deluge-web on CentOS refuses to see running daemons

General support for problems installing or using Deluge
Haxton Fale
New User
New User
Posts: 7
Joined: Thu Jan 15, 2015 12:03 pm

deluge-web on CentOS refuses to see running daemons

Post by Haxton Fale »

Hello!

I'm running two Deluge (1.3.11, libtorrent 0.15.10.0, installed from package manager) daemons (as two different users) on a CentOS 6.6 (kernel 2.6.32) server and a WebUI (no plugins) as one of the two users. I've updated everything recently and now the WebUI refuses to acknowledge/notice either of the running daemons - they both appear as "offline" (they're not) and even killing them and trying to start from WebUI doesn't work (they start, but still invisible to WebUI).

Has anyone encountered this sort of problem before? What should I log?
Haxton Fale
New User
New User
Posts: 7
Joined: Thu Jan 15, 2015 12:03 pm

Re: deluge-web on CentOS refuses to see running daemons

Post by Haxton Fale »

Just set up some logging and found out that the WebUI keeps trying (and failing) to connect to the Daemons using SSL, for whatever reason. As another fun fact, deluge-web keeps tossing aside my config and inserting a default one instead, rendering me unable to turn on HTTPS or change paths to cert/key.

WebUI log:

Code: Select all

[INFO    ] 00:45:32 ui:121 Deluge ui 1.3.11
[INFO    ] 00:45:32 ui:124 Starting web ui..
[INFO    ] 00:45:32 server:662 Starting server in PID 63290.
[INFO    ] 00:45:32 server:676 serving on 0.0.0.0:8112 view at http://127.0.0.1:8112
[INFO    ] 00:45:32 client:217 Connecting to daemon at 127.0.0.1:58846..
[INFO    ] 00:45:32 client:121 Connected to daemon at 127.0.0.1:58846..
[INFO    ] 00:45:32 client:217 Connecting to daemon at 127.0.0.1:58847..
[INFO    ] 00:45:32 client:224 Connection lost to daemon at 127.0.0.1:58846 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:45:32 client:121 Connected to daemon at 127.0.0.1:58847..
[INFO    ] 00:45:32 client:224 Connection lost to daemon at 127.0.0.1:58847 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:45:36 client:217 Connecting to daemon at 127.0.0.1:58846..
[INFO    ] 00:45:36 client:217 Connecting to daemon at 127.0.0.1:58847..
[INFO    ] 00:45:36 client:121 Connected to daemon at 127.0.0.1:58846..
[INFO    ] 00:45:36 client:217 Connecting to daemon at 127.0.0.1:58847..
[INFO    ] 00:45:36 client:217 Connecting to daemon at 127.0.0.1:58846..
[INFO    ] 00:45:36 client:224 Connection lost to daemon at 127.0.0.1:58846 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:45:36 client:121 Connected to daemon at 127.0.0.1:58847..
[INFO    ] 00:45:36 client:224 Connection lost to daemon at 127.0.0.1:58847 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:45:36 client:121 Connected to daemon at 127.0.0.1:58847..
[INFO    ] 00:45:36 client:121 Connected to daemon at 127.0.0.1:58846..
[INFO    ] 00:45:36 client:224 Connection lost to daemon at 127.0.0.1:58847 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:45:36 client:224 Connection lost to daemon at 127.0.0.1:58846 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:46:02 client:217 Connecting to daemon at 127.0.0.1:58846..
[INFO    ] 00:46:02 client:121 Connected to daemon at 127.0.0.1:58846..
[INFO    ] 00:46:02 client:224 Connection lost to daemon at 127.0.0.1:58846 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:46:04 client:217 Connecting to daemon at 127.0.0.1:58846..
[INFO    ] 00:46:04 client:121 Connected to daemon at 127.0.0.1:58846..
[INFO    ] 00:46:04 client:224 Connection lost to daemon at 127.0.0.1:58846 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:46:04 client:217 Connecting to daemon at 127.0.0.1:58847..
[INFO    ] 00:46:04 client:121 Connected to daemon at 127.0.0.1:58847..
[INFO    ] 00:46:04 client:224 Connection lost to daemon at 127.0.0.1:58847 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:46:04 client:217 Connecting to daemon at 127.0.0.1:58846..
[INFO    ] 00:46:04 client:121 Connected to daemon at 127.0.0.1:58846..
[INFO    ] 00:46:04 client:224 Connection lost to daemon at 127.0.0.1:58846 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
[INFO    ] 00:46:04 client:217 Connecting to daemon at 127.0.0.1:58847..
[INFO    ] 00:46:04 client:121 Connected to daemon at 127.0.0.1:58847..
[INFO    ] 00:46:04 client:224 Connection lost to daemon at 127.0.0.1:58847 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
Daemon log:

