-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need help setting op a local server using SSL #565
Comments
Did you ever manage to get the SSL handshake working? |
@Luporion Yes I did! It was a hassle though and it has been a while, but I needed to compile nginx (proxy server) with a very outdated version of OpenSSL installed. The reason the SSL handshake failed in the setup I described here is that more recent OpenSSL versions no longer support the weak algorithms used by the DS to communicate. If you're interested I could see if I can find the build logs for my test setup I made a while back but that could take some time. Edit: I don't recall exactly of the top of my head, but in the end I had to use an even older OpenSSL version than the one I described above. |
@Luporion Yes I did! It was a hassle though and it has been a while, but I needed to compile nginx (proxy server) with a very outdated version of OpenSSL installed. The reason the SSL handshake failed in the setup I described here is that more recent OpenSSL version no longer support the weak algorithms used by the DS to communicate. If you're interested I could see if I can find the build logs for my test setup I made a while back but that could take some time. Edit: Went through my notes, seems that I used OpenSSL 1.0.2K and built nginx 1.18.1 using that openssl version. During the build, I'll see if I can get some more info but I think this is enough to get it working (and a correclty built nds-constraint cert ofcourse). |
Nice to hear. I'm trying to figure out how to create the least complicated way of having a lanparty, without my friends having to know computer science. Using the No-SSL-Gecko code works and isn't really complicated, but being able to skip that part would really ease some troubleshooting headaches. |
I'm at my pc now, so replying should be a bit easier 😄 The Nginx version my setup eventually worked with is this one (I see now it is a newer version than I texted here before - sorry about that, I misremembered it):
As stated before, the openSSL version compiled and used for the build is The config file I use with this nginx version is as follows:
Excuse the somewhat messy commenting of options, when I got this to work I was about 3 days into re-compiling nginx/openssl over and over and was no longer really trying to keep it all tidy. Things of note here are obviously the lines marked with Furthermore also the correct nintendo domain names should be used, and your dns should resolve them to your local mocks and not the actual nintendo domains. That's all I can think of right now that should help you. If you still can't get it to work, you can ask here and I'll see if I can help. The biggest struggle for me was finding the correct openssl/nginx versions and getting them compiled with the right flags. The rest should be somewhat straightforward to setup once you have the correct openssl/nginx versions installed and configured. |
Hello,
I am trying to get this setup working with a locally hosted Raspberry Pi and a copy of this dwc_network_server_emulator codebase.
The caveat being that I need to use nds-constraint as I am trying to use this setup with an unmodded retail cartridge (so no ssl patch!!!) on my Nintendo DSi.
I have successfully followed the nds-constraint steps to create a proper SSL certificate (i believe - is there a way to check?).
I have compiled an old version of Openssl (1.0.2k) and have built Nginx on top of this using the flags
enable-ssl2
,enable-ssl3
,enable-ssl3-method
andenable-weak-ssl-ciphers
.Currently, I believe to be really close to getting this to work.
This is a record of a handshake with the actual nintendo wfc service:
As you can see, after a few empty TCP acknowledgements, there is a Client Key exchange. I fail to achieve this client key exchange and would like some help with figuring out why this is not working currently.
Here is a screenshot of my latest attempt, with my own instance of dwc_network_server_emulator, using Nginx and nds-constraint, hosted locally:
10.42.0.24
is my Nintendo DSi in this case. As you can see, after the few empty TCP packets, no Client Key Exchange is performed and my console gets an errocode 20100.Could anyone help me finalize this setup? Thanks very much for any input on this issue.
PS:
The DWC server does get the initial game request, but no further communication happens (most likely due to the failing SSL handshake)
The text was updated successfully, but these errors were encountered: