Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
Yesterday I reinstalled my Ubuntu (for unrelated reasons) and since then ssh behaves very weirdly.
It takes suuuper long to connect (multiple minutes). Using -vvv I found that it first tries to connect using an ipv6 (which times out) and after that tries to connect via ipv4 which works almost instantly.
I never had any issues with ssh before.
running
ssh login#address.net -vvv
(with the address I want to connect to) returns
OpenSSH_8.2p1 Ubuntu-4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "address.net" port 22
debug2: ssh_connect_direct
debug1: Connecting to address.net [*:*:*:*::*] port 22.
debug1: connect to address *:*:*:*::* port 22: Connection timed out
debug1: Connecting to address.net [*.*.*.*] port 22.
debug1: Connection established.
debug1: identity file /home/malte/.ssh/id_rsa type 0
debug1: identity file /home/malte/.ssh/id_rsa-cert type -1
debug1: identity file /home/malte/.ssh/id_dsa type -1
debug1: identity file /home/malte/.ssh/id_dsa-cert type -1
debug1: identity file /home/malte/.ssh/id_ecdsa type -1
debug1: identity file /home/malte/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/malte/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/malte/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/malte/.ssh/id_ed25519 type -1
debug1: identity file /home/malte/.ssh/id_ed25519-cert type -1
debug1: identity file /home/malte/.ssh/id_ed25519_sk type -1
debug1: identity file /home/malte/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/malte/.ssh/id_xmss type -1
debug1: identity file /home/malte/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to login.caps.in.tum.de:22 as 'ehren'
debug3: hostkeys_foreach: reading file "/home/malte/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /home/malte/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from login.caps.in.tum.de
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01#openssh.com,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01#openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com,sk-ssh-ed25519#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519,ssh-ed25519-cert-v01#openssh.com
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519-cert-v01#openssh.com
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host certificate: ssh-ed25519-cert-v01#openssh.com SHA256:3rfJzCTfq9xb2UYjwCf+FLMo5s46IDcAeKWN4OEN9Qw, serial 0 ID "host:intum:vmschulz30" CA ssh-ed25519 SHA256:xw6Z8D0o6klmmOcnCzhqhTkitvGcjuuQ9JsunW4bvm8 valid forever
debug2: Server host certificate hostname: vmschulz30
debug2: Server host certificate hostname: vmschulz30.in.tum.de
debug3: hostkeys_foreach: reading file "/home/malte/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /home/malte/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from login.caps.in.tum.de
debug1: No matching CA found. Retry with plain key
debug1: Host 'login.caps.in.tum.de' is known and matches the ED25519 host key.
debug1: Found key in /home/malte/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/malte/.ssh/id_rsa RSA SHA256:nmOOjBiUCmQEF8b08sB9LIwjSfwxA03cRStE6BrNe2g agent
debug1: Will attempt key: /home/malte/.ssh/id_dsa
debug1: Will attempt key: /home/malte/.ssh/id_ecdsa
debug1: Will attempt key: /home/malte/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/malte/.ssh/id_ed25519
debug1: Will attempt key: /home/malte/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/malte/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/malte/.ssh/id_rsa RSA SHA256:nmOOjBiUCmQEF8b08sB9LIwjSfwxA03cRStE6BrNe2g agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/malte/.ssh/id_dsa
debug3: no such identity: /home/malte/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/malte/.ssh/id_ecdsa
debug3: no such identity: /home/malte/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/malte/.ssh/id_ecdsa_sk
debug3: no such identity: /home/malte/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/malte/.ssh/id_ed25519
debug3: no such identity: /home/malte/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/malte/.ssh/id_ed25519_sk
debug3: no such identity: /home/malte/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/malte/.ssh/id_xmss
debug3: no such identity: /home/malte/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
login#address.net's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).
Authenticated to address.net ([*.*.*.*]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions#openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env SHELL
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env QT_ACCESSIBILITY
debug3: Ignored env COLORTERM
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env GTK_IM_MODULE
debug3: Ignored env QT4_IM_MODULE
debug1: Sending env LC_ADDRESS = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env GNOME_SHELL_SESSION_MODE
debug1: Sending env LC_NAME = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env XMODIFIERS
debug3: Ignored env DESKTOP_SESSION
debug1: Sending env LC_MONETARY = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env GTK_MODULES
debug3: Ignored env PWD
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env XAUTHORITY
debug3: Ignored env GJS_DEBUG_TOPICS
debug3: Ignored env WINDOWPATH
debug3: Ignored env HOME
debug3: Ignored env USERNAME
debug3: Ignored env IM_CONFIG_PHASE
debug1: Sending env LC_PAPER = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env LS_COLORS
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env VTE_VERSION
debug3: Ignored env GNOME_TERMINAL_SCREEN
debug3: Ignored env INVOCATION_ID
debug3: Ignored env MANAGERPID
debug3: Ignored env CLUTTER_IM_MODULE
debug3: Ignored env GJS_DEBUG_OUTPUT
debug3: Ignored env LESSCLOSE
debug3: Ignored env XDG_SESSION_CLASS
debug3: Ignored env TERM
debug1: Sending env LC_IDENTIFICATION = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env LESSOPEN
debug3: Ignored env USER
debug3: Ignored env GNOME_TERMINAL_SERVICE
debug3: Ignored env DISPLAY
debug3: Ignored env SHLVL
debug1: Sending env LC_TELEPHONE = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env QT_IM_MODULE
debug1: Sending env LC_MEASUREMENT = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env XDG_RUNTIME_DIR
debug1: Sending env LC_TIME = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env JOURNAL_STREAM
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env PATH
debug3: Ignored env GDMSESSION
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug1: Sending env LC_NUMERIC = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env OLDPWD
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
annoyling this happens will all servers I try to connect to and also affects git (over ssh)
thanks in advance for any hints as to what the issue could be <3
The symptom suggests that after the reinstall there's a different ssh config; check /etc/ssh/ssh_config for AddressFamily set to any; you could set to inet there or privately in ~/.ssh/config
Related
Here's my webserver, most parts not included in favor of being concise.
server.js
const https = require('https');
const app = require('express')();
const port = 1000;
const options = {
key : getKey(),
cert: getCert(),
ciphers: getCiphers(),
passphrase: "abcd",
rejectUnauthorized: true,
requestCert: true
};
const server = https.createServer(options, app);
server.on('clientError', function (err) {
console.log('received client error');
console.log({err});
})
server.on('connection', function (err) {
console.log('client connected');
})
server.listen(port);
To test my server, I run a connection commands with openssl
openssl s_client -connect localhost:1000 \
-servername localhost \
-CAfile etc/root-cert/ca.cert.pem \
-cert etc/certs/client.cert.pem \
-key etc/private/client.key.pem
This returns the following output, which indicates that the TLS connection was successful (as far as I'm aware):
CONNECTED(00000005)
depth=2 C = US, ST = California, O = Hackysack, CN = Hackysack Root CA
verify return:1
depth=1 C = US, ST = California, O = Hackysack, CN = Hackysack Intermediate CA
verify return:1
depth=0 C = US, ST = California, O = Hackysack, CN = localhost
verify return:1
write W BLOCK
---
Certificate chain
0 s:/C=US/ST=California/O=Hackysack/CN=localhost
i:/C=US/ST=California/O=Hackysack/CN=Hackysack Intermediate CA
1 s:/C=US/ST=California/O=Hackysack/CN=Hackysack Intermediate CA
i:/C=US/ST=California/O=Hackysack/CN=Hackysack Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
[Long cert file here]
-----END CERTIFICATE-----
subject=/C=US/ST=California/O=Hackysack/CN=localhost
issuer=/C=US/ST=California/O=Hackysack/CN=Hackysack Intermediate CA
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 3400 bytes and written 2061 bytes
---
New, TLSv1/SSLv3, Cipher is AEAD-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.3
Cipher : AEAD-AES128-GCM-SHA256
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1674855496
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
read:errno=0
However, in my server terminal logs I see that I receive a clientError when trying to make this call via HTTPS request.
{
err: Error: socket hang up
at connResetException (internal/errors.js:639:14)
at TLSSocket.onSocketClose (_tls_wrap.js:1063:23)
at TLSSocket.emit (events.js:412:35)
at net.js:686:12
at Socket.done (_tls_wrap.js:564:7)
at Object.onceWrapper (events.js:520:26)
at Socket.emit (events.js:400:28)
at TCP.<anonymous> (net.js:686:12) {
code: 'ECONNRESET'
}
}
Here's my client request:
const https = require('https');
const options = {
hostname: 'localhost',
port: 1000,
method: "POST",
path: "/test",
cert: getClientCert(),
key: getClientKey(),
passphrase: "abcd",
ciphers: getCiphers()
ca: getCA(),
}
const request = https.request(options);
I noticed this error only started happening when I included requestCert: true when I created the server. I think something must be going wrong with my client side for this to be the case. The main problem with debugging this is that I'm not receiving a good error when it fails the handshake.
How can I better debug this issue?
i've created my own CA and intermediate CA with openssl.
On my Zyxel AP i've created an csr.
I signed the csr through my intermediate CA and imported the server
cert to my zyxel AP.
I've also uploaded the fullchain root CA (CA and Intermediate) to my zyxel AP.
I'm using ubuntu so i've installed fullchain CA in my cerstore (/usr/local/share/ca-certificates | update update-ca-certificates)
I also imported the fullchain CA in my Browser Cert Store (tested with firefox, brave)....
But when i now call up the webgui from my AP i get the follwing message:
SSL_ERROR_BAD_CERT_DOMAIN
This happens for all browsers.
When i check with curl or openssl, everything looks good:
curl -vvI https://zyxel.home.arpa
ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
.
.
.
SSL certificate verify ok.
openssl s_client -CAfile ca-chain-bundle.cert.pem https://zyxel.home.arpa
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
What can i try to fix this browser issue?
Edit 1:
without CAfile:
openssl s_client -connect zyxel.home.arpa:443
.
.
verify error:num=20:unable to get local issuer certificate
.
verify error:num=21:unable to verify the first certificate
.
Edit 2:
# President James K. Polk, here are the output of the server crt:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 37:5b:25:e6:31:1b:7e:f7:63:14:30:e1:b6:ca:d2:11:a2:83:44:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = DE, ST = Home, O = Home Inc., CN = Home Intermediate-CA, emailAddress = admin#home.sh
Validity
Not Before: Nov 22 20:20:47 2022 GMT
Not After : Nov 22 20:20:47 2023 GMT
Subject: CN = zyxel.home.arpa, C = DE, ST = Home, L = Home, O = Home Inc, OU = IT
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:aa:be:cf:97:ad:fd:da:1a:9b:c4:af:9a:07:ac:
b7:08:bb:e3:eb:b8:d0:dc:fc:34:bf:8c:c8:5b:3f:
37:a7:20:7d:7e:eb:c9:e1:ce:c6:a8:84:2a:a3:35:
74:83:c9:62:94:ad:92:5b:c5:54:99:9e:14:c9:2b:
73:44:75:06:de:d4:dc:13:a6:0c:8c:b6:d9:84:e2:
1e:51:f8:2f:83:3c:62:95:ca:32:39:07:2b:81:41:
f9:88:08:95:fb:f9:c2:10:f0:de:25:b6:e2:83:f0:
f2:86:41:7d:5d:09:91:3b:04:b8:5f:74:b7:f5:2e:
e8:fa:9b:f5:17:a7:ef:d1:45:ed:05:8e:f3:8e:c3:
a1:96:42:9d:dd:ef:2f:03:81:97:b9:c5:df:9c:41:
3b:b6:9d:7b:09:a0:bf:ad:e8:6a:e2:05:ef:2b:fc:
67:4d:5a:dd:a4:ba:7b:58:a8:65:53:08:06:60:00:
08:85:12:34:31:9b:93:27:d2:35:75:00:f0:01:f5:
58:7f:1a:e5:1f:e5:08:8a:14:ca:c4:17:4d:90:ec:
30:7a:38:3e:ad:90:db:08:46:35:c4:6e:a7:8e:81:
77:eb:15:47:50:7e:d1:71:d5:09:38:64:c3:fa:08:
2a:31:a0:bd:87:0b:70:27:b3:42:fe:20:de:b1:be:
87:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
F5:D6:9B:95:CA:2C:8E:41:92:5F:3E:3E:9C:D5:31:CE:6A:D0:F8:95
X509v3 Authority Key Identifier:
keyid:25:0C:ED:3A:E1:A0:B9:86:A0:FB:43:9F:20:F0:F4:C0:5E:85:C4:D7
DirName:/C=DE/ST=Home/L=Home/O=Home Inc./CN=Home Root-CA/emailAddress=admin#home.sh
serial:01
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
and here's the output ofthe generated csr on the zyxel AP:
Certificate Request:
Data:
Version: 1 (0x0)
Subject: CN = zyxel.home.arpa, C = DE, ST = Home, L = Home, O = Home Inc, OU = IT
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:aa:be:cf:97:ad:fd:da:1a:9b:c4:af:9a:07:ac:
b7:08:bb:e3:eb:b8:d0:dc:fc:34:bf:8c:c8:5b:3f:
37:a7:20:7d:7e:eb:c9:e1:ce:c6:a8:84:2a:a3:35:
74:83:c9:62:94:ad:92:5b:c5:54:99:9e:14:c9:2b:
73:44:75:06:de:d4:dc:13:a6:0c:8c:b6:d9:84:e2:
1e:51:f8:2f:83:3c:62:95:ca:32:39:07:2b:81:41:
f9:88:08:95:fb:f9:c2:10:f0:de:25:b6:e2:83:f0:
f2:86:41:7d:5d:09:91:3b:04:b8:5f:74:b7:f5:2e:
e8:fa:9b:f5:17:a7:ef:d1:45:ed:05:8e:f3:8e:c3:
a1:96:42:9d:dd:ef:2f:03:81:97:b9:c5:df:9c:41:
3b:b6:9d:7b:09:a0:bf:ad:e8:6a:e2:05:ef:2b:fc:
67:4d:5a:dd:a4:ba:7b:58:a8:65:53:08:06:60:00:
08:85:12:34:31:9b:93:27:d2:35:75:00:f0:01:f5:
58:7f:1a:e5:1f:e5:08:8a:14:ca:c4:17:4d:90:ec:
30:7a:38:3e:ad:90:db:08:46:35:c4:6e:a7:8e:81:
77:eb:15:47:50:7e:d1:71:d5:09:38:64:c3:fa:08:
2a:31:a0:bd:87:0b:70:27:b3:42:fe:20:de:b1:be:
87:a9
Exponent: 65537 (0x10001)
Attributes:
Netscape Comment :OpenSSL Generated Certificate
Requested Extensions:
X509v3 Subject Key Identifier:
F5:D6:9B:95:CA:2C:8E:41:92:5F:3E:3E:9C:D5:31:CE:6A:D0:F8:95
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Server Authentication
X509v3 Subject Alternative Name:
othername: UPN::zyxel.home.arpa, DNS:zyxel.home.arpa
Signature Algorithm: sha512WithRSAEncryption
Signature Value:
1b:04:05:e6:02:89:4d:1d:67:a4:bb:15:06:20:93:58:c3:2b:
72:3c:e0:39:cd:f0:ea:6e:3a:db:33:02:3e:fa:ca:67:ec:e4:
58:a5:cf:ad:c0:51:b1:bb:0d:22:3f:a5:fc:ac:d1:e9:90:d6:
71:71:5d:dc:56:f1:14:21:cb:a3:53:be:0a:32:43:8f:8a:74:
55:08:e3:1d:44:7d:72:f3:94:7f:1a:99:71:b7:97:be:a6:ff:
a8:cf:95:f5:3b:c3:c6:6c:e3:ef:d9:39:8d:03:17:2e:15:2c:
92:ee:00:88:5f:23:21:a4:ac:27:c6:66:00:a5:5d:89:8d:f3:
87:43:34:35:16:e4:bd:72:38:ba:2c:27:f4:c9:08:22:aa:86:
21:6c:98:9f:4b:2b:7e:5e:6a:aa:5c:19:80:29:32:6d:4f:78:
1d:db:5b:1d:a1:bc:31:86:e9:65:af:ee:30:35:12:ce:d4:18:
b1:06:57:e3:da:f6:63:b0:48:53:64:0a:4b:ca:2a:20:d6:5d:
90:1a:bf:af:bb:d3:18:e8:5e:42:2f:3f:c8:96:20:63:66:9e:
2e:b1:2a:fa:82:f6:ba:d0:d3:7f:e7:a5:5d:f5:3a:fb:a9:b0:
54:a5:0a:14:48:8a:37:1e:e8:32:6c:73:7d:4c:af:dc:21:bc:
24:60:9e:2c
Solution:
i forgot to add the Subject Alt Name part into my openssl.cnf (thanks for the hint President James K. Polk):
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = #alt_names
[alt_names]
IP.1 = IP
DNS.1 = DNS NAME
I am trying to subscribe to single characteristic on a BLE device. Using bleak I am able to connect to the device and then write / subscribe to characteristics. With virtually identical code using pygatt, I can connect to the same device using my BLED112 dongle, but am not able to write/subscribe to that same characteristic.
