure) Testing ADH-AES256-GCM-SHA384...NO (sslv3 alert handshake failure) Testing ADH-AES256-SHA256...NO (sslv3 alert handshake failure) Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure) Testing ADH-CAMELLIA256-SHA256...NO (sslv3 alert handshake failure) Testing ADH-CAMELLIA256-SHA...NO (sslv3 alert handshake failure) Testing AES256-GCM-SHA384...YES Testing AES256-SHA256...YES Testing AES256-SHA...YES Testing CAMELLIA256-SHA256...NO (sslv3 alert handshake failure) Testing CAMELLIA256-SHA...YES Testing ECDHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure) Testing ECDHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure) Testing ECDHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure) Testing DHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure) Testing DHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure) Testing DHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure) Testing DHE-RSA-CAMELLIA128-SHA256...NO (sslv3 alert handshake failure) Testing DHE-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure) Testing AECDH-AES128-SHA...NO (sslv3 alert handshake failure) Testing ADH-AES128-GCM-SHA256...NO (sslv3 alert handshake failure) Testing ADH-AES128-SHA256...NO (sslv3 alert handshake failure) Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure) Testing ADH-CAMELLIA128-SHA256...NO (sslv3 alert handshake failure) Testing ADH-CAMELLIA128-SHA...NO (sslv3 alert handshake failure) Testing AES128-GCM-SHA256...YES Testing AES128-SHA256...YES Testing AES128-SHA...YES Testing CAMELLIA128-SHA256...NO (sslv3 alert handshake failure) Testing CAMELLIA128-SHA...YES Testing ECDHE-RSA-RC4-SHA...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure) Testing AECDH-RC4-SHA...NO (sslv3 alert handshake failure) Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure) Testing RC4-SHA...YES Testing RC4-MD5...YES Testing ECDHE-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure) Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure) Testing AECDH-DES-CBC3-SHA...NO (sslv3 alert handshake failure) Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure) Testing DES-CBC3-SHA...YES Testing ECDHE-RSA-NULL-SHA...NO (sslv3 alert handshake failure) Testing ECDHE-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure) Testing GOST2012256-NULL-STREEBOG256...NO (sslv3 alert handshake failure) Testing GOST2001-NULL-GOST94...NO (sslv3 alert handshake failure) Testing AECDH-NULL-SHA...NO (sslv3 alert handshake failure) Testing NULL-SHA256...NO (sslv3 alert handshake failure) Testing NULL-SHA...NO (sslv3 alert handshake failure) Testing NULL-MD5...NO (sslv3 alert handshake failure) ``` So the overlap would be: ``` Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) ``` But somehow the server does not want to use them.
gitea-mirror commented 2026-05-05 07:33:25 -06:00
Author
Owner
Copy link

@ccoenen commented on GitHub (Feb 8, 2022):

interestingly, barriers.exe logs this for any successful connection attempt by the tls test script:

