RP can connect via SSL but M1ToGo cannot anymore

M1 Support Forum RP can connect via SSL but M1ToGo cannot anymore

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #5176
    Moshe Katz

    I have an M1XEP (2.0.46) and a Windows 10 computer that has both RP (2.0.40) and M1ToGo (1.0.10.0) on it. This has been working perfectly for a long time.

    I just started having this problem last week, and I’m not sure what is going on or how to fix it. While RP continues to connect with no trouble, M1ToGo has started showing an error message “Could Not Authenticate SSL Connection! Check your profile’s settings!” and failing to connect.

    I used the “Trace” function in the M1XEP setup window, and I see the following logs when M1ToGo tries to connect:

    > 12:36:39 Open_Socks: 01 = 07
    > 12:36:39 TCP Secure connection accepted
    > 12:36:39 TCP Secure Received client hello
    > 12:36:39 TCP Secure Begin SSL negotiation
    > 12:36:39 TCP Secure SSL negotiation failed, code: -3

    Here is what I see in the Trace box when connecting using RP:

    > 12:37:39 Open_Socks: 01 = 08
    > 12:37:39 TCP Secure connection accepted
    > 12:37:39 TCP Secure Received client hello
    > 12:37:39 TCP Secure Begin SSL negotiation
    > 12:37:43 TCP Secure SSL negotiation succeeded
    > 12:37:43 TCP Secure No challenge
    > 12:37:43 TCP Secure RP connected
    > …

    When I enable non-secure connections on port 2101 and set M1ToGo to use that port, it connects properly, but I do not want insecure connections enabled on this network.

    When I try connecting from a Linux computer using openssl s_client -connect IP_OF_M1XEP:2601, the connection opens successfully and I can see data being sent from the M1XEP.

    How can I fix this problem?

    #5187
    Moshe Katz

    It looks like this person had a similar issue back in 2019: http://cocoontech.com/forums/topic/31541-elk-m1-secure-connection-doesnt-seem-to-work/

    Anyone have any ideas?

    #5188
    Brad Weeks

    Both ElkRP2 and M1ToGo take the same path through code in the M1XEP to negotiate SSL. I have tried M1ToGo on a Windows 10 PC and did not run into this issue connecting on the Secure Port. Unfortunately in your case your only option may be to connect using the Non-Secure Port 2101

    #5189
    Moshe Katz

    Brad,

    I would understand that my only option is to use the non-secure port if this had never worked, but it was working perfectly until a few weeks ago. I just tested from another computer and got the same results: RP connects secure with no trouble but M1ToGo gives this SSL error.

    To me this indicates that there is some problem with the M1XEP. Is there some way to reset the XEP to factory defaults and then re-configure it to see if that helps?

    Alternatively, is there any way to get more insight into the exact error code (the “-3” of “Secure SSL negotiation failed, code: -3”)?

    #5190
    Moshe Katz

    I downgraded the XEP to firmware version 2.0.44 and I am able to connect from M1ToGo. When I upgrade back to 2.0.46, I get the same error again.

    I believe this indicates a bug in the newer firmware or a bug in M1ToGo that is surfaced when communicating with the newer firmware.

    If you would like, I would be happy to analyze this further.

    #5191
    Moshe Katz

    I watched some network traffic, and I wonder if this might be related:

    RP appears to be hardcoded to use TLSv1.2, which is supported by the XEP.

    M1ToGo does not specify a protocol level. Instead, it leaves the choice of protocol to the Operating System. It appears that Windows wants to use TLSv1.3, which fails to connect.

    If I go to a Linux machine and run openssl s_client -connect IP_OF_M1XEP:2601 -tls1_2, I see that the connection works. However, if I run openssl s_client -connect IP_OF_M1XEP:2601 -tls1_3, I see an SSL Handshake failure on the client side and the “Trace” dialog has the same “Secure SSL negotiation failed, code: -3” error message.

    The thing I don’t yet know is why this should change depending on the XEP firmware version.

    #5395
    Malcolm Johnson

    I have the same issue.  I recently upgraded my RP to 2.0.46 and M1 to Go will no longer connect.  Is the best solution to go back to 2.0.44?  If so I need that bin file.  I don’t have it in my program data and I can’t find a download on the website.

    #5396
    Moshe Katz

    Malcolm,

    As far as I know, the best solution is to go back to 2.0.44.

    Here is a link – let me know when you’ve downloaded so I can make it private again: https://drive.google.com/file/d/1geMmZNNmkxdBVuuFUQ9bttYQNYforbxb/view?usp=sharing

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.
Scroll to Top