Problem with updating Radarr

[Chrisrehn]

Hi!

Trying to update Radarr to the latest update but get a error message.

Error occurred while executing task ApplicationUpdate: Error: SecureChannelFailure (The authentication or decryption has failed.)

Code:

System.Net.WebException: Error: SecureChannelFailure (The authentication or decryption has failed.) ---> System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: Error while sending TLS Alert (Fatal:InternalError): System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00049] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:434
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:256
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:418
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x00033] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:397
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:101  ---> System.IO.IOException: Unable to write data to the transport connection: The socket has been shut down. ---> System.Net.Sockets.SocketException: The socket has been shut down
  at System.Net.Sockets.Socket.EndSend (System.IAsyncResult asyncResult) [0x00013] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/referencesource/System/net/System/Net/Sockets/Socket.cs:3876
  at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x00057] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/referencesource/System/net/System/Net/Sockets/NetworkStream.cs:1043
   --- End of inner exception stack trace ---
  at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x0007c] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/referencesource/System/net/System/Net/Sockets/NetworkStream.cs:1054
  at Mono.Security.Protocol.Tls.RecordProtocol.EndSendRecord (System.IAsyncResult asyncResult) [0x00032] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:780
  at Mono.Security.Protocol.Tls.RecordProtocol.SendRecord (Mono.Security.Protocol.Tls.ContentType contentType, System.Byte[] recordData) [0x0000b] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:788
  at Mono.Security.Protocol.Tls.RecordProtocol.SendAlert (Mono.Security.Protocol.Tls.Alert alert) [0x00021] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:633
  at Mono.Security.Protocol.Tls.RecordProtocol.SendAlert (System.Exception& ex) [0x0001b] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:598
   --- End of inner exception stack trace ---
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (System.IAsyncResult asyncResult) [0x0004c] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:886
  at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsClient (System.IAsyncResult asyncResult) [0x0000e] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/System/Mono.Net.Security/LegacySslStream.cs:477
  at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00000] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/System/Mono.Net.Security/LegacySslStream.cs:447
  at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x0007b] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs:116
  at System.Net.WebConnection.CreateStream (System.Net.HttpWebRequest request) [0x00073] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/System/System.Net/WebConnection.cs:412
   --- End of inner exception stack trace ---
  at System.Net.WebClient.DownloadFile (System.Uri address, System.String fileName) [0x000ad] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/referencesource/System/net/System/Net/webclient.cs:413
  at System.Net.WebClient.DownloadFile (System.String address, System.String fileName) [0x0000e] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/mcs/class/referencesource/System/net/System/Net/webclient.cs:382
  at (wrapper remoting-invoke-with-check) System.Net.WebClient:DownloadFile (string,string)
  at NzbDrone.Common.Http.HttpClient.DownloadFile (System.String url, System.String fileName) [0x0009b] in C:\projects\radarr-usby1\src\NzbDrone.Common\Http\HttpClient.cs:174
  at NzbDrone.Core.Update.InstallUpdateService.InstallUpdate (NzbDrone.Core.Update.UpdatePackage updatePackage) [0x00103] in C:\projects\radarr-usby1\src\NzbDrone.Core\Update\InstallUpdateService.cs:102
  at NzbDrone.Core.Update.InstallUpdateService.Execute (NzbDrone.Core.Update.Commands.ApplicationUpdateCommand message) [0x00071] in C:\projects\radarr-usby1\src\NzbDrone.Core\Update\InstallUpdateService.cs:215
  at NzbDrone.Core.Messaging.Commands.CommandExecutor.ExecuteCommand[TCommand] (TCommand command, NzbDrone.Core.Messaging.Commands.CommandModel commandModel) [0x000ec] in C:\projects\radarr-usby1\src\NzbDrone.Core\Messaging\Commands\CommandExecutor.cs:91
  at (wrapper dynamic-method) System.Object:CallSite.Target (System.Runtime.CompilerServices.Closure,System.Runtime.CompilerServices.CallSite,NzbDrone.Core.Messaging.Commands.CommandExecutor,object,NzbDrone.Core.Messaging.Commands.CommandModel)
  at System.Dynamic.UpdateDelegates.UpdateAndExecuteVoid3[T0,T1,T2] (System.Runtime.CompilerServices.CallSite site, T0 arg0, T1 arg1, T2 arg2) [0x00035] in /wrkdirs/usr/ports/lang/mono/work/mono-mono-5.2.0.215/external/corefx/src/System.Linq.Expressions/src/System/Dynamic/UpdateDelegates.Generated.cs:1902
  at (wrapper dynamic-method) System.Object:CallSite.Target (System.Runtime.CompilerServices.Closure,System.Runtime.CompilerServices.CallSite,NzbDrone.Core.Messaging.Commands.CommandExecutor,object,NzbDrone.Core.Messaging.Commands.CommandModel)
  at NzbDrone.Core.Messaging.Commands.CommandExecutor.ExecuteCommands () [0x00027] in C:\projects\radarr-usby1\src\NzbDrone.Core\Messaging\Commands\CommandExecutor.cs:41

