SSL issues with rTorrent as download client

Hello everyone,

I got an issue while trying to set up rTorrent as my download client.
My rutorrent instance is available through SSL (port 443) and has a .htaccess associated.
While browsing this forum, I saw many posts with some configuration that I tried :

Host: localhost
Port: 443
Url Path: my_correct_scgi_path
Use SSL: Yes
Username: my_htaccess_user
Password: my_htaccess_passwd

My SSL certificate is issued by StartSSL and my configuration seems OK as I got A+ on sslabs.com.

When I test this connexion, I got these errors in my syslog :

Nov 30 13:10:13 mono[27120]: [Error] RTorrent: Error writing headers
Nov 30 13:10:13 mono[27120]: System.Net.WebException: Error writing headers —> System.IO.IOException: Error while sending TLS Alert (Fatal:InternalError): System.IO.IOException: The authentication or decryption has failed. —> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x41a15c80 + 0x00103> in :0
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x41a15bc0 + 0x0002b> in :0
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x41a132b0 + 0x00227> in :0
Nov 30 13:10:13 mono[27120]: — End of inner exception stack trace —
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x41a16270 + 0x000bf> in :0
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x41a16000 + 0x0007f> in :0 —> System.IO.IOException: The authentication or decryption has failed. —> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x41a15c80 + 0x00103> in :0
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x41a15bc0 + 0x0002b> in :0
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x41a132b0 + 0x00227> in :0
Nov 30 13:10:13 mono[27120]: — End of inner exception stack trace —
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) <0x41a16270 + 0x000bf> in :0
Nov 30 13:10:13 mono[27120]: at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x41a16000 + 0x0007f> in :0
Nov 30 13:10:13 mono[27120]: — End of inner exception stack trace —
Nov 30 13:10:13 mono[27120]: at System.Net.WebConnection.EndWrite (System.Net.HttpWebRequest request, Boolean throwOnError, IAsyncResult result) <0x41863170 + 0x00207> in :0
Nov 30 13:10:13 mono[27120]: at System.Net.WebConnectionStream+c__AnonStorey1.<>m__0 (IAsyncResult r) <0x418629c0 + 0x0014f> in :0
Nov 30 13:10:13 mono[27120]: — End of inner exception stack trace —
Nov 30 13:10:13 mono[27120]: at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) <0x4184a900 + 0x001ab> in :0
Nov 30 13:10:13 mono[27120]: at System.Net.HttpWebRequest.GetResponse () <0x41845b40 + 0x0005a> in :0
Nov 30 13:10:13 mono[27120]: at CookComputing.XmlRpc.XmlRpcClientProtocol.GetWebResponse (System.Net.WebRequest request) <0x41a0ed40 + 0x00032> in :0
Nov 30 13:10:13 mono[27120]: [Warn] NzbDroneErrorPipeline: Invalid request Validation failed:
Nov 30 13:10:13 mono[27120]: – Unknown exception: Error writing headers

mono -V
Mono JIT compiler version 4.2.1 (Stable 4.2.1.102/6dd2d0d Thu Nov 12 09:52:44 UTC 2015)
Copyright © 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
TLS: __thread
SIGSEGV: altstack
Notifications: epoll
Architecture: amd64
Disabled: none
Misc: softdebug
LLVM: supported, not enabled.
GC: sgen

I’m using Nginx btw.

Do you have any idea to help ?

Thanks a lot ! :smile:

mono doesn’t support the newer TLS1.2 ciphers, such as elliptic curve (ECDSA) and others. You’ll have to change the nginx settings to allow certain older ciphers, can’t help you with that.

OK Thanks anyway, that’s a first help :wink:

Now, does anyone know how to configure the nginx SSL parameters ?
I don’t mind modifying my conf as long as it works in the end :smile:

for crying out loud, google it!

Thanks but I already googled this issue quite a lot and I can not find a configuration that is working.
I also opened topics on other forums and noone could help me.

So if anyone can help me, I’d be happy, I tried to enabled SSLv3, TLSv1 and it doesn’t work anyway…

We’re talking about ciphersuites (RSA/AES/DHE) not protocols (SSLv3,TLSv1). Check out the first line here (third in the google search). Not saying you need to copy paste that, coz those lists are too modern/new for mono to handle, but that’s the config option you have to change.
From that link you get to [this site)[https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html] (also the first hit in the google search), section ‘The Cipher Suite’ and voila gets into most of the details and pros/cons and howto. Heck, copy/paste of those ciphers probably gets it working coz it seems to be a WinXP compatible list.

OK I understood my mistake, I tried like 20 different cipher suites from all kind of sites, from mozilla foundation, to recommended ones from the links you’ve mentionned, I can’t find a working one…
Thanks for your help anyway… ^^

Well, I tried to modifiy my ciphers as Mozilla’s foundation recommended and now I have these errors :

CookComputing.XmlRpc.XmlRpcServerException: Method Not Allowed
at CookComputing.XmlRpc.XmlRpcClientProtocol.ReadResponse (CookComputing.XmlRpc.XmlRpcRequest req, System.Net.WebResponse webResp, System.IO.Stream respStm, System.Type returnType) <0x40e922e0 + 0x00287> in :0
at CookComputing.XmlRpc.XmlRpcClientProtocol.Invoke (System.Object clientObj, System.Reflection.MethodInfo mi, System.Object[] parameters) <0x40dfd490 + 0x007d7> in :0
at CookComputing.XmlRpc.XmlRpcClientProtocol.Invoke (System.Reflection.MethodInfo mi, System.Object[] Parameters) <0x40dfd450 + 0x00027> in :0
at XmlRpcProxy4e3a41a1-2ba4-4be7-8ae1-6fbf79c2d646.GetVersion () <0x40dfd2d0 + 0x0007b> in :0
at NzbDrone.Core.Download.Clients.RTorrent.RTorrentProxy.GetVersion (NzbDrone.Core.Download.Clients.RTorrent.RTorrentSettings settings) <0x40df6dd0 + 0x0004e> in :0
at NzbDrone.Core.Download.Clients.RTorrent.RTorrent.TestConnection () <0x40df6b40 + 0x00076> in :0

Do you have any idea to help me ?

Using blackhole do the trick for downloads, but my seeding ratio is getting lower and lower as blackhole moves files and doesn’t hard-copy them…

Thanks a lot ! :smile:

Hi there,

I’m loosing my mind !!!

I tried another cipher-suite, which should be pretty permissive and my rtorrent connexion still doesn’t work, but the error message is different one more time :

System.Net.WebException: Error getting response stream (ReadDone1): ReceiveFailure —> System.IO.IOException: EndRead failure —> System.Net.Sockets.SocketException: Connection reset by peer
at System.Net.Sockets.Socket.EndReceive (IAsyncResult result) <0x40c79100 + 0x000a3> in :0
at System.Net.Sockets.NetworkStream.EndRead (IAsyncResult ar) <0x40c78fc0 + 0x00057> in :0
— End of inner exception stack trace —
at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (IAsyncResult asyncResult) <0x40e64ba0 + 0x00157> in :0
at System.Net.WebConnection.ReadDone (IAsyncResult result) <0x40c78410 + 0x0015d> in :0
— End of inner exception stack trace —
at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) <0x40c54560 + 0x001a7> in :0
at System.Net.HttpWebRequest.GetResponse () <0x40c4c2b0 + 0x0005a> in :0
at CookComputing.XmlRpc.XmlRpcClientProtocol.GetWebResponse (System.Net.WebRequest request) <0x40e04cf0 + 0x00032> in :0

Do you guys have any idea ?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.