Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

afreecatv: SSLV3_ALERT_HANDSHAKE_FAILURE #8187

Open
10 of 11 tasks
doriok opened this issue Sep 23, 2023 · 7 comments · May be fixed by #10174
Open
10 of 11 tasks

afreecatv: SSLV3_ALERT_HANDSHAKE_FAILURE #8187

doriok opened this issue Sep 23, 2023 · 7 comments · May be fixed by #10174
Labels
cant-reproduce The issue cannot be reliably reproduced site-bug Issue with a specific website triage Untriaged issue

Comments

@doriok
Copy link

doriok commented Sep 23, 2023

DO NOT REMOVE OR SKIP THE ISSUE TEMPLATE

  • I understand that I will be blocked if I intentionally remove or skip any mandatory* field

Checklist

Region

Korea

Provide a description that is worded well enough to be understood

Using '--legacy-server-connect' works.

Provide verbose output that clearly demonstrates the problem

  • Run your yt-dlp command with -vU flag added (yt-dlp -vU <your command line>)
  • If using API, add 'verbose': True to YoutubeDL params instead
  • Copy the WHOLE output (starting with [debug] Command-line config) and insert it below

Complete Verbose Output

[debug] Command-line config: ['-vU', 'https://vod.afreecatv.com/player/96753363']
[debug] Encodings: locale cp949, fs utf-8, pref cp949, out utf-8, error utf-8, screen utf-8
[debug] yt-dlp version [email protected] [b532a3481] (win_exe)
[debug] Python 3.8.10 (CPython AMD64 64bit) - Windows-10-10.0.19045-SP0 (OpenSSL 1.1.1k  25 Mar 2021)
[debug] exe versions: ffmpeg 2022-08-31-git-319e8a49b5-essentials_build-www.gyan.dev (setts), ffprobe 2022-08-31-git-319e8a49b5-essentials_build-www.gyan.dev
[debug] Optional libraries: Cryptodome-3.18.0, brotli-1.0.9, certifi-2023.05.07, mutagen-1.46.0, sqlite3-2.6.0, websockets-11.0.3
[debug] Proxy map: {}
[debug] Loaded 1855 extractors
[debug] Fetching release info: https://api.github.com/repos/yt-dlp/yt-dlp/releases/latest
Available version: [email protected], Current version: [email protected]
Current Build Hash: 5ff3e702171a50175c34397494e2d18ce35d771c2110b1e59bd173ec2fb352aa
yt-dlp is up to date ([email protected])
[afreecatv] Extracting URL: https://vod.afreecatv.com/player/96753363
[afreecatv] 96753363: Downloading JSON metadata
ERROR: SSLV3_ALERT_HANDSHAKE_FAILURE: Try using --legacy-server-connect
Traceback (most recent call last):
  File "urllib\request.py", line 1354, in do_open
  File "http\client.py", line 1252, in request
  File "http\client.py", line 1298, in _send_request
  File "http\client.py", line 1247, in endheaders
  File "http\client.py", line 1007, in _send_output
  File "http\client.py", line 947, in send
  File "http\client.py", line 1421, in connect
  File "ssl.py", line 500, in wrap_socket
  File "ssl.py", line 1040, in _create
  File "ssl.py", line 1309, in do_handshake
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1131)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "yt_dlp\utils\_utils.py", line 1514, in https_open
  File "urllib\request.py", line 1357, in do_open
urllib.error.URLError: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1131)>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "yt_dlp\YoutubeDL.py", line 1560, in wrapper
  File "yt_dlp\YoutubeDL.py", line 1688, in __extract_info
  File "yt_dlp\extractor\common.py", line 710, in extract
  File "yt_dlp\extractor\afreecatv.py", line 185, in _real_extract
  File "yt_dlp\extractor\common.py", line 1064, in download_content
  File "yt_dlp\extractor\common.py", line 1028, in download_handle
  File "yt_dlp\extractor\common.py", line 898, in _download_webpage_handle
  File "yt_dlp\extractor\common.py", line 837, in _request_webpage
  File "yt_dlp\YoutubeDL.py", line 3863, in urlopen
  File "urllib\request.py", line 525, in open
  File "urllib\request.py", line 542, in _open
  File "urllib\request.py", line 502, in _call_chain
  File "yt_dlp\utils\_utils.py", line 1519, in https_open
yt_dlp.utils.YoutubeDLError: SSLV3_ALERT_HANDSHAKE_FAILURE: Try using --legacy-server-connect
@doriok doriok added site-bug Issue with a specific website triage Untriaged issue labels Sep 23, 2023
@coletdjnz
Copy link
Member

coletdjnz commented Sep 23, 2023
edited
Loading

See #2043 for related previous discussion

I would say that's expected, however..