 

[kranzel]

I am having the same issue. I am running Radarr in IOCAGE.

Doing some digging, i found two different posts.

Code:

On suggesting libcurl3 was the issue, but that seemed related to linux, not FreeBSD.

I then found a thread that indicated

Code:

Github updated their TLS to 1.2 and since mono 4.6 does not support that, the requests are failing.

However, when I do a pkg info mono, I get

mono-5.2.0.215
Name : mono
Version : 5.2.0.215
Installed on : Sun Mar 4 20:38:38 2018 CST
Origin : lang/mono
Architecture : FreeBSD:11:amd64
Prefix : /usr/local
Categories : lang
Licenses : MIT
Maintainer : mono@FreeBSD.org
WWW : http://www.mono-project.com/
Comment : Open source implementation of .NET Development Framework
Options :
ACCEPTANCE_TESTS: off
Shared Libs required:
libinotify.so.0
Shared Libs provided:
libmonosgen-2.0.so.1
libmonoboehm-2.0.so.1
libikvm-native.so
libmono-profiler-iomap.so.0
libmono-profiler-aot.so.0
libmono-profiler-log.so.0
libMonoSupportW.so
libMonoPosixHelper.so
Annotations :
FreeBSD_version: 1101001
cpe : cpe:2.3:a:mono:mono:5.2.0.215:::::freebsd11:x64
repo_type : binary
repository : FreeBSD
Flat size : 214MiB

Are you also running Radarr in IOCAGE or Warden?

 

[Chrisrehn]

I'm running it in IOCAGE

On suggesting libcurl3 was the issue, but that seemed related to linux, not FreeBSD.

I think that libcurl3 is implanted in freenas so i dont think it's that.

Github updated their TLS to 1.2 and since mono 4.6 does not support that, the requests are failing.

and i have Mono JIT compiler version 5.2.0

 

[Chrisrehn]

but it's surely odd it is complaining about Protocols now.. because i have upgraded it before and it worked like a charm and i haven't been changing The "authentication" in anyway

 

[PlqnK]

Github upgraded their security policy by only allowing clients that supports TLS 1.2+ to connect to their web server. In order to use TLS 1.2 in Mono the package must be compiled with Boring SSL which is not the case for the version available from ports by default. In order to enable Boring SSL at compile time you need to patch your files in your port tree according to this http://www.codenicer.com/content/mono-481-tls-12-freebsd and build it manually. There's a bug report open that asks the FreeBSD port maintainer to add that to the original port tree here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222271 but there's no answer :-/

 

[Raggou]

Github upgraded their security policy by only allowing clients that supports TLS 1.2+ to connect to their web server. In order to use TLS 1.2 in Mono the package must be compiled with Boring SSL which is not the case for the version available from ports by default. In order to enable Boring SSL at compile time you need to patch your files in your port tree according to this http://www.codenicer.com/content/mono-481-tls-12-freebsd and build it manually. There's a bug report open that asks the FreeBSD port maintainer to add that to the original port tree here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222271 but there's no answer :-/

I just ran into this problem is there a way to upgrade mono past version 5.2.0 on Freenas now?

 

[Liriel]

I am also having this same problem. Anyone found a way to get radarr updating via the GUI on FreeNAS?

 

[chippy]

For anyone willing to go through some trouble and if you have some time to spare, Mark Felder made a "review" for a more modern Mono version over at https://reviews.freebsd.org/D15780 (found it through https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222271, awesome!).

