shadowsocks-qt5 icon indicating copy to clipboard operation
shadowsocks-qt5 copied to clipboard
verified publisher icon shadowsocks

Connection closed unexpectedly using AEAD ciphers

Open RyanBernX opened this issue 7 years ago • 2 comments

Hi,

I am using ss-qt5 on Linux but it seems not working properly with AEAD ciphers (such as aes-256-gcm). Connections are closed soon after they are established.

Steps to reproduce

  • Server : CentOS 7, shadowsocks-libev-3.2.0
  • Client: CentOS 7 and Fedora 28, shadowsocks-qt5-3.0.1. I am using the AppImage directly from the release page.
  • Both sides use aes-256-gcm.
  • After connected to the server, download any file using socks5 proxy
[user@localhost ~]$ curl --socks5-hostname 127.0.0.1:1080 -v http://ftp.tsukuba.wide.ad.jp/software/gcc/releases/gcc-7.3.0/gcc-7.3.0.tar.gz -o gcc.tar.gz
*   Trying 127.0.0.1...
* TCP_NODELAY set
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* SOCKS5 communication to ftp.tsukuba.wide.ad.jp:80
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 1080 (#0)
> GET /software/gcc/releases/gcc-7.3.0/gcc-7.3.0.tar.gz HTTP/1.1
> Host: ftp.tsukuba.wide.ad.jp
> User-Agent: curl/7.58.0
> Accept: */*
> 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0< HTTP/1.1 200 OK
< Date: Fri, 29 Jun 2018 09:01:22 GMT
< Server: Apache
< Last-Modified: Thu, 25 Jan 2018 08:54:27 GMT
< ETag: "6b010bd-56395ed5b16c0"
< Accept-Ranges: bytes
< Content-Length: 112201917
< Content-Type: application/x-gzip
< Content-Encoding: x-gzip
< 
{ [12774 bytes data]
  5  107M    5 5525k    0     0  1062k      0  0:01:43  0:00:05  0:01:38 1105k* transfer closed with 106224679 bytes remaining to read
  5  107M    5 5837k    0     0  1089k      0  0:01:40  0:00:05  0:01:35 1441k
* Closing connection 0
curl: (18) transfer closed with 106224679 bytes remaining to read
  • Same issue occurs when using browsers (e.g. firefox) to download files through the proxy.

However, it seems that I can still access the websites using proxy, but cannot download files.

Debugging information

After checking the output of ss-qt5 I find many error messages like:

AEAD data chunk is incomplete (too small for payload)
AEAD data chunk is incomplete (too small for length)
Remote: Integrity failure: GCM tag check failed

On the server side, the ss-server throws this error:

2018-06-29 08:28:23 ERROR: server recv: Connection reset by peer

Other Notes

  • Same issue occurs when using aes-192-gcm, aes-128-gcm, chacha20-ietf-poly1305. But other ciphers such as aes-256-cfb and aes-256-ctr work fine using ss-qt5.
  • AEAD ciphers work fine using ss-local from shadowsocks-libev on my PC.

Any idea on this issue?

RyanBernX avatar Jun 29 '18 09:06 RyanBernX

I'm not sure why this would happen. It was firstly reported here https://github.com/shadowsocks/libQtShadowsocks/issues/165

librehat avatar Jun 30 '18 17:06 librehat

Thanks. Look forward to the updates.

RyanBernX avatar Jul 01 '18 02:07 RyanBernX