-
Notifications
You must be signed in to change notification settings - Fork 261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yalp > 0.35 not working anymore: no network #447
Comments
same |
Seems to be linked to microG stuff. I had the same problem until I deactivated GCM and device registration in microG settings. Now yalp store connects and works just fine. Don't forget to reactivate GCM if you use an app that needs it. |
Ok, just noticed that this is going to be a bit of a problem when trying to use automatic updates or update notifications, since yalp store can't check for updates with microG stuff enabled... |
I am having the same issue |
Apparently the SSL Handshake with the Google API is failing. From logcat:
|
@ccoreilly well let's hope the dev can find a quick fix. I am going on vacation in less then a week and need to download a crap ton of apps. |
Adding info: I have no micro-G-stuff on any of my devices. As a workaround Fdroid should offer the old version 0.35. Not all of you have rooted devices, where one can extract installed apps .... |
Same problem. I tried deactivating GCM but it still shows "no network connection". |
@Spielmops @naloder @amo13 @linuxdude96 @ccoreilly @eduardoeae Since #410 NetChipher library is used to initiate connections. It uses only secure up-to-date ciphers for initiating ssl connections by default. It appears, today something changed on google's side and ssl connections can not be initiated this way. Enabling weaker ciphers ("compatible" as NetChipher calls them) fixes this. |
@Spielmops @naloder @amo13 @linuxdude96 @ccoreilly @eduardoeae |
@yeriomin is the testing app using unsecure alghos? |
@yeriomin The test apk works for me. |
@yeriomin It works! With your test apk I am able to connect to play store again and check for updates. It's strange that Google cut down on secure ciphers though. 😦 |
it didn't. it probably only make it even more restricted.. |
Somehow, this seems kinda like another issue I ran into on a completely unrelated project:
Google's very "Do what I say, not what I do," — A LOT. 🤷♂️ |
Issue yeriomin#447 fixing ssl handshake failure (no network connection)
Same issue over here. |
The test apk also works for me. Android 7.1.2, no gapps/google stuff, I use VPNs with AFWall+. Never had an issue like this before, but it's fixed with the new test app. |
Yes
I wouldn't be surprised if google implemented some cipher which is slightly incompatible with the generally available implementation. So, excluding the following ciphers makes ssl handshake fail: DES DH DSS MD5 RC4
I haven't checked but I think in this case something other than SSLHandshakeException is thrown. |
@yeriomin oh, those are all really old and dangerous to use ciphers. do you think it is possible to make Yalp work without them? i doubt Play Store is depending on them. they were even thrown out of modern browsers (TLS).. |
@yeriomin: Is it possible that they have enabled TLS 1.3 (that include new ciphers if I'm not wrong and maybe they break old ciphers)? Browsers already started to ship it enabled by default. |
@yeriomin I'm no Google fanboy but I honestly can't imagine that they intentionally lower cipher strength. Either they f***ed up their configuration or @ale5000-git is right and they amped up their security and left only some rubbish ciphers for fallback. However the latter one would be stupid (downgrade attacks!) and I also can't imagine that Google would do something like that. In fact I'd rather believe someone is doing MitM than Google acting THAT stupid. This is very strange/suspicious. |
They are no downgrade attacks with TLS 1.3. But the easiest is to test. What is the URL or domain name through which the PlayStore is reached by YalpStore? |
@bungabunga @ale5000-git @DPTJKKVH
It supports them.
Yalp store worked for a month with old ciphers disabled, so maybe this issue is just a misconfiguration which will be fixed on google's side. For some reason today ssl initiation fails when using new ciphers only. Google might have installed some ssl implementation on their servers which is somehow incompatible with ssl implementation on existing android devices, but this is just a guess.
Old ciphers have always been supported and still are. Google cannot drop them while old devices are in use. Today's problem is with new ciphers. |
just wanted to chime in that I have this issue on my 6.0.1 device version 0.40 and the modified apk provided earlier resolved the issue. However, on my 7.1.2 device it still has version 0.35 and works...yet when I tried installing 0.35 on my 6.0.1 device the problem remained...strange. |
I confirm that I still have seen this issue on 3 devices on the last 48h.