As I'm completely unfamiliar with FreeBSD, this is what I did to manually 'make' Mark's release from within my iocage radarr jail, resulting in a working mono v5.12.0.260 install and updateable radarr:

1. service radarr stop (and any other processes making use of mono, if you have any)
   
2. portsnap fetch extract (get and extract the FreeBSD ports)
   
3. pkg install cmake (required for making stuff)
   
4. Now surely the next few steps can be done more efficient, but I couldn't figure out how to get the code/files straight out of the FreeBSD reviews site, except by doing it manually. So, first move away the files that Mark's commits show as deleted (./files/patch-configure.ac ./files/patch-eglib_src_gfile-posix.c ./files/patch-mcs_tools_xbuild_data_12.0_Microsoft.CSharp.targets ./files/patch-mcs_tools_xbuild_data_14.0_Microsoft.CSharp.targets ./files/patch-mono_mini_mini-posix.c ./files/patch-mono_profiler_ptestrunner.pl ./files/patch-mono_utils_mono-proclib.c ./files/patch-scripts_mono-heapviz), example for ./files/patch-configure.ac:
   cd /usr/ports/lang/mono
mkdir /tmp/bkup/
mv ./files/patch-configure.ac /tmp/bkup/
5. Next edit all the files that show changes in the Diff section. For example the makefile (lang/mono/Makefile): click "View Options", "Show Raw File (Right)", copy the entire contents of the file that opens and put it into the corresponding file in the iocage jail. For the makefile, I just did (make sure you're still in /usr/ports/lang/mono):
   • echo > ./Makefile (empty the Makefile)
     
   • vi ./Makefile (edit the Makefile using 'vi')
     
   • Press "i" for insert mode
   • Paste the text from the raw file
   • Press escape to exit insert mode
   • Type ":x"<enter> to write and exit the file
   Do this for all files marked as changed (./Makefile, ./distinfo, ./files/patch-mono_eglib_gfile-posix.c, ./files/patch-mono_eglib_gfile-posix.c, ./files/patch-mono_mini_Makefile.am.in, ./files/patch-mono_utils_mono-threads.c and ./pkg-plist)
   
6. Uninstall the currently installed (old) version of mono:
   make deinstall
7. Make and install the new version (this'll take a loooooooong time):
   make reinstall
8. Clean up, verify the version and restart radarr:
   make clean
mono --version (should return Mono JIT compiler version 5.12.0)
   service radarr start

That's it.

 

[1uVBo]

For anyone willing to go through some trouble and if you have some time to spare, Mark Felder made a "review" for a more modern Mono version over at https://reviews.freebsd.org/D15780 (found it through https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222271, awesome!).

As I'm completely unfamiliar with FreeBSD, this is what I did to manually 'make' Mark's release from within my iocage radarr jail, resulting in a working mono v5.12.0.260 install and updateable radarr:

1. service radarr stop (and any other processes making use of mono, if you have any)
   
2. portsnap fetch extract (get and extract the FreeBSD ports)
   
3. pkg install cmake (required for making stuff)
   
4. Now surely the next few steps can be done more efficient, but I couldn't figure out how to get the code/files straight out of the FreeBSD reviews site, except by doing it manually. So, first move away the files that Mark's commits show as deleted (./files/patch-configure.ac ./files/patch-eglib_src_gfile-posix.c ./files/patch-mcs_tools_xbuild_data_12.0_Microsoft.CSharp.targets ./files/patch-mcs_tools_xbuild_data_14.0_Microsoft.CSharp.targets ./files/patch-mono_mini_mini-posix.c ./files/patch-mono_profiler_ptestrunner.pl ./files/patch-mono_utils_mono-proclib.c ./files/patch-scripts_mono-heapviz), example for ./files/patch-configure.ac:
   cd /usr/ports/lang/mono
mkdir /tmp/bkup/
mv ./files/patch-configure.ac /tmp/bkup/
5. Next edit all the files that show changes in the Diff section. For example the makefile (lang/mono/Makefile): click "View Options", "Show Raw File (Right)", copy the entire contents of the file that opens and put it into the corresponding file in the iocage jail. For the makefile, I just did (make sure you're still in /usr/ports/lang/mono):
   • echo > ./Makefile (empty the Makefile)
     
   • vi ./Makefile (edit the Makefile using 'vi')
     
   • Press "i" for insert mode
   • Paste the text from the raw file
   • Press escape to exit insert mode
   • Type ":x"<enter> to write and exit the file
   Do this for all files marked as changed (./Makefile, ./distinfo, ./files/patch-mono_eglib_gfile-posix.c, ./files/patch-mono_eglib_gfile-posix.c, ./files/patch-mono_mini_Makefile.am.in, ./files/patch-mono_utils_mono-threads.c and ./pkg-plist)
   
6. Uninstall the currently installed (old) version of mono:
   make deinstall
7. Make and install the new version (this'll take a loooooooong time):
   make reinstall
8. Clean up, verify the version and restart radarr:
   make clean
mono --version (should return Mono JIT compiler version 5.12.0)
   service radarr start

That's it.