Code: Select all

[INFO    ] 00:45:00 daemon:124 Deluge daemon 1.3.11
[INFO    ] 00:45:00 core:80 Starting libtorrent 0.15.10.0 session..
[INFO    ] 00:45:00 rpcserver:367 Starting DelugeRPC server :58846
[SNIP]
[INFO    ] 00:45:02 rpcserver:204 Deluge Client connection made from: 127.0.0.1:38977
[INFO    ] 00:45:02 rpcserver:224 Deluge client disconnected: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'wrong version number')]
[INFO    ] 00:45:32 rpcserver:204 Deluge Client connection made from: 127.0.0.1:38978
[INFO    ] 00:45:32 rpcserver:224 Deluge client disconnected: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'wrong version number')]
[INFO    ] 00:45:36 rpcserver:204 Deluge Client connection made from: 127.0.0.1:38980
[INFO    ] 00:45:36 rpcserver:224 Deluge client disconnected: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'wrong version number')]
[INFO    ] 00:45:36 rpcserver:204 Deluge Client connection made from: 127.0.0.1:38984
[INFO    ] 00:45:36 rpcserver:224 Deluge client disconnected: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'wrong version number')]
[INFO    ] 00:46:02 rpcserver:204 Deluge Client connection made from: 127.0.0.1:38985
[INFO    ] 00:46:02 rpcserver:224 Deluge client disconnected: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'wrong version number')]
[INFO    ] 00:46:04 rpcserver:204 Deluge Client connection made from: 127.0.0.1:38986
[INFO    ] 00:46:04 rpcserver:224 Deluge client disconnected: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'wrong version number')]
[INFO    ] 00:46:04 rpcserver:204 Deluge Client connection made from: 127.0.0.1:38988
[INFO    ] 00:46:04 rpcserver:224 Deluge client disconnected: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'wrong version number')]
This is tiring, and the exact opposite of useful. I would rollback if not for the fact that the latest non-head version is 1.3.5, which is too old (it doesn't recognize magnet links IIRC). How do I disable SSL permanently for Deluge?
Cr0nixx
New User
New User
Posts: 2
Joined: Wed Jan 28, 2015 12:58 pm

Re: deluge-web on CentOS refuses to see running daemons

Post by Cr0nixx »

Woah, I just wanted to register and post the same thing, it's tiring.
So I pretty much have the same problem, deluged is running fine but nothing can connect.

Log from deluged:

Code: Select all

[INFO    ] 14:00:44 rpcserver:204 Deluge Client connection made from: 127.0.0.1:56135
[INFO    ] 14:00:44 rpcserver:224 Deluge client disconnected: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'wrong version number')]
Log from deluge-web:

Code: Select all

[INFO    ] 14:01:07 client:121 Connected to daemon at 127.0.0.1:58846..
[INFO    ] 14:01:07 client:224 Connection lost to daemon at 127.0.0.1:58846 reason: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')]
Before I had deluge 1.3.5 and it worked fine, though I wanted a more up to date version so I installed 1.3.11 from source. I already tinkered with both core/rpcserver.py and web/server.py and changed the ctx = to TLSv1, though without luck.
This is what it looks like right now:

rpcserver.py

Code: Select all

ctx = SSL.Context(SSL.SSLv23_METHOD)
        ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
        ctx.use_certificate_file(os.path.join(ssl_dir, "daemon.cert"))
        ctx.use_privatekey_file(os.path.join(ssl_dir, "daemon.pkey"))
server.py