[2022-02-08T20:11:42] DEBUG: Opening new socket: 0F68B380
[2022-02-08T20:11:42] INFO: OpenSSL 1.0.2l  25 May 2017
[2022-02-08T20:11:42] DEBUG1: openSSL : compiler: cl  /MD /Ox -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE    
[2022-02-08T20:11:42] DEBUG1: openSSL : built on: reproducible build, date unspecified
[2022-02-08T20:11:42] DEBUG1: openSSL : VC-WIN64A
[2022-02-08T20:11:42] DEBUG1: OPENSSLDIR: "C:\OpenSSL/ssl"
[2022-02-08T20:11:42] INFO: accepted secure socket
[2022-02-08T20:11:42] DEBUG1: available local ciphers:
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES256-SHA256    TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AES(256)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES256-SHA256    TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AES(256)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES256-SHA       SSLv3 Kx=DH/RSA   Au=DH   Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES256-SHA       SSLv3 Kx=DH/DSS   Au=DH   Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-CAMELLIA256-SHA  SSLv3 Kx=DH/RSA   Au=DH   Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-CAMELLIA256-SHA  SSLv3 Kx=DH/DSS   Au=DH   Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES128-SHA256    TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AES(128)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES128-SHA256    TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AES(128)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-AES128-SHA       SSLv3 Kx=DH/RSA   Au=DH   Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-AES128-SHA       SSLv3 Kx=DH/DSS   Au=DH   Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-SEED-SHA         SSLv3 Kx=DH/RSA   Au=DH   Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-SEED-SHA         SSLv3 Kx=DH/DSS   Au=DH   Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-CAMELLIA128-SHA  SSLv3 Kx=DH/RSA   Au=DH   Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-CAMELLIA128-SHA  SSLv3 Kx=DH/DSS   Au=DH   Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
[2022-02-08T20:11:42] DEBUG1: AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
[2022-02-08T20:11:42] DEBUG1: AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-RC4-SHA       SSLv3 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-RC4-SHA        SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-RC4-SHA      SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
[2022-02-08T20:11:42] DEBUG1: PSK-RC4-SHA             SSLv3 Kx=PSK      Au=PSK  Enc=RC4(128)  Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: SRP-3DES-EDE-CBC-SHA    SSLv3 Kx=SRP      Au=SRP  Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-RSA-DES-CBC3-SHA     SSLv3 Kx=DH/RSA   Au=DH   Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DH-DSS-DES-CBC3-SHA     SSLv3 Kx=DH/DSS   Au=DH   Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: PSK-3DES-EDE-CBC-SHA    SSLv3 Kx=PSK      Au=PSK  Enc=3DES(168) Mac=SHA1
[2022-02-08T20:11:42] DEBUG1: available remote ciphers:
[2022-02-08T20:11:42] DEBUG1: AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
[2022-02-08T20:11:42] INFO: AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD

[2022-02-08T20:11:42] NOTE: accepted client connection
[2022-02-08T20:11:42] DEBUG: ssl connection closed
[2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::inputReady as 41
[2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::outputError as 42
[2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::inputFormatError as 43
[2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::outputShutdown as 44
[2022-02-08T20:11:42] DEBUG1: saying hello
[2022-02-08T20:11:42] DEBUG1: registered event type ClientProxyUnknownEvents::success as 45
[2022-02-08T20:11:42] DEBUG1: registered event type ClientProxyUnknownEvents::failure as 46
[2022-02-08T20:11:42] NOTE: new client disconnected
<!-- gh-comment-id:1032970548 --> @ccoenen commented on GitHub (Feb 8, 2022): interestingly, `barriers.exe` logs this for any successful connection attempt by the tls test script: ``` [2022-02-08T20:11:42] DEBUG: Opening new socket: 0F68B380 [2022-02-08T20:11:42] INFO: OpenSSL 1.0.2l 25 May 2017 [2022-02-08T20:11:42] DEBUG1: openSSL : compiler: cl /MD /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE [2022-02-08T20:11:42] DEBUG1: openSSL : built on: reproducible build, date unspecified [2022-02-08T20:11:42] DEBUG1: openSSL : VC-WIN64A [2022-02-08T20:11:42] DEBUG1: OPENSSLDIR: "C:\OpenSSL/ssl" [2022-02-08T20:11:42] INFO: accepted secure socket [2022-02-08T20:11:42] DEBUG1: available local ciphers: [2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 [2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 [2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: DH-RSA-AES256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: DH-DSS-AES256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-RSA-AES256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-DSS-AES256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-RSA-CAMELLIA256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-DSS-CAMELLIA256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 [2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 [2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: DH-RSA-AES128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: DH-DSS-AES128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-RSA-AES128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-DSS-AES128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-RSA-SEED-SHA SSLv3 Kx=DH/RSA Au=DH Enc=SEED(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-DSS-SEED-SHA SSLv3 Kx=DH/DSS Au=DH Enc=SEED(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-RSA-CAMELLIA128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-DSS-CAMELLIA128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD [2022-02-08T20:11:42] DEBUG1: AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 [2022-02-08T20:11:42] DEBUG1: AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 [2022-02-08T20:11:42] DEBUG1: PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1 [2022-02-08T20:11:42] DEBUG1: available remote ciphers: [2022-02-08T20:11:42] DEBUG1: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] INFO: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD [2022-02-08T20:11:42] NOTE: accepted client connection [2022-02-08T20:11:42] DEBUG: ssl connection closed [2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::inputReady as 41 [2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::outputError as 42 [2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::inputFormatError as 43 [2022-02-08T20:11:42] DEBUG1: registered event type IStreamEvents::outputShutdown as 44 [2022-02-08T20:11:42] DEBUG1: saying hello [2022-02-08T20:11:42] DEBUG1: registered event type ClientProxyUnknownEvents::success as 45 [2022-02-08T20:11:42] DEBUG1: registered event type ClientProxyUnknownEvents::failure as 46 [2022-02-08T20:11:42] NOTE: new client disconnected ```
gitea-mirror commented 2026-05-05 07:33:27 -06:00
Author
Owner
Copy link