You weren't kidding. That took me around 3 hours to install... but thanks for the small guide here!

 

[Hazza]

So it looks like the ports version is now 5.10.1.47 - apparently because its more compatible than 5.12. I built mono from ports but I'm still getting SSL errors. It looks like, based on my testing, that it can only manage TLS 1.0 maximum.
Tested in both a warden & iocage jail.

Code:

root@jail1:~ # mono -V
Mono JIT compiler version 5.10.1.47 (5.10.1.47 Tue Jun 19 23:56:26 UTC 2018)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
		TLS:		   __thread
		SIGSEGV:	   altstack
		Notification:  kqueue
		Architecture:  amd64
		Disabled:	  none
		Misc:		  softdebug
		Interpreter:   yes
		LLVM:		  supported, not enabled.
		GC:			sgen (concurrent by default)
root@jail1:~ # mono tlstest.exe https://www.github.com/

https://www.github.com/
FAILED: #-2146232800
System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00037] in <3c77ed3431c04bf1a67026e0b09a4f5c>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <3c77ed3431c04bf1a67026e0b09a4f5c>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <3c77ed3431c04bf1a67026e0b09a4f5c>:0
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x00032] in <3c77ed3431c04bf1a67026e0b09a4f5c>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <3c77ed3431c04bf1a67026e0b09a4f5c>:0
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.SslStreamBase+InternalAsyncResult asyncResult) [0x00022] in <3c77ed3431c04bf1a67026e0b09a4f5c>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () [0x0002b] in <3c77ed3431c04bf1a67026e0b09a4f5c>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, System.Int32 offset, System.Int32 count) [0x00064] in <3c77ed3431c04bf1a67026e0b09a4f5c>:0
  at System.IO.StreamWriter.Flush (System.Boolean flushStream, System.Boolean flushEncoder) [0x0007e] in <966da083dfb34aabb337427306b8406d>:0
  at System.IO.StreamWriter.Flush () [0x00006] in <966da083dfb34aabb337427306b8406d>:0
  at TlsTest.GetStreamPage (System.String url) [0x000e1] in <8c90a594963d453388498e226db0c56e>:0
  at TlsTest.Main (System.String[] args) [0x0030a] in <8c90a594963d453388498e226db0c56e>:0

 

[gt2416]

So it looks like the ports version is now 5.10.1.47 - apparently because its more compatible than 5.12.

Well thats you problem, look at the comments right before yours. States that 5.10 WILL NOT work. You have to manually get mono 5.12 (comment above has instructions)

 

[Hazza]

Well thats you problem, look at the comments right before yours. States that 5.10 WILL NOT work. You have to manually get mono 5.12 (comment above has instructions)

My problem? I cannot see a single reference to 5.10 in any post prior to my previous message.
I followed the instructions in chippy's post, but it gave me 5.10.1.47 instead of 5.12.0.260. This is because the version of mono in ports has been changed:

This has changed from the mono 5.12 release to mono 5.10 release due to compatibility issues found with mono 5.12

However it still says that it's built with BoringSSL, so I don't know why it's not working:

This version builds and packages and is using BoringSSL

 

[gt2416]

From your logs its a tls error. Your version does not support tls 1.2. Either try chippy's method again to get 5.12 or build mono with boringssl. Its NOT default.

 

[Apolitosz]

I saw on freshports that the latest package is 5.10.1.47 and built with Boring SSL:
https://www.freshports.org/lang/mono/

This matches with what they were discussing on https://reviews.freebsd.org/D15780

So in theory it should work

I simply updated my packages, but just like for Hazza, I'm still getting TLS Expection:

Code:

Installed packages to be UPGRADED:
		webp: 0.6.1 -> 1.0.0
		tinyxml2: 6.0.0,1 -> 6.2.0,1
		sqlite3: 3.22.0_2 -> 3.24.0
		py27-setuptools: 39.0.1 -> 39.2.0
		pcre: 8.40_1 -> 8.42
		nano: 2.9.5 -> 2.9.8
		mono: 5.2.0.215 -> 5.10.1.47_2
		mediainfo: 18.03 -> 18.05
		libzen: 18.03 -> 18.05
		libxcb: 1.12_2 -> 1.13
		libnghttp2: 1.31.1 -> 1.32.0
		libmediainfo: 18.03 -> 18.05
		glib: 2.50.3_2,1 -> 2.50.3_3,1
		freetype2: 2.8_2 -> 2.9.1
		fontconfig: 2.12.1_3,1 -> 2.12.6,1

