nkawxs

Who can help me resolve "Unknown SSL protocol error"?

Recommended Posts

nkawxs    0

I can't start the dst dedicated server at wegame platform, the main cause is Unknow SSL protocol, I have tried use curl command from my computer and found that there is a small probability of successful connection and a big probability of failed connection, but when I send the same curl command from an Ubuntu American server, I can see 100% successful connection. the screenshot and part of server log are below.

 

From my computer in China, window10 system, I think 404 means success, others mean failure.

image.thumb.png.28c42245d61e555c2aa0e8b48b3fc4e7.png

 

From the server in America, Ubuntu system.

image.thumb.png.e53d2fc8d7410457f263d4438dfbdd3d.png

 

Part of the server log.

[00:00:07]: THREAD - started 'FilesExistAsyncThread' (5128)
[00:00:07]: FilesExistAsyncThread started (17825 files)...
[00:00:07]: Check for write access: TRUE
[00:00:07]: Check for read access: TRUE
[00:00:07]: Available disk space for save files: 32591 MB
[00:00:07]: ModIndex: Load sequence finished successfully.	
[00:00:07]: Reset() returning
[00:00:07]: CURL ERROR: (login-sing.kleientertainment.com) Unknown SSL protocol error in connection to login-sing.kleientertainment.com:443 
[00:00:07]: [Http] 'login-sing.kleientertainment.com': Falling back to method #2
[00:00:09]: CURL ERROR: (login-sing.kleientertainment.com) Unknown SSL protocol error in connection to login-sing.kleientertainment.com:443 
[00:00:09]: [0] Account Failed (6): ""
[00:00:09]: [Warning] Empty error code received, dumping response:
[00:00:09]: 
[00:00:09]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[00:00:09]: !!!! Your Server Will Not Start !!!!
[00:00:09]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[00:00:09]: No auth token could be found.
[00:00:09]: Please visit https://accounts.klei.com/account/game/servers?game=DontStarveTogether
[00:00:09]: to generate server configuration files
[00:00:09]: 
[00:00:09]: Alternatively generate a cluster_token you can
[00:00:09]: open the console from a logged-in game
[00:00:09]: client with the tilda key (~ / ù) and type:
[00:00:09]: TheNet:GenerateClusterToken()
[00:00:09]: This will create 'cluster_token.txt' in

Share this post


Link to post
Share on other sites
nkawxs    0
6 hours ago, nome said:

That log shows DST is unable to reach Klei's servers. You can try https://login.kleientertainment.com/HealthCheck in your browser to confirm connectivity but a lot of users in mainland China have been reporting connectivity problems lately. :( 

I have saw many topics of this forum where you replyed the same content as "try Health Check", I have accessed this url many times and it always returned ok, however my problem is still existing.

I wonder why did I fail on handshake stage? Is it because of cipher? this time I used --verbose param, the details are below.

 

an Ubuntu server in China, failed connection.

image.thumb.png.a183e1ca4d0655a601de4fa8a5bf85a0.png

 

My window10 system computer in China, failed connection.

image.thumb.png.ddf4cf32e2ffc08d046415c2b63056db.png

 

An Ubuntu server in America, it's a little long because of successful connection.

root@localhost:~# curl --tlsv1.2 https://login-sing.kleientertainment.com -v
*   Trying 18.136.75.82:443...
* TCP_NODELAY set
* Connected to login-sing.kleientertainment.com (18.136.75.82) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=login.kleientertainment.com
*  start date: Mar 29 00:00:00 2021 GMT
*  expire date: Apr 27 23:59:59 2022 GMT
*  subjectAltName: host "login-sing.kleientertainment.com" matched cert's "login-sing.kleientertainment.com"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55925198a820)
> GET / HTTP/2
> Host: login-sing.kleientertainment.com
> user-agent: curl/7.68.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 404 
< date: Thu, 22 Jul 2021 02:15:51 GMT
< content-type: text/plain; charset=utf-8
< content-length: 19
< vary: Origin
< x-content-type-options: nosniff
< 
404 page not found
* Connection #0 to host login-sing.kleientertainment.com left intact
root@localhost:~# 

 

Edited by nkawxs

Share this post


Link to post
Share on other sites
nome    6225

So the curl command shows that your ubuntu host is just unable to initiate connections to our server - it's failing in the SSL handshake. Nothing to do with the game in particular.

I would be very interested to know if you're able to use curl to contact various other international websites - obviously we have limited insight into the workings of China's internet so we're not really sure what's going on here. We are in talks with various companies trying to improve the situation however.

  • Thanks 1

Share this post


Link to post
Share on other sites
nkawxs    0
On 7/23/2021 at 3:51 AM, nome said:

So the curl command shows that your ubuntu host is just unable to initiate connections to our server - it's failing in the SSL handshake. Nothing to do with the game in particular.

I would be very interested to know if you're able to use curl to contact various other international websites - obviously we have limited insight into the workings of China's internet so we're not really sure what's going on here. We are in talks with various companies trying to improve the situation however.

Tonight all connections are succeed, I didn't see any failed shake, unanticipated.

Below urls have been tested at about 2021-07-25 22:40 (UTC/GMT+08:00)

https://github.com
https://dontstarve.fandom.com
https://forums.kleientertainment.com
https://login-sing.kleientertainment.com
https://lobby-china.kleientertainment.com

What happened recently? I worry maybe there will be failed connections afterwards.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now