@ccoenen commented on GitHub (Feb 8, 2022):

I did also generate a new key/cert with the command from the wiki (slightly modified for longer validity):

openssl req -x509 -nodes -days 3650 -subj /CN=Barrier -newkey rsa:4096 -keyout C:\Users\user\AppData\Local\Barrier\SSL\Barrier.pem -out C:\Users\user\AppData\Local\Barrier\SSL\Barrier.pem

Which also did not help.

<!-- gh-comment-id:1032982468 --> @ccoenen commented on GitHub (Feb 8, 2022): I did also generate a new key/cert with the command from the wiki (slightly modified for longer validity): ``` openssl req -x509 -nodes -days 3650 -subj /CN=Barrier -newkey rsa:4096 -keyout C:\Users\user\AppData\Local\Barrier\SSL\Barrier.pem -out C:\Users\user\AppData\Local\Barrier\SSL\Barrier.pem ``` Which also did not help.
gitea-mirror commented 2026-05-05 07:33:29 -06:00
Author
Owner
Copy link

@joshskidmore commented on GitHub (Feb 8, 2022):

I just tested a few things.

In full transparency, I recently switched the laptop that was using Waynergy/Sway back to Barrier/xmonad, so I'm not using this actively.

My first thought was to see if there had been Waynergy updates since I last used it, and there were. I updated to the latest release (0.0.9), ran Sway, then ran the same Waynergy command that I mentioned before. It connected without any issues other than wl-clipboard (which I had disabled after moving back to xmonad).

Now that I'm home, my second thought was to try to run a Barrier server on my Windows 10 desktop, then have this same Waynergy/Sway client attempt to connect to it. I setup Barrier as a server, enabled SSL, disabled "Require client certificate" (which I think is off by default), added a single screen for the Waynergy/Sway client, then started the daemon. On the Waynergy/Sway client, I used identical settings, except I switched the host to the IP of the Windows instance. Outside wl-clipboard issues, this worked as well. The version of Barrier I'm using on Windows is 2.4.0-release-3e0d758b / Build Date: Monday, November 1.

Of note, the version of OpenSSL that Windows Barrier is reporting is also OpenSSL 1.0.2l and it's connecting using the AES256-GCM-SHA384 cipher (one that you mentioned overlapped).

Log from the Windows Barrier server

Note: The Waynergy/Sway desktop name is lilbaby and the Windows 10 Barrier server hostname is DESKTOP-0FB7731/100.119.84.38.

[2022-02-08T17:06:47] DEBUG: started process, session=1, elevated: yes, command="C:/Program Files/Barrier/barriers.exe" -f --no-tray --debug DEBUG --name DESKTOP-0FB7731 --ipc --enable-drag-drop --profile-dir "C:\Users\Josh Skidmore\AppData\Local\Barrier" --disable-client-cert-checking -c "C:/Users/Josh Skidmore/AppData/Local/Temp/Barrier.fWXqvG" --address :24800
[2022-02-08T17:07:05] DEBUG: Opening new socket: B5788260
[2022-02-08T17:07:05] INFO: OpenSSL 1.0.2l  25 May 2017
[2022-02-08T17:07:05] INFO: accepted secure socket
[2022-02-08T17:07:05] INFO: AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
[2022-02-08T17:07:05] NOTE: accepted client connection
[2022-02-08T17:07:05] ERROR: invalid message from client "lilbaby": CCLP
[2022-02-08T17:07:05] DEBUG: Closing socket: B5788260
[2022-02-08T17:07:05] NOTE: new client disconnected
[2022-02-08T17:07:06] DEBUG: Opening new socket: B579F340
[2022-02-08T17:07:06] INFO: OpenSSL 1.0.2l  25 May 2017
[2022-02-08T17:07:06] INFO: accepted secure socket
[2022-02-08T17:07:06] INFO: AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
[2022-02-08T17:07:06] NOTE: accepted client connection
[2022-02-08T17:07:06] DEBUG: ssl connection closed
[2022-02-08T17:07:06] NOTE: new client disconnected
[2022-02-08T17:07:06] DEBUG: Closing socket: B579F340
[2022-02-08T17:07:06] DEBUG: Opening new socket: B579F5E0
[2022-02-08T17:07:06] INFO: OpenSSL 1.0.2l  25 May 2017
[2022-02-08T17:07:06] INFO: accepted secure socket
[2022-02-08T17:07:06] INFO: AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
[2022-02-08T17:07:06] NOTE: accepted client connection
[2022-02-08T17:07:06] DEBUG: received client "lilbaby" info shape=0,0 1827x1142 at 0,0
[2022-02-08T17:07:06] DEBUG: active sides: 2
[2022-02-08T17:07:06] NOTE: client "lilbaby" has connected

Log from the Waynergy/Sway client

Note: It was on debug verbosity, so I redacted a couple unnecessary log lines.