Code:

root@media:~ # mono --version
Mono JIT compiler version 5.10.1.47 (5.10.1.47 Thu Jun 21 02:03:15 UTC 2018)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
		TLS:		   __thread
		SIGSEGV:	   altstack
		Notification:  kqueue
		Architecture:  amd64
		Disabled:	  none
		Misc:		  softdebug
		Interpreter:   yes
		LLVM:		  supported, not enabled.
		GC:			sgen (concurrent by default)

Code:

root@media:~ # mono tlstest.exe https://www.github.com/

https://www.github.com/
FAILED: #-2146232800
System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00037] in <0600e8f4e6264b4a8e5e53aeb845a4ef>:0
  at Mono.Security.Protocol.Tls.RecordProtocol.ReceiveRecord (System.IO.Stream record) [0x0000a] in <0600e8f4e6264b4a8e5e53aeb845a4ef>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeReceiveRecord (System.IO.Stream s) [0x00000] in <0600e8f4e6264b4a8e5e53aeb845a4ef>:0
  at Mono.Security.Protocol.Tls.SslClientStream.OnNegotiateHandshakeCallback (System.IAsyncResult asyncResult) [0x0000e] in <0600e8f4e6264b4a8e5e53aeb845a4ef>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <0600e8f4e6264b4a8e5e53aeb845a4ef>:0
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.SslStreamBase+InternalAsyncResult asyncResult) [0x00022] in <0600e8f4e6264b4a8e5e53aeb845a4ef>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () [0x0002b] in <0600e8f4e6264b4a8e5e53aeb845a4ef>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, System.Int32 offset, System.Int32 count) [0x00064] in <0600e8f4e6264b4a8e5e53aeb845a4ef>:0
  at System.IO.StreamWriter.Flush (System.Boolean flushStream, System.Boolean flushEncoder) [0x0007e] in <d7767e54cb234318be4a1e7ddd12ca51>:0
  at System.IO.StreamWriter.Flush () [0x00006] in <d7767e54cb234318be4a1e7ddd12ca51>:0
  at TlsTest.GetStreamPage (System.String url) [0x000c7] in <b20e29fb974042ed9c5290a8f0ee5840>:0
  at TlsTest.Main (System.String[] args) [0x00392] in <b20e29fb974042ed9c5290a8f0ee5840>:0

 

[chippy]

It seems the 5.12 review for mono I referenced in my previous post has been changed to use an older version, as can also be seen on the page itself now:

This has changed from the mono 5.12 release to mono 5.10 release due to compatibility issues found with mono 5.12

For me, the 5.12 version has been working fine. So if anyone feels like giving it a try, I tarred all the 'old' 5.12 files and uploaded them here: https://ufile.io/2xgp3
Short instructions:

1. Move all your current mono ports files to a temp backup dir: mkdir /tmp/bkup && mv /usr/ports/lang/mono/* /tmp/bkup/
2. Get the downloaded file into your iocage running mono
3. Extract the 5.12 files: tar zxvf <location-of-downloaded-file> -C /
4. cd /usr/ports/lang/mono and continue on from step 6 in my previous post, in short:
   
5. make deinstall
6. make reinstall
7. make clean

 

[Hazza]

For me, the 5.12 version has been working fine. So if anyone feels like giving it a try, I tarred all the 'old' 5.12 files and uploaded them here: https://ufile.io/2xgp3

Still getting a TLS error, sadly. Even made 5.12 on a fresh jail to test.