pukkandan's comment at the time:

@wlritchi Thanks for pointing me in the right direction. I have implemented a fix when using the --legacy-server-connect option. I don't think we should enable this fix globally by default. Ideally, there should be a way for the extractor to enable this without the user having to pass the option. But since our context is shared with the whole program, implementing this would be quite difficult

This is possible to implement now per request with the new networking framework, if this is a common problem with the extractor/site.

Edit: though, I'm not sure why this is happening. We enforce the same set of ciphers and tls version for openssl 1.1.1+, and I can't repro

@coletdjnz coletdjnz changed the title SSLV3_ALERT_HANDSHAKE_FAILURE afreecatv: SSLV3_ALERT_HANDSHAKE_FAILURE Sep 23, 2023
@coletdjnz coletdjnz added the cant-reproduce The issue cannot be reliably reproduced label Oct 13, 2023
@jouven
Copy link

jouven commented May 19, 2024

This is happening to me now, tried different machines (from a VPS) which also has the previous yt-dlp version, same result.

[debug] Command-line config: ['-vU', '-F', 'https://vod.afreecatv.com/player/125181799']
[debug] Encodings: locale UTF-8, fs utf-8, pref UTF-8, out utf-8, error utf-8, screen utf-8
[debug] yt-dlp version [email protected] from yt-dlp/yt-dlp [ff0779267]
[debug] Python 3.12.3 (CPython x86_64 64bit) - Linux-6.8.10-lqx1-1-lqx-x86_64-with-glibc2.39 (OpenSSL 3.3.0 9 Apr 2024, glibc 2.39)
[debug] exe versions: ffmpeg 6.1.1 (setts), ffprobe 6.1.1, phantomjs broken, rtmpdump 2.4
[debug] Optional libraries: Cryptodome-3.20.0, brotlicffi-1.1.0.0, certifi-2024.02.02, requests-2.31.0, secretstorage-3.3.3, sqlite3-3.45.3, urllib3-1.26.18, websockets-12.0
[debug] Proxy map: {}
[debug] Request Handlers: urllib, requests, websockets
[debug] Loaded 1810 extractors
[debug] Fetching release info: https://api.github.com/repos/yt-dlp/yt-dlp/releases/latest
Latest version: [email protected] from yt-dlp/yt-dlp
yt-dlp is up to date ([email protected] from yt-dlp/yt-dlp)
[afreecatv] Extracting URL: https://vod.afreecatv.com/player/125181799
[afreecatv] 125181799: Downloading JSON metadata
ERROR: SSLV3_ALERT_HANDSHAKE_FAILURE: The server may not support the current cipher list. Try using --legacy-server-connect
Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/urllib3/connectionpool.py", line 715, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/urllib3/connectionpool.py", line 404, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1058, in _validate_conn
    conn.connect()
  File "/usr/lib/python3.12/site-packages/urllib3/connection.py", line 419, in connect
    self.sock = ssl_wrap_socket(
                ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/ssl.py", line 455, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/ssl.py", line 1042, in _create
    self.do_handshake()
  File "/usr/lib/python3.12/ssl.py", line 1320, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/requests/adapters.py", line 486, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/urllib3/connectionpool.py", line 799, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/urllib3/util/retry.py", line 525, in increment
    raise six.reraise(type(error), error, _stacktrace)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/urllib3/packages/six.py", line 769, in reraise
    raise value.with_traceback(tb)
  File "/usr/lib/python3.12/site-packages/urllib3/connectionpool.py", line 715, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/urllib3/connectionpool.py", line 404, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1058, in _validate_conn
    conn.connect()
  File "/usr/lib/python3.12/site-packages/urllib3/connection.py", line 419, in connect
    self.sock = ssl_wrap_socket(
                ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/ssl.py", line 455, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/ssl.py", line 1042, in _create
    self.do_handshake()
  File "/usr/lib/python3.12/ssl.py", line 1320, in do_handshake
    self._sslobj.do_handshake()
urllib3.exceptions.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/yt_dlp/networking/_requests.py", line 313, in _send
    requests_res = session.request(
                   ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/requests/adapters.py", line 530, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1000)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/yt_dlp/YoutubeDL.py", line 4131, in urlopen
    return self._request_director.send(req)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/networking/common.py", line 115, in send
    response = handler.send(request)
               ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/networking/_helper.py", line 208, in wrapper
    return func(self, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/networking/common.py", line 335, in send
    return self._send(request)
           ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/networking/_requests.py", line 331, in _send
    raise SSLError(cause=e) from e
yt_dlp.networking.exceptions.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1000)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/yt_dlp/YoutubeDL.py", line 1606, in wrapper
    return func(self, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/YoutubeDL.py", line 1741, in __extract_info
    ie_result = ie.extract(url)
                ^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/extractor/common.py", line 734, in extract
    ie_result = self._real_extract(url)
                ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/extractor/afreecatv.py", line 185, in _real_extract
    data = self._download_json(
           ^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/extractor/common.py", line 1127, in download_content
    res = getattr(self, download_handle.__name__)(url_or_request, video_id, **kwargs)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/extractor/common.py", line 1087, in download_handle
    res = self._download_webpage_handle(
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/extractor/common.py", line 954, in _download_webpage_handle
    urlh = self._request_webpage(url_or_request, video_id, note, errnote, fatal, data=data,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/extractor/common.py", line 890, in _request_webpage
    return self._downloader.urlopen(self._create_request(url_or_request, data, headers, query, extensions))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/yt_dlp/YoutubeDL.py", line 4169, in urlopen
    raise RequestError(
yt_dlp.networking.exceptions.RequestError: SSLV3_ALERT_HANDSHAKE_FAILURE: The server may not support the current cipher list. Try using --legacy-server-connect