bleak test program:
import sys
import os
import asyncio
import aioconsole
from bleak import BleakClient
ADDRESS = '28686572-5A71-435E-952A-6F4292F5B04A'
#ADDRESS = '00:55:DA:B7:98:9C'
CHARACTERISTIC_UUID = '273e0003-4c4d-454d-96be-f03bac821358'
if len(sys.argv) == 3:
ADDRESS = sys.argv[1]
CHARACTERISTIC_UUID = sys.argv[2]
def notification_handler(sender, data):
"""Simple notification handler which prints the data received."""
print("{0}: {1}".format(sender, data))
async def run(address):
async with BleakClient(address) as client:
await client.connect()
print("Is connected")
# start notifications on control characteristic
await client.start_notify('273e0001-4c4d-454d-96be-f03bac821358', notification_handler)
# write to control handle, set preset to 21
await client.write_gatt_char('273e0001-4c4d-454d-96be-f03bac821358', bytearray([0x04, 0x70, 0x32, 0x31, 0x0a]), False)
# write to control handle get device info
await client.write_gatt_char('273e0001-4c4d-454d-96be-f03bac821358', bytearray([0x03, 0x76, 0x31, 0x0a]), False)
# write to control handle for resume
await client.write_gatt_char('273e0001-4c4d-454d-96be-f03bac821358', bytearray([0x02, 0x64, 0x0a]), False)
# start notifications on TP9
await client.start_notify('273e0003-4c4d-454d-96be-f03bac821358', notification_handler)
# wait for input
await aioconsole.ainput('Running: Press a key to quit')
await client.stop_notify('273e0003-4c4d-454d-96be-f03bac821358')
if __name__ == "__main__":
os.environ["PYTHONASYNCIODEBUG"] = str(1)
loop = asyncio.get_event_loop()
loop.run_until_complete(run(ADDRESS))
Output:
$ python3 bleaktest.py
Is connected
13: bytearray(b'\x08{"rc":0}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
13: bytearray(b'\x10{"ap":"headset",\x00\x00\x00')
13: bytearray(b'\x13"sp":"Blackcomb_rev')
13: bytearray(b'\x03B",":"Blackcomb_rev')
13: bytearray(b'\x10"tp":"consumer",rev')
13: bytearray(b'\x0c"hw":"10.6",er",rev')
13: bytearray(b'\x07"bn":2,0.6",er",rev')
13: bytearray(b'\x0e"fw":"1.0.21",",rev')
13: bytearray(b'\r"bl":"1.0.0",,",rev')
13: bytearray(b'\x07"pv":1,.0.0",,",rev')
13: bytearray(b'\x07"rc":0}.0.0",,",rev')
Running: Press a key to quit
13: bytearray(b'\x08{"rc":0}0.0",,",rev')
31: bytearray(b'\x00\x00\x80\x08\x00z\xa8\xdfL#\x00\xa8!\xb6p\xa0\x00hA\x92')
31: bytearray(b'\x00\x01\x9d0\x00]q\x86\xb5\xb0\x00+\xaf\x96\xf3#\x1a\x00\t\x88')
31: bytearray(b'\x00\x02\x1bh\x04\x00\x06\x14\x18\t\xe8\x00\x05&\x13\xdc%\x00\x01\x97')
...
31: bytearray(b'\x00\x19_\xf1\x85\x9e\xc0\x00GP\xe9\xcb#\x00\t\x9c\xaf\x11\x15\xe4')
...
As you can see from the output, the writes are successful because of the response handles. And the subscriptions are clearly functional given the responses from both the control characteristic and the secondary characteristic.
pygatt test program:
import pygatt
import time
from binascii import hexlify
from pygatt.backends.backend import BLEAddressType
def handle_data(handle, data):
"""
handle -- integer, characteristic read handle the data was received on
raw_value -- bytearray, the data returned in the notification
"""
print(hexlify(data))
#adapter = pygatt.GATTToolBackend('hci0') linux backend
adapter = pygatt.BGAPIBackend()
try:
adapter.start()
device = adapter.connect('00:55:DA:B7:98:9C', address_type = BLEAddressType.public)
print("Is connected")
# start notifications on control characteristic
device.subscribe('273e0001-4c4d-454d-96be-f03bac821358', callback = handle_data, wait_for_response = True)
# write to control handle, set preset to 21
device.char_write('273e0001-4c4d-454d-96be-f03bac821358', bytearray([0x04, 0x70, 0x32, 0x31, 0x0a]), wait_for_response = True)
# write to control handle get device info
device.char_write('273e0001-4c4d-454d-96be-f03bac821358', bytearray([0x03, 0x76, 0x31, 0x0a]), wait_for_response = True)
# write to control handle for resume
device.char_write('273e0001-4c4d-454d-96be-f03bac821358', bytearray([0x02, 0x64, 0x0a]), wait_for_response = True)
time.sleep(5)
# subscribe to eeg characteristic
device.subscribe('273e0003-4c4d-454d-96be-f03bac821358', callback = handle_data, indication = False, wait_for_response = True)
time.sleep(5)
finally:
print("Adapter stopped")
adapter.stop()
Output:
$ python3 pygatttest.py
Is connected
Adapter stopped
The pygatt program is able to connect to the device (I can see the indicator light change states from flashing to solid), but subscription fails. I don't know if char_write is working because I don't receive a return notification. Am in the process of trying the logging module to figure out more per the comments below.
Updated output with logging enabled:
$ python3 pygatttest.py
INFO:pygatt.backends.bgapi.bgapi:Initialized new BGAPI backend
INFO:pygatt.backends.bgapi.bgapi:Auto-detecting serial port for BLED112
DEBUG:pygatt.backends.bgapi.util:Found 4 serial USB devices
DEBUG:pygatt.backends.bgapi.util:Checking serial USB device: /dev/cu.Bluetooth-Incoming-Port - n/a
DEBUG:pygatt.backends.bgapi.util:Checking serial USB device: /dev/cu.usbmodem11 - Low Energy Dongle - CDC data
DEBUG:pygatt.backends.bgapi.util:USB device: Low Energy Dongle - CDC data VID=0x2458 PID=0x0001 on /dev/cu.usbmodem11
INFO:pygatt.backends.bgapi.bgapi:Found BLED112 on serial port /dev/cu.usbmodem11
INFO:pygatt.backends.bgapi.bgapi:Resetting and reconnecting to device for a clean environment
DEBUG:pygatt.backends.bgapi.bgapi:Opening connection to serial port (attempt 1)
INFO:pygatt.backends.bgapi.bgapi:Auto-detecting serial port for BLED112
DEBUG:pygatt.backends.bgapi.util:Found 4 serial USB devices
DEBUG:pygatt.backends.bgapi.util:Checking serial USB device: /dev/cu.Bluetooth-Incoming-Port - n/a
DEBUG:pygatt.backends.bgapi.util:Checking serial USB device: /dev/cu.usbmodem11 - Low Energy Dongle - CDC data
DEBUG:pygatt.backends.bgapi.util:USB device: Low Energy Dongle - CDC data VID=0x2458 PID=0x0001 on /dev/cu.usbmodem11
INFO:pygatt.backends.bgapi.bgapi:Found BLED112 on serial port /dev/cu.usbmodem11
DEBUG:pygatt.backends.bgapi.bgapi:Opening connection to serial port (attempt 1)
INFO:pygatt.backends.bgapi.bgapi:Auto-detecting serial port for BLED112
DEBUG:pygatt.backends.bgapi.util:Found 3 serial USB devices
DEBUG:pygatt.backends.bgapi.util:Checking serial USB device: /dev/cu.Bluetooth-Incoming-Port - n/a
DEBUG:pygatt.backends.bgapi.bgapi:Failed to open serial port
Traceback (most recent call last):
File ".../pygatt/backends/bgapi/bgapi.py", line 171, in _open_serial_port
serial_port = self._serial_port or self._detect_device_port()
File ".../pygatt/backends/bgapi/bgapi.py", line 147, in _detect_device_port
raise BGAPIError("Unable to auto-detect BLED112 serial port")
pygatt.backends.bgapi.exceptions.BGAPIError: Unable to auto-detect BLED112 serial port
DEBUG:pygatt.backends.bgapi.bgapi:Opening connection to serial port (attempt 2)
INFO:pygatt.backends.bgapi.bgapi:Auto-detecting serial port for BLED112
DEBUG:pygatt.backends.bgapi.util:Found 3 serial USB devices
DEBUG:pygatt.backends.bgapi.util:Checking serial USB device: /dev/cu.Bluetooth-Incoming-Port - n/a
...
DEBUG:pygatt.backends.bgapi.bgapi:Failed to open serial port
Traceback (most recent call last):
File ".../pygatt/backends/bgapi/bgapi.py", line 171, in _open_serial_port
serial_port = self._serial_port or self._detect_device_port()
File ".../pygatt/backends/bgapi/bgapi.py", line 147, in _detect_device_port
raise BGAPIError("Unable to auto-detect BLED112 serial port")
pygatt.backends.bgapi.exceptions.BGAPIError: Unable to auto-detect BLED112 serial port
DEBUG:pygatt.backends.bgapi.bgapi:Opening connection to serial port (attempt 3)
INFO:pygatt.backends.bgapi.bgapi:Auto-detecting serial port for BLED112
DEBUG:pygatt.backends.bgapi.util:Found 4 serial USB devices
DEBUG:pygatt.backends.bgapi.util:Checking serial USB device: /dev/cu.Bluetooth-Incoming-Port - n/a
...
DEBUG:pygatt.backends.bgapi.util:Checking serial USB device: /dev/cu.usbmodem11 - Low Energy Dongle - CDC data
DEBUG:pygatt.backends.bgapi.util:USB device: Low Energy Dongle - CDC data VID=0x2458 PID=0x0001 on /dev/cu.usbmodem11
INFO:pygatt.backends.bgapi.bgapi:Found BLED112 on serial port /dev/cu.usbmodem11
INFO:pygatt.backends.bgapi.bgapi:Running receiver
INFO:pygatt.backends.bgapi.bgapi:Disabling advertising
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.gap_set_mode: 58>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.gap_set_mode packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.sm_set_bondable_mode: 51>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.sm_set_bondable_mode packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Stopping any outstanding GAP procedure
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.gap_end_procedure: 61>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.gap_end_procedure packet: Device in wrong state
INFO:pygatt.backends.bgapi.bgapi:Connecting to device at address 00:55:DA:B7:98:9C (timeout 5s)
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.sm_set_bondable_mode: 51>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.sm_set_bondable_mode packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.gap_connect_direct: 60>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.gap_connect_direct packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<EventPacketType.connection_status: 11>] within 5.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.connection_status packet: Success
INFO:pygatt.backends.bgapi.bgapi:Connection status: handle=0x0, flags=5, address=0xb'9c98b7da5500', connection interval=75.000000ms, timeout=1000, latency=0 intervals, bonding=0xff
INFO:pygatt.backends.bgapi.bgapi:Connected to 00:55:DA:B7:98:9C
Is connected
DEBUG:pygatt.device:Looking up handle for characteristic 273e0001-4c4d-454d-96be-f03bac821358
INFO:pygatt.backends.bgapi.bgapi:Fetching characteristics for connection 0
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.attclient_find_information: 41>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.attclient_find_information packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<EventPacketType.attclient_procedure_completed: 17>] within 30.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found approved characteristic 00002a05-0000-1000-8000-00805f9b34fb
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found approved characteristic 00002a00-0000-1000-8000-00805f9b34fb
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found approved characteristic 00002a01-0000-1000-8000-00805f9b34fb
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found approved characteristic 00002a04-0000-1000-8000-00805f9b34fb
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0001-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0008-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0009-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e000a-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e000b-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0002-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0003-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0004-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0005-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0006-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0007-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e000c-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
cDEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e000d-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e000e-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e000f-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0010-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
INFO:pygatt.backends.bgapi.bgapi:Found custom characteristic 273e0011-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_find_information_found packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_procedure_completed packet: Success
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x00002a05-0000-1000-8000-00805f9b34fb is handle 0x3
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x4
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x00002a00-0000-1000-8000-00805f9b34fb is handle 0x7
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x00002a01-0000-1000-8000-00805f9b34fb is handle 0x9
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x00002a04-0000-1000-8000-00805f9b34fb is handle 0xb
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0001-4c4d-454d-96be-f03bac821358 is handle 0xe
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0xf
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0008-4c4d-454d-96be-f03bac821358 is handle 0x11
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x12
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0009-4c4d-454d-96be-f03bac821358 is handle 0x14
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x15
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e000a-4c4d-454d-96be-f03bac821358 is handle 0x17
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x18
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e000b-4c4d-454d-96be-f03bac821358 is handle 0x1a
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x1b
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0002-4c4d-454d-96be-f03bac821358 is handle 0x1d
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x1e
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0003-4c4d-454d-96be-f03bac821358 is handle 0x20
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x21
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0004-4c4d-454d-96be-f03bac821358 is handle 0x23
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x24
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0005-4c4d-454d-96be-f03bac821358 is handle 0x26
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x27
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0006-4c4d-454d-96be-f03bac821358 is handle 0x29
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x2a
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0007-4c4d-454d-96be-f03bac821358 is handle 0x2c
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x2d
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e000c-4c4d-454d-96be-f03bac821358 is handle 0x2f
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x30
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e000d-4c4d-454d-96be-f03bac821358 is handle 0x32
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x33
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e000e-4c4d-454d-96be-f03bac821358 is handle 0x35
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x36
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e000f-4c4d-454d-96be-f03bac821358 is handle 0x38
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x39
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0010-4c4d-454d-96be-f03bac821358 is handle 0x3b
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x3c
INFO:pygatt.backends.bgapi.bgapi:Characteristic 0x273e0011-4c4d-454d-96be-f03bac821358 is handle 0x3e
INFO:pygatt.backends.bgapi.bgapi:Characteristic descriptor 0x00002902-0000-1000-8000-00805f9b34fb is handle 0x3f
DEBUG:pygatt.device:Found <Characteristic uuid=273e0001-4c4d-454d-96be-f03bac821358 handle=14>
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.attclient_attribute_write: 43>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.attclient_attribute_write packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<EventPacketType.attclient_procedure_completed: 17>] within 30.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_procedure_completed packet: Success
INFO:pygatt.device:Subscribed to uuid=273e0001-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.device:Looking up handle for characteristic 273e0001-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.device:Found <Characteristic uuid=273e0001-4c4d-454d-96be-f03bac821358 handle=14>
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.attclient_attribute_write: 43>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.attclient_attribute_write packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<EventPacketType.attclient_procedure_completed: 17>] within 30.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_procedure_completed packet: Write not permitted
DEBUG:pygatt.device:Looking up handle for characteristic 273e0001-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.device:Found <Characteristic uuid=273e0001-4c4d-454d-96be-f03bac821358 handle=14>
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.attclient_attribute_write: 43>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.attclient_attribute_write packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<EventPacketType.attclient_procedure_completed: 17>] within 30.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_procedure_completed packet: Write not permitted
DEBUG:pygatt.device:Looking up handle for characteristic 273e0001-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.device:Found <Characteristic uuid=273e0001-4c4d-454d-96be-f03bac821358 handle=14>
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.attclient_attribute_write: 43>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.attclient_attribute_write packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<EventPacketType.attclient_procedure_completed: 17>] within 30.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.attclient_procedure_completed packet: Write not permitted
DEBUG:pygatt.device:Looking up handle for characteristic 273e0003-4c4d-454d-96be-f03bac821358
DEBUG:pygatt.device:Found <Characteristic uuid=273e0003-4c4d-454d-96be-f03bac821358 handle=32>
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<ResponsePacketType.attclient_attribute_write: 43>] within 1.000000s
DEBUG:pygatt.backends.bgapi.bgapi:Received a EventPacketType.connection_disconnected packet: Success
DEBUG:pygatt.backends.bgapi.bgapi:Received a ResponsePacketType.attclient_attribute_write packet: Not connected
DEBUG:pygatt.backends.bgapi.bgapi:Expecting a response of one of [<EventPacketType.attclient_procedure_completed: 17>] within 30.000000s
Adapter stopped
INFO:pygatt.backends.bgapi.bgapi:Stopping
INFO:pygatt.backends.bgapi.bgapi:Stopping receiver
I'm not sure if I'm interpreting this information correctly, but it seems as if the subscription is working and that I'm receiving information but the callback is not being fired?
I tried the solution here: pygatt: Unable to execute device.subscribe() by adding the time.sleep() lines to my code, but the output did not change.
How can I translate my bleak program to pygatt and subscribe successfully using pygatt?
I have a web application and a database of MongoDB. Now, I just want to write scripts to query the database from terminal. I have written the following code.
const userModel = require('../models/Users');
const mongoose = require('mongoose');
const CONN = 'mongodb://tie:<password>#178.62.87.72:27017/news'
const option = {
socketTimeoutMS: 30000,
keepAlive: true,
reconnectTries: 30000,
// useNewUrlParser: true
};
mongoose.connect(CONN, option);
mongoose.connection.on('connected', async function () {
console.log('Database connected: ' + CONN);
try {
let x = await userModel.user.find({ "_id": "5a95bbc0763e1f4bad37b864" }).lean()
console.log(x)
mongoose.connection.close()
console.log("done");
} catch (error) {
console.log(error);
}
});
mongoose.connection.on('disconnected', function () {
console.log('Database disconnected:' + CONN);
});
Then, node kpi.js in the terminal returned an error:
events.js:200
throw er; // Unhandled 'error' event
^
Error [MongoError]: failed to connect to server [178.62.87.72:27017] on first connect [Error: connect ECONNREFUSED 178.62.87.72:27017
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1134:16) {
name: 'MongoError',
message: 'connect ECONNREFUSED 178.62.87.72:27017'
}]
at Pool.<anonymous> (/Users/chengtie/Startup/PRODSERVER/From202005/funfun/node_modules/mongodb-core/lib/topologies/server.js:336:35)
at Pool.emit (events.js:223:5)
at Connection.<anonymous> (/Users/chengtie/Startup/PRODSERVER/From202005/funfun/node_modules/mongodb-core/lib/connection/pool.js:280:12)
at Object.onceWrapper (events.js:313:26)
at Connection.emit (events.js:223:5)
at Socket.<anonymous> (/Users/chengtie/Startup/PRODSERVER/From202005/funfun/node_modules/mongodb-core/lib/connection/connection.js:189:49)
at Object.onceWrapper (events.js:313:26)
at Socket.emit (events.js:223:5)
at emitErrorNT (internal/streams/destroy.js:92:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
at processTicksAndRejections (internal/process/task_queues.js:81:21)
Emitted 'error' event on NativeConnection instance at:
at Immediate.<anonymous> (/Users/chengtie/Startup/PRODSERVER/From202005/funfun/node_modules/mongoose/lib/connection.js:325:19)
at processImmediate (internal/timers.js:439:21) {
name: 'MongoError',
message: 'failed to connect to server [178.62.87.72:27017] on first connect [Error: connect ECONNREFUSED 178.62.87.72:27017\n' +
' at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1134:16) {\n' +
" name: 'MongoError',\n" +
" message: 'connect ECONNREFUSED 178.62.87.72:27017'\n" +
'}]'
}
Does anyone know how to solve this? Do I need to use for example MongoClient?
PS: I'm able to query the database by Robo 3T with the following settings:
Edit 1: ssh tie#178.62.87.72 -nNT -v -L 27014:localhost:27017 returned:
(base) Ties-MBP:kpi chengtie$ ssh tie#178.62.87.72 -nNT -v -L 27014:localhost:27017
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 178.62.87.72 [178.62.87.72] port 22.
debug1: Connection established.
debug1: identity file /Users/chengtie/.ssh/id_rsa type 0
debug1: identity file /Users/chengtie/.ssh/id_rsa-cert type -1
debug1: identity file /Users/chengtie/.ssh/id_dsa type -1
debug1: identity file /Users/chengtie/.ssh/id_dsa-cert type -1
debug1: identity file /Users/chengtie/.ssh/id_ecdsa type -1
debug1: identity file /Users/chengtie/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/chengtie/.ssh/id_ed25519 type -1
debug1: identity file /Users/chengtie/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/chengtie/.ssh/id_xmss type -1
debug1: identity file /Users/chengtie/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13 pat OpenSSH_6.6.1* compat 0x04000002
debug1: Authenticating to 178.62.87.72:22 as 'tie'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:z8rrvKqvVmSxKFlCnb49HwUTQ/ABB9DUi9A3DUIpKtI
debug1: Host '178.62.87.72' is known and matches the ECDSA host key.
debug1: Found key in /Users/chengtie/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /Users/chengtie/.ssh/id_rsa RSA SHA256:EL7hm5LvdVADZiv662nneDEeoLKy+etj8OT61eugu4Y
debug1: Will attempt key: /Users/chengtie/.ssh/id_dsa
debug1: Will attempt key: /Users/chengtie/.ssh/id_ecdsa
debug1: Will attempt key: /Users/chengtie/.ssh/id_ed25519
debug1: Will attempt key: /Users/chengtie/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/chengtie/.ssh/id_rsa RSA SHA256:EL7hm5LvdVADZiv662nneDEeoLKy+etj8OT61eugu4Y
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/chengtie/.ssh/id_dsa
debug1: Trying private key: /Users/chengtie/.ssh/id_ecdsa
debug1: Trying private key: /Users/chengtie/.ssh/id_ed25519
debug1: Trying private key: /Users/chengtie/.ssh/id_xmss
debug1: Next authentication method: password
tie#178.62.87.72's password:
debug1: Authentication succeeded (password).
Authenticated to 178.62.87.72 ([178.62.87.72]:22).
debug1: Local connections to LOCALHOST:27014 forwarded to remote address localhost:27017
debug1: Local forwarding listening on ::1 port 27014.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 27014.
debug1: channel 1: new [port listener]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: pledge: network
Your code looks fine, and we also get a response from the server of ECONNREFUSED or in english connection refused. this can be caused from several different reasons. the most common is firewall / IP issue's (which is not your case as you manage to connect using robo3T).
If you look closely in the second image you post, the ssh tab you can see a box called Use SSH Tunnel marked. this is what you're missing to be able to connect from code.
Open a new terminal tab and run something like this:
ssh user#178.62.87.72 -L [LOCAL_PORT]:localhost:27017
Where LOCAL_PORT can be any open port on your localhost. This creates an open "tunnel" being your machines and the remote machine. and this is how Mongo can communicate with you.
Then change you're connection code to this:
const CONN = 'mongodb://127.0.0.1:LOCAL_PORT'
You can keep using 27017 as your LOCAL_PORT but usually people have a running local Mongo process on that port.
I try to only use 256bit cipher suites only with following setup:
const https = require('https');
const fs = require('fs');
const constants = require('constants');
const serverKey = 'server.key';
const serverCrt = 'server.crt';
httpsOptions = {
key: fs.readFileSync(serverKey),
cert: fs.readFileSync(serverCrt),
secureOptions: constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
ciphers: [
'ECDHE-ECDSA-AES256-GCM-SHA384',
'ECDHE-RSA-AES256-GCM-SHA384',
"HIGH",
"!aNULL",
"!eNULL",
"!EXPORT",
"!DES",
"!RC4",
"!MD5",
"!PSK",
"!SRP",
"!CAMELLIA"
].join(':')
};
https.createServer(httpsOptions, (req, res) => {
res.writeHead(200);
res.end('hello world\n');
}).listen(8000);
However sslscan and ssllabs.com (my blog is using the same httpsOptions) testing show I still have
128bit ciphers
NON-GCM ciphers
Following is out put from sslscan:
[23:13:03]JS#JS-Mac-mini ~> sslscan localhost:8000
Version: 1.11.8
OpenSSL 1.0.2k 26 Jan 2017
OpenSSL version does not support SSLv2
SSLv2 ciphers will not be detected
Testing SSL server localhost on port 8000
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
Compression disabled
Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 128 bits AES128-SHA
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048
Subject: localhost
Issuer: localhost
Not valid before: Jun 13 19:06:29 2016 GMT
Not valid after: Jun 13 19:06:29 2017 GMT
I expect to see only the following ciphers:
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
You're including HIGH in your SSL cipher configuration, which includes all the ciphers that OpenSSL considers high strength (128bit or above), and then you're excluding some specific other groups of ciphers. Remove HIGH and you'll just get the ciphers you want.
You can see what's in each group in OpenSSL from the command line with $ openssl ciphers -v HIGH
Alternatively you might just be able to specify the ciphers you want, and remove everything else.
add !AES128 to disable these 128bit ciphers.
sample:
ciphers: "ECDHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA:HIGH:!AES128"
then supported ciphers will be:
Supported Server Cipher(s):
Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLS11 256 bits ECDHE-RSA-AES256-SHA
Accepted TLS11 256 bits AES256-SHA
Accepted TLS12 256 bits ECDHE-RSA-AES256-GCM-SHA384
Accepted TLS12 256 bits ECDHE-RSA-AES256-SHA384
Accepted TLS12 256 bits ECDHE-RSA-AES256-SHA
Accepted TLS12 256 bits AES256-GCM-SHA384
Accepted TLS12 256 bits AES256-SHA256
Accepted TLS12 256 bits AES256-SHA