Code:

root@TestJail:~ # mono --version
Mono JIT compiler version 5.12.0 (5.12.0.260 Sat Jun 23 16:49:19 UTC 2018)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
		TLS:		   __thread
		SIGSEGV:	   altstack
		Notification:  kqueue
		Architecture:  amd64
		Disabled:	  none
		Misc:		  softdebug
		Interpreter:   yes
		LLVM:		  supported, not enabled.
		GC:			sgen (concurrent by default)
root@TestJail:~ # mono tlstest.exe https://www.github.com

https://www.github.com
FAILED: #-2146232800
System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00037] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <8f2206676dd54a668eb86272d4bfb02c>:0
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x00032] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <8f2206676dd54a668eb86272d4bfb02c>:0
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.SslStreamBase+InternalAsyncResult asyncResult) [0x00022] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () [0x0002b] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, System.Int32 offset, System.Int32 count) [0x00064] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at System.IO.StreamWriter.Flush (System.Boolean flushStream, System.Boolean flushEncoder) [0x0007e] in <18a9bb7ce89d4bbea3cf58ee7fd46a9d>:0
  at System.IO.StreamWriter.Flush () [0x00006] in <18a9bb7ce89d4bbea3cf58ee7fd46a9d>:0
  at TlsTest.GetStreamPage (System.String url) [0x000c2] in <7ad9caa5280c42fa9e47b5cc3d9b1e0e>:0
  at TlsTest.Main (System.String[] args) [0x002aa] in <7ad9caa5280c42fa9e47b5cc3d9b1e0e>:0

I've carried out some packet captures - it appears that the Mono process is sending out client hellos in TLS 1.0 only.
Perhaps the problem lies in a dependency?

 

[chippy]

Still getting a TLS error, sadly. Even made 5.12 on a fresh jail to test.

Code:

root@TestJail:~ # mono --version
Mono JIT compiler version 5.12.0 (5.12.0.260 Sat Jun 23 16:49:19 UTC 2018)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
		TLS:		   __thread
		SIGSEGV:	   altstack
		Notification:  kqueue
		Architecture:  amd64
		Disabled:	  none
		Misc:		  softdebug
		Interpreter:   yes
		LLVM:		  supported, not enabled.
		GC:			sgen (concurrent by default)
root@TestJail:~ # mono tlstest.exe https://www.github.com

https://www.github.com
FAILED: #-2146232800
System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00037] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <8f2206676dd54a668eb86272d4bfb02c>:0
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x00032] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <8f2206676dd54a668eb86272d4bfb02c>:0
   --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.EndNegotiateHandshake (Mono.Security.Protocol.Tls.SslStreamBase+InternalAsyncResult asyncResult) [0x00022] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.NegotiateHandshake () [0x0002b] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at Mono.Security.Protocol.Tls.SslStreamBase.Write (System.Byte[] buffer, System.Int32 offset, System.Int32 count) [0x00064] in <8f2206676dd54a668eb86272d4bfb02c>:0
  at System.IO.StreamWriter.Flush (System.Boolean flushStream, System.Boolean flushEncoder) [0x0007e] in <18a9bb7ce89d4bbea3cf58ee7fd46a9d>:0
  at System.IO.StreamWriter.Flush () [0x00006] in <18a9bb7ce89d4bbea3cf58ee7fd46a9d>:0
  at TlsTest.GetStreamPage (System.String url) [0x000c2] in <7ad9caa5280c42fa9e47b5cc3d9b1e0e>:0
  at TlsTest.Main (System.String[] args) [0x002aa] in <7ad9caa5280c42fa9e47b5cc3d9b1e0e>:0

I've carried out some packet captures - it appears that the Mono process is sending out client hellos in TLS 1.0 only.
Perhaps the problem lies in a dependency?

Does the tlstest.exe you're using actually support TLS1.2/make use of boringssl?

 

[Hazza]

Does the tlstest.exe you're using actually support TLS1.2/make use of boringssl?

I had noticed that the tlstest.cs available from the Mono GitHub repo doesn't contain references to TLS 1.2. I downloaded another version from here, but even with the --tls12 flag it still fails to connect. In fact, with that flag it doesn't even get as far as sending a client hello - just a FINACK.

 

[chippy]

I had noticed that the tlstest.cs available from the Mono GitHub repo doesn't contain references to TLS 1.2. I downloaded another version from here, but even with the --tls12 flag it still fails to connect. In fact, with that flag it doesn't even get as far as sending a client hello - just a FINACK.

Hm well, I can't even get the tlstest.cs supporting TLS1.2 you reference to compile, but using a simple webclient test I have no issues reaching github.com whatsoever:

Code:

using System;
using System.Net;
using System.Net.Sockets;

namespace SSLTest
{
	public class Program
	{
		static void Main(string[] args)
		{
			ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
			ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11
									 | SecurityProtocolType.Tls12;
			WebClient wc = new WebClient();
			string result = wc.DownloadString("https://www.github.com/");
			Console.WriteLine(result);
		}
	}
}

 

[diskdiddler]

Any chance this can be made into an iocage plugin for 11.2.