/usr/bin/waynergy --loglevel debug --host 100.119.84.38 --name lilbaby --enable-crypto --enable-tofu --fatal-none
...
0.025263090: [DEBUG] Got idle manager
0.025554944: [DEBUG] Mutating output...
0.025573111: [DEBUG] Got output at position 0,0
0.025580995: [DEBUG] Got current mode: 2560x1600@60002
0.025587744: [INFO] Not using preferred mode on output -- check config
...
0.031185610: [INFO] Going to connect to 100.119.84.38 at port 24800
0.358550403: [DEBUG] Section tls not found in INI
0.528657234: [INFO] Trust-on-first-use enabled, saving hash SHA256:11dc2183fafee253ac5f31173a28ea76b5d3307cdd611bf20a6df5c535fdcd91
0.528817105: [INFO] Server is Barrier 1.6
0.528848088: [INFO] Connected as client "lilbaby"
0.528857511: [DEBUG] Accepting
0.528873611: [DEBUG] Accepting
0.528887784: [DEBUG] Clipboard data read for c: 63 bytes
0.528920804: [DEBUG] Clipboard data read for p: 63 bytes
<!-- gh-comment-id:1033131111 --> @joshskidmore commented on GitHub (Feb 8, 2022): I just tested a few things. In full transparency, I recently switched the laptop that was using Waynergy/Sway back to Barrier/xmonad, so I'm not using this actively. My first thought was to see if there had been Waynergy updates since I last used it, and there were. I updated to the latest release (0.0.9), ran Sway, then ran the same Waynergy command that I mentioned before. It connected without any issues other than wl-clipboard (which I had disabled after moving back to xmonad). Now that I'm home, my second thought was to try to run a Barrier server on my Windows 10 desktop, then have this same Waynergy/Sway client attempt to connect to it. I setup Barrier as a server, enabled SSL, disabled "Require client certificate" (which I think is off by default), added a single screen for the Waynergy/Sway client, then started the daemon. On the Waynergy/Sway client, I used identical settings, except I switched the host to the IP of the Windows instance. Outside wl-clipboard issues, this worked as well. The version of Barrier I'm using on Windows is `2.4.0-release-3e0d758b` / `Build Date: Monday, November 1`. Of note, the version of OpenSSL that Windows Barrier is reporting is also `OpenSSL 1.0.2l` and it's connecting using the `AES256-GCM-SHA384` cipher (one that you mentioned overlapped). ## Log from the Windows Barrier server Note: The Waynergy/Sway desktop name is `lilbaby` and the Windows 10 Barrier server hostname is `DESKTOP-0FB7731`/`100.119.84.38`. ``` [2022-02-08T17:06:47] DEBUG: started process, session=1, elevated: yes, command="C:/Program Files/Barrier/barriers.exe" -f --no-tray --debug DEBUG --name DESKTOP-0FB7731 --ipc --enable-drag-drop --profile-dir "C:\Users\Josh Skidmore\AppData\Local\Barrier" --disable-client-cert-checking -c "C:/Users/Josh Skidmore/AppData/Local/Temp/Barrier.fWXqvG" --address :24800 [2022-02-08T17:07:05] DEBUG: Opening new socket: B5788260 [2022-02-08T17:07:05] INFO: OpenSSL 1.0.2l 25 May 2017 [2022-02-08T17:07:05] INFO: accepted secure socket [2022-02-08T17:07:05] INFO: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD [2022-02-08T17:07:05] NOTE: accepted client connection [2022-02-08T17:07:05] ERROR: invalid message from client "lilbaby": CCLP [2022-02-08T17:07:05] DEBUG: Closing socket: B5788260 [2022-02-08T17:07:05] NOTE: new client disconnected [2022-02-08T17:07:06] DEBUG: Opening new socket: B579F340 [2022-02-08T17:07:06] INFO: OpenSSL 1.0.2l 25 May 2017 [2022-02-08T17:07:06] INFO: accepted secure socket [2022-02-08T17:07:06] INFO: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD [2022-02-08T17:07:06] NOTE: accepted client connection [2022-02-08T17:07:06] DEBUG: ssl connection closed [2022-02-08T17:07:06] NOTE: new client disconnected [2022-02-08T17:07:06] DEBUG: Closing socket: B579F340 [2022-02-08T17:07:06] DEBUG: Opening new socket: B579F5E0 [2022-02-08T17:07:06] INFO: OpenSSL 1.0.2l 25 May 2017 [2022-02-08T17:07:06] INFO: accepted secure socket [2022-02-08T17:07:06] INFO: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD [2022-02-08T17:07:06] NOTE: accepted client connection [2022-02-08T17:07:06] DEBUG: received client "lilbaby" info shape=0,0 1827x1142 at 0,0 [2022-02-08T17:07:06] DEBUG: active sides: 2 [2022-02-08T17:07:06] NOTE: client "lilbaby" has connected ``` ## Log from the Waynergy/Sway client Note: It was on debug verbosity, so I redacted a couple unnecessary log lines. ``` /usr/bin/waynergy --loglevel debug --host 100.119.84.38 --name lilbaby --enable-crypto --enable-tofu --fatal-none ... 0.025263090: [DEBUG] Got idle manager 0.025554944: [DEBUG] Mutating output... 0.025573111: [DEBUG] Got output at position 0,0 0.025580995: [DEBUG] Got current mode: 2560x1600@60002 0.025587744: [INFO] Not using preferred mode on output -- check config ... 0.031185610: [INFO] Going to connect to 100.119.84.38 at port 24800 0.358550403: [DEBUG] Section tls not found in INI 0.528657234: [INFO] Trust-on-first-use enabled, saving hash SHA256:11dc2183fafee253ac5f31173a28ea76b5d3307cdd611bf20a6df5c535fdcd91 0.528817105: [INFO] Server is Barrier 1.6 0.528848088: [INFO] Connected as client "lilbaby" 0.528857511: [DEBUG] Accepting 0.528873611: [DEBUG] Accepting 0.528887784: [DEBUG] Clipboard data read for c: 63 bytes 0.528920804: [DEBUG] Clipboard data read for p: 63 bytes ```
gitea-mirror commented 2026-05-05 07:33:30 -06:00
Author
Owner
Copy link

@joshskidmore commented on GitHub (Feb 12, 2022):

@ccoenen Were you able to get your setup working?

<!-- gh-comment-id:1037238274 --> @joshskidmore commented on GitHub (Feb 12, 2022): @ccoenen Were you able to get your setup working?
gitea-mirror commented 2026-05-05 07:33:31 -06:00
Author
Owner
Copy link

@ccoenen commented on GitHub (Feb 12, 2022):

No, sadly nothing really changed for me. As soon as I turn on encryption the two just won't connect with the error above.

<!-- gh-comment-id:1037243635 --> @ccoenen commented on GitHub (Feb 12, 2022): No, sadly nothing really changed for me. As soon as I turn on encryption the two just won't connect with the error above.
gitea-mirror commented 2026-05-05 07:33:32 -06:00
Author
Owner
Copy link

@nonsleepr commented on GitHub (Apr 18, 2024):

Reading your comments led me to switch from Barrier to Input Leap which solved the issue for me.
While Input Leap project doesn't build their packages, the binary from Github Actions artifacts works.

<!-- gh-comment-id:2065296557 --> @nonsleepr commented on GitHub (Apr 18, 2024): Reading your comments led me to switch from Barrier to Input Leap which solved the issue for me. While Input Leap project doesn't build their packages, the binary from Github Actions artifacts works.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
enhancement/builds/windows-multi-versions-build
martin-furter-barrier-term
enhancement/builds/macos-universal
enhancement/builds/macos-universal-qt6-test
2.3.x
fix/lang-translation/ssl-slash-tls
feature/build/compile/32-bit
feature/build/compile/armv7
testing-framework
README-update
remotes/fork/README-update
remotes/fork/smartzeroconf
smartzeroconf
pages-devel
remotes/fork/pages-devel
pkgconfig
remotes/fork/pkgconfig
release
remotes/fork/release
v2.4.0
v2.3.4
v2.3.3
1.11.0-stable
v1.11.0-rc2
v2.3.2
v1.10.3-stable
v2.3.2-alpha
v2.3.1
v2.3.0
v1.10.2-stable
v1.10.2-rc1
v1.10.2-rc2
v2.1.2
v2.0.8-beta
v2.0.7-beta
v2.0.4-beta
v2.0.3-beta
v2.1.1
v2.1.0
v1.9.1-stable
v2.0.0
v1.9.0-stable
v2.0.0-RC2
v2.0.0-RC1
v2.0.0-stable
v1.8.8-stable
v1.8.7-stable
v1.8.6-stable
v1.8.5-stable
v1.8.4-stable
v1.8.3-stable
v1.8.1-stable
v1.8.0-beta
v1.7.3-stable
v1.7.2-stable
v1.7.1-stable
1.7.0
1.6.3-final
1.6.2
1.6.1
1.6.0
Labels
Clear labels   
HiDPI

   
bounty

   
bsd/freebsd

   
bsd/openbsd

   
bug

   
bug

   
build-infra

   
cantfix

   
critical

   
doc

   
duplicate

   
enhancement

   
fix-available

   
from git

   
from release

   
good first issue

   
help wanted

   
installer/package

   
invalid

   
linux

   
macOS

   
meta

   
needs testing

   
pull-request

Mirrored from GitHub Pull Request

  
query

   
question

   
regression

   
regression

   
v2.4.0

   
windows

   
wontfix

   
work-in-progress
No labels
HiDPI
bounty
bsd/freebsd
bsd/openbsd
bug
bug
build-infra
cantfix
critical
doc
duplicate
enhancement
fix-available
from git
from release
good first issue
help wanted
installer/package
invalid
linux
macOS
meta
needs testing
pull-request
query
question
regression
regression
v2.4.0
windows
wontfix
work-in-progress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/barrier#1173
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?