Tried --legacy-server-connect same result.

@jcn50
Copy link

jcn50 commented May 23, 2024

@jouven strange, for me using --legacy-server-connect fixes the problem/error:

yt-dlp -vU -F  --legacy-server-connect https://vod.afreecatv.com/player/125181799
[debug] Command-line config: ['-vU', '-F', '--legacy-server-connect', 'https://vod.afreecatv.com/player/125181799']
[debug] Encodings: locale UTF-8, fs utf-8, pref UTF-8, out utf-8, error utf-8, screen utf-8
[debug] yt-dlp version [email protected] from yt-dlp/yt-dlp [ff0779267] (linux_exe)
[debug] Python 3.10.14 (CPython x86_64 64bit) - Linux-4.15.0-213-generic-x86_64-with-glibc2.27 (OpenSSL 3.2.1 30 Jan 2024, glibc 2.27)
[debug] exe versions: ffmpeg N-63101-gc92edd969a-static (setts), ffprobe N-63101-gc92edd969a-static
[debug] Optional libraries: Cryptodome-3.19.0, brotli-1.1.0, certifi-2024.02.02, mutagen-1.47.0, requests-2.31.0, secretstorage-3.3.3, sqlite3-3.45.2, urllib3-2.2.1, websockets-12.0
[debug] Proxy map: {}
[debug] Request Handlers: urllib, requests, websockets
[debug] Loaded 1810 extractors
[debug] Fetching release info: https://api.github.com/repos/yt-dlp/yt-dlp/releases/latest
Latest version: [email protected] from yt-dlp/yt-dlp
yt-dlp is up to date ([email protected] from yt-dlp/yt-dlp)
[afreecatv] Extracting URL: https://vod.afreecatv.com/player/125181799
[afreecatv] 125181799: Downloading JSON metadata
[afreecatv] 125181799: Downloading part 1 m3u8 information
[debug] Formats sorted by: hasvid, ie_pref, lang, quality, res, fps, hdr:12(7), vcodec:vp9.2(10), channels, acodec, size, br, asr, proto, vext, aext, hasaud, source, id
[info] Available formats for 1716074263303964:
ID           EXT RESOLUTION │  FILESIZE   TBR PROTO │ VCODEC      ACODEC
───────────────────────────────────────────────────────────────────────────
hls-hd       mp4 960x540    │ ~ 3.81MiB 1000k m3u8  │ avc1.64082A mp4a.40.2
hls-hd4k     mp4 1280x720   │ ~15.26MiB 4000k m3u8  │ avc1.64082A mp4a.40.2
hls-original mp4 1920x1080  │ ~30.52MiB 8000k m3u8  │ avc1.64082A mp4a.40.2

Without it I get the same error as you! But my OpenSSL library is older than yours...