Code: Select all

ctx = SSL.Context(SSL.SSLv23_METHOD)
        ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
        deluge_web = component.get("DelugeWeb")
        log.debug("Enabling SSL using:")
        log.debug("Pkey: %s", deluge_web.pkey)
        log.debug("Cert: %s", deluge_web.cert)
I googled around and the only thing I found was some couchpatoto issue which resulted in the same error, but setting ssl.context to tls did not help.
Would appreciate any help, I don't want to rollback to an older version. OS is the same as OP - CentOS.
Cas
Top Bloke
Top Bloke
Posts: 3679
Joined: Mon Dec 07, 2009 6:04 am
Location: Scotland

Re: deluge-web on CentOS refuses to see running daemons

Post by Cas »

Edit: It suggests your OpenSSL is too old, see this: http://wiki.centos.org/Security/POODLE

There have been no reports of issues from any other OS and I don't see how this can be a Deluge issue. It might be worth asking on CentOS forums for help.

Just to note there is no point in looking at web/server.py it is irrelevant to the issue. It only affects connecting via browser or using json api as couchpotato does.
Cr0nixx
New User
New User
Posts: 2
Joined: Wed Jan 28, 2015 12:58 pm

Re: deluge-web on CentOS refuses to see running daemons

Post by Cr0nixx »

Well it is as up to date as CentOS ships it. Anyway I installed 1.3.10 before the SSLv3 removal since I only use the web client locally.

I might add that running openssl s_client -connect localhost:daemon port -sslv2 failed when running 1.3.11, though tls1 worked fine.

Regards, Cr0.
Cas
Top Bloke
Top Bloke
Posts: 3679
Joined: Mon Dec 07, 2009 6:04 am
Location: Scotland

Re: deluge-web on CentOS refuses to see running daemons

Post by Cas »

Did you verify that the version of openssl as mentioned on that page is actually installed. It would be more helpful to find out why CentOS has an issue (specifically why it is forcing SSLv3 connection) rather than just opting to use an older version of Deluge. As I said before this is not an issue with any other OS so something with the OpenSSL on CentOS is not right.

That's what you should expect with 1.3.11, both SSLv2 and SSLv3 are disabled on the daemon so only TLS is available.
Haxton Fale
New User
New User
Posts: 7
Joined: Thu Jan 15, 2015 12:03 pm

Re: deluge-web on CentOS refuses to see running daemons

Post by Haxton Fale »

I tend to not update things selectively, so OpenSSL was updated as soon as it was out. And I also verified that it's up to date as per the Wiki page linked.

Would it be possible to simply disable SSL/TLS in my Deluge setup to begin with? I'm not interested in making connections to itself secure, and it's not like I'm allowing any outside connections.
Cas
Top Bloke
Top Bloke
Posts: 3679
Joined: Mon Dec 07, 2009 6:04 am
Location: Scotland

Re: deluge-web on CentOS refuses to see running daemons

Post by Cas »

The simplest solution is to talk to CentOS devs about this...
Haxton Fale
New User
New User
Posts: 7
Joined: Thu Jan 15, 2015 12:03 pm

Re: deluge-web on CentOS refuses to see running daemons

Post by Haxton Fale »

I went and talked to some CentOS folks, and there's nothing wrong with the OS itself. The problem is in deluge trying to use SSL3. Apparently CouchPotato had the same issue, but it got fixed in their version.
Cas
Top Bloke
Top Bloke
Posts: 3679
Joined: Mon Dec 07, 2009 6:04 am
Location: Scotland

Re: deluge-web on CentOS refuses to see running daemons

Post by Cas »

The client (deluge-web) is not forced into using SSLv3 protocol, what changed in 1.3.11 is that the daemon no longer accepts SSLv3 connections and all client versions are still be able to connect so there is nothing in the Deluge code that is at issue here. As I also mentioned there is no issue with any other operating system running 1.3.11. I still suspect it is an OpenSSL or cert issue.

The code change made by Couchpotato is irrelevant here as they use their own synchronous deluge client code and were specifically using SSLv3: https://github.com/RuudBurger/CouchPota ... be288c0e02

You can see the deluge client code yourself that has nothing specifying the protocol to be used: https://github.com/deluge-torrent/delug ... nt.py#L273
ClientContextFactory default to using SSL.SSLv23_METHOD as their method, and it is compatible for communication with all the other methods listed above.
Have you tried running deluge-web on another OS and attempted to connect to the daemon on CentOS?
Post Reply