SSL is being fixed

See announcements from the team.
User avatar
Posts: 67
Joined: Thu Apr 09, 2015 9:25 am
Location: Camberley, UK

SSL is being fixed

Postby Nick Bolton » Mon May 18, 2015 1:48 am

Hello,

Many users are experiencing problems with our new SSL feature. We are furiously working away on a bug fix release, which we plan to have ready by May 27th.

You can track our progress here:
https://github.com/synergy/synergy/mile ... 7.3-stable

In the meantime, you can try any 1 of 3 workarounds:
1. Downgrade to 1.6
2. Delete the ns.dll plugin
3. Disable SSL from settings

Thanks,
Nick
CEO of Symless

Posts: 3
Joined: Sat May 16, 2015 1:02 pm

Re: SSL is being fixed

Postby Kevin Plant » Mon May 18, 2015 2:24 am

Thank you for the update, much appreciated.

Posts: 2
Joined: Mon May 18, 2015 6:08 am

Re: SSL is being fixed

Postby phil fluffy » Mon May 18, 2015 6:20 am

Just ran into another ssl bug today and making you aware via here, if a client is not running synergy pro and tries to connect to my pro enabled server, the server does not degrade to non ssl mode for that client, and indeed appears to hang the server from SSL clients with repeated ssl handshake errors (I think the unencrypted client is saying HELO in cleartext but its being handed straight to openssl wrapper as a ssl init string and openssl doesnt know what to do) & until the non ssl client is silenced and synergys restarted.
Versions in use are synergy-1.7.2 all built from source (gentoo...).

I have ssl working on all my machines, the only real gotcha apart from the above is the machines with the client on all have to be registered online as part of the setup process which means I have to log into each keyboard and mouseless machine via ssh -XYA and start up synergy and run through the registration as it appears to change something in the install during registration (though you have stopped pushing me the nsplugin linked against the wrong libs now, yay!). Its clear to me that you are going to have users that don't understand how to do this hoop and mixed with the first issue, its going to be a source of frustration for users.

SSL is a great feature, and I for one *need* it because I dont control one of the windows machines I km to, and cant run stunnel or a ssh tunnel easily. On the windows client side its been fine.
One last gripe, there doesnt seem to be a way clientside to see if its encrypted or not apart from taking a packet dump, as I start up synergyc as part of GDM Init so local user login can be done over the network. Now its not very important, but if you add a feature that lets the ssl degrade its negotiation for non ssl clients, it could be worth thinking about.

I mentioned the no --enable-crypto in the docs, but Im sure you are on that already.

Posts: 171
Joined: Wed May 13, 2015 9:00 am

Re: SSL is being fixed

Postby Ben Koenig » Mon May 18, 2015 2:06 pm

Thanks Nick!

On the plus side, Synergy still works. You can get set up and everything so that once SSL is ship shape your configuration is ready to go. Friendly reminder if you are on an exposed network! :o

I think Synergy fits into a very nice spot. It's those weird people that write crazy encryption code for SSL that make life hard! I'm not much of a programmer, but in coder speak

SSL != Synergy :D

Kudos guys

Posts: 6
Joined: Fri May 15, 2015 11:31 am

Re: SSL is being fixed

Postby eddie dilanchian » Tue May 19, 2015 6:24 am

Nick Bolton wrote:Hello,

Many users are experiencing problems with our new SSL feature. We are furiously working away on a bug fix release, which we plan to have ready by May 27th.

You can track our progress here:
https://github.com/synergy/synergy/mile ... 7.3-stable

In the meantime, you can try any 1 of 3 workarounds:
1. Downgrade to 1.6
2. Delete the ns.dll plugin
3. Disable SSL from settings

Thanks,
Nick


i dont see the ns.dll any ideas ???

Posts: 1
Joined: Tue May 19, 2015 8:19 am

Re: SSL is being fixed

Postby David Bowser » Tue May 19, 2015 8:25 am

Just an odd testing note for me:

Mac to mac is not working with SSL enabled, but Windows to Mac was. Assuming Mac server and Windows and Mac clients.

I disabled SSL as a workaround for my Macs, but I figured you should take a look at that from a testing perspective.

Posts: 15
Joined: Tue May 19, 2015 8:58 am

Re: SSL is being fixed

Postby Esther Singer » Tue May 19, 2015 9:02 am

where do I disable ssl?

Posts: 171
Joined: Wed May 13, 2015 9:00 am

Re: SSL is being fixed

Postby Ben Koenig » Tue May 19, 2015 10:11 am

Esther Singer wrote:where do I disable ssl?

It's actually labeled in settings as "Network Encryption" I believe.

SSL, OpenSSL are the official names for the technology/projects that secure network communication. If you see an option for Encryption anywhere, it is safe to assume SSL.

EDIT: Sorry, it is "SSL encryption". My mistake.
Last edited by Ben Koenig on Mon May 25, 2015 10:07 am, edited 1 time in total.

Posts: 171
Joined: Wed May 13, 2015 9:00 am

Re: SSL is being fixed

Postby Ben Koenig » Tue May 19, 2015 10:54 am

Also, I don't use Windows 7 as my primary OS. My installation is generally unused and therefore as almost as fresh as the day I installed it + patches and updates.

I can confirm that these Encryption and OpenSSL issues have not occurred a single time for me. I will document my setup here:

- Windows 7 x86_64 Service Pack 1
- Installed 1.7.2 without any previous installation of Synergy. This means no registry keys and nothing in appdata.
- Fairly open firewall. I am behind a home router. Generally a computer a computer will not enter my network without me knowing. Making Windows Firewall on a stationary Desktop almost pointless.

When Synergy Crashes Windows keeps a hold of some pieces of it instead of letting the crash go. After crashes, such as the SSL handshake error others have experienced on Windows 7 follow these steps in this order precisely:

1) Close Synergy on the Client.
2) End the process "synergys.exe from Task Manager
3) Close the Synergy Graphical Application. It will complain. Force it to close however you can.
4) Count to 5
5) Done counting. Restart GUI and disable "SSL Encryption"


Works on Windows 7 64bit. No need to delete anything.

Posts: 2
Joined: Mon May 18, 2015 6:08 am

Re: SSL is being fixed

Postby phil fluffy » Mon May 25, 2015 8:47 am

David Bowser wrote:Just an odd testing note for me:

Mac to mac is not working with SSL enabled, but Windows to Mac was. Assuming Mac server and Windows and Mac clients.

I disabled SSL as a workaround for my Macs, but I figured you should take a look at that from a testing perspective.

David, just as a aside, have you run the synergy gui on each of the clients? if ssl is enabled, each client machine that connects has to be registered to get the ns plugin downloaded and enabled.

I think from a functional point of view, if only the server required registration that would make things easier for customers.

I bumped up to the latest stable and my setup is all working fine still. Gentoo server, gentoo + windows clients. Although I had to re-run registration on every client and the server yet again with the version bump. Somewhat tiresome...

Next

Return to Announcements

Who is online

Users browsing this forum: No registered users and 1 guest