@jouven
Copy link

jouven commented May 23, 2024
edited
Loading

I tried again today and in my up to date desktop setup, arch btw, now it works with or without --legacy-server-connect
In my debian stable vps, it does require --legacy-server-connect but previously didn't work with or without, so... maybe some temporary issue on Afreecatv side...?

@jcn50
Copy link

jcn50 commented May 24, 2024

@jouven maybe it is linked with the Python version?.. If you want you can post your log with --legacy-server-connect on the VPS that does not work~

@hui1601
Copy link
Contributor

hui1601 commented Jun 13, 2024
edited
Loading

It seems to be an API server issue with AfreecaTV. I can reproduce it with the following command.

curl -v --tlsv1.2 --ciphers '@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM' "https://api.m.afreecatv.com"

In short, the reason is that the API server still uses SHA1.

yt-dlp/yt_dlp/networking/_helper.py

Lines 154 to 156 in add96eb

context.set_ciphers(
'@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM')
context.minimum_version = ssl.TLSVersion.TLSv1_2

According to the above rules, only the following ciphers are supported:

OpenSSL supported cipher list 
$ openssl ciphers -s -tls1_2 -stdname '@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM'
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       - ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         - ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       - ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         - ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   - ECDHE-RSA-CHACHA20-POLY1305    TLSv1.2 Kx=ECDH     Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       - ECDHE-ECDSA-AES256-SHA384      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         - ECDHE-RSA-AES256-SHA384        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       - ECDHE-ECDSA-AES128-SHA256      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         - ECDHE-RSA-AES128-SHA256        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384           - DHE-RSA-AES256-GCM-SHA384      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(256)            Mac=AEAD
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           - DHE-RSA-AES128-GCM-SHA256      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(128)            Mac=AEAD
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256           - DHE-RSA-AES256-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(256)               Mac=SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256           - DHE-RSA-AES128-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(128)               Mac=SHA256

However, the API server only supports the following ciphers:

API server cipher list 
$ docker run --rm -ti  drwetter/testssl.sh "vod-archive-kr-cdn-z01.afreecatv.com"
…
Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
TLSv1.2 (no server order, thus listed by strength)
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 
 x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 
 x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   
 x9a     DHE-RSA-SEED-SHA                  DH 2048    SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       
 x96     SEED-SHA                          RSA        SEED        128      TLS_RSA_WITH_SEED_CBC_SHA                          
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  
 x07     IDEA-CBC-SHA                      RSA        IDEA        128      TLS_RSA_WITH_IDEA_CBC_SHA                          
 xc011   ECDHE-RSA-RC4-SHA                 ECDH 256   RC4         128      TLS_ECDHE_RSA_WITH_RC4_128_SHA                     
 x05     RC4-SHA                           RSA        RC4         128      TLS_RSA_WITH_RC4_128_SHA                           
 x04     RC4-MD5                           RSA        RC4         128      TLS_RSA_WITH_RC4_128_MD5                           
 xc012   ECDHE-RSA-DES-CBC3-SHA            ECDH 256   3DES        168      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA                
 x16     EDH-RSA-DES-CBC3-SHA              DH 2048    3DES        168      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                  
 x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      
 Has server cipher order?     no (NOT ok)

So it looks like the error is occurring because there is no cipher supported by OpenSSL when connecting to the API server.

@hui1601
Copy link
Contributor

hui1601 commented Jun 13, 2024

I found a very simple solution: downgrading to HTTP solves the problem. 😂
But I'm not sure this is the best solution. It's a kind of downgrade attack…

@hui1601 hui1601 linked a pull request Jun 13, 2024 that will close this issue
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cant-reproduce The issue cannot be reliably reproduced site-bug Issue with a specific website triage Untriaged issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ie/AfreecaTV] downgrade api protocol to http hui1601/yt-dlp
5 participants
@jouven @coletdjnz @jcn50 @doriok @hui1601