But it still works on a:
All using the Yalp default google account. Then it could be something about TLSv1.3 because Android 4.1.2 certainly doesn't support it. edit: all running version 0.40 from F-Droid |
I have Yalp 0.40 install and it's not working. My phone is a Wiko rainbow jam 4G with Android 5.1.1 |
Okay, it didn't understand that it should hopefully be fixed in 0.41 whose build should automatically happen on F-Droid https://gitlab.com/fdroid/fdroiddata/issues/1215 |
I have this log with adb logcat :
Maybe, it can help you. (sorry I didn't read all the previous posts) |
@Niouby The issue is fixed and closed for a couple of days now. You can get v0.41 on releases page or wait for F-Droid to compile it. |
@yeriomin Thanks I didn't notice that there was a v0.41 apk available :D I confirm that it works for me on Android 7.1.2 (Galaxy S5) 🎉 For anyone wanting/needing to try: as it's not the same signature, one can't directly install it over the F-Droid one. Option 1Uninstall Yalp before installing the 0.41 apk. But Yalp app data will be lost (update blacklist and other configuration, shouldn't be an issue for most people) Option 2
Going back to F-Droid to continue receiving update on the long termSame procedure but install the F-Droid version instead of the released 0.41 APK |
@yeriomin ah ! I didn't see the apk, thanks a lot :) |
Some more insights: https://www.mail-archive.com/[email protected]/msg75283.html |
@yeriomin I just checked f-droid metadata: https://f-droid.org/wiki/page/Yalp_Store#Versions |
Up to 0.15 tags are prefixed with "v", eg "v0.15", after that they are like "0.41". Pure speculation, but could it be confusing the bot? |
@tmolitor-stud-tu That is normal. Some releases were compiled weeks after being tagged on github. |
@yeriomin but why does this happen? the last checkupdate run was days after you updated your repo: https://f-droid.org/wiki/page/checkupdates |
It is simply slow, it may take 3/7 days for the wiki page to be updated I think. |
We have similar problems with NewPipe. Maybe we can talk with fdroid to find a way to speed up things. |
Would it be beneficial to have a seperate repository running, just for Yalp Store? |
Honestly I don't think that is a good idea. Seperate repositories can be done, but that would kind of brake the point of fdroid ... i think. Maybe helping fdroid people to fasten things up would be the right thing. |
There is a way to speed-up but I think it is ignored by many developers because it need time to setup: Reproducible Builds. Whis this you can have the apk with developer signature on F-Droid and the user can update the F-Droid version with the one on GitHub and viceversa. |
FYI: I just used the 0.40 Version to check for app updates and it worked. Maybe google corrected something? |
@ale5000-git Could you give me a link to any f-droid app which does this? I could not find any app in fdroid-data which has signatures in metadata. It is quite easy to break metadata which can be fixed only through bureaucracy. Also, current fdroidserver master crashes on attempt to add signatures to metadata:
@chris42 Only 0.41 works for me...
I don't think they would use the term "corrected", but they might change something again.
There are github releases already. Having a f-droid style repo would need a hosting and will require user interaction to work. No benefits over github releases.
I agree, but while there are some ways to speed up their builds, it seems to me that they have more of an organizational problem. They not only know the problems with their software, but they know the solutions, but not implementing them. Good example: https://gitlab.com/fdroid/fdroidserver/issues/451 Besides, even with the software they have, running builds daily would not be a problem (tested this, the |
I cant get 0.41 to work. Keeps saying there are errors on the HTTP level. Same issue? Or should I file another one? |
I reloged in, don't know if that would help for you. |
The old error is gone and login & search work again. However downloading apps fails with a "malformed request" message. Clearing the app data resolved the issue for me. |
F-Droid is finally @ v. 0.41 (since the last few hours)! |
Thanks, I confirm that 0.41 work. I just retried and v0.40 works. really strange. |
"TLS_FALLBACK_SCSV" MUST NOT be set on first connect, see yeriomin/YalpStore#447 (comment) and RFC 7507 closes #74
Hi, I am using S6 Edge with Lineage 16. |
If I start Yalp and tap on "search for updates" it tells me "no network connection"
This behaviour happens with version 0.39 and 0.40 (could not download 0.36 - 0.38) and with Lollipop and Nougat, but Yalp 0.40 works with Jelly Bean.
I deinstalled Yalp and reinstalled the version 0.35 and everything is OK.
My devices are rootet, every app named "Google-xxx" or similar are disabled, AF-Wall is installed (and Yalp has permission), AdAway is working, Xprivacy is disabled for Yalp. So: nothing changed between versions 0.35 and 0.40 but Yalp itself.
Spielmops
The text was updated successfully, but these errors were encountered: