Главная Обзор Помощь
Вход
yunoadmin
/
bambuddy
зеркало из https://github.com/maziggy/bambuddy
1
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

Fix Bind-TLS proxy handshake failure on OpenSSL 3.x

  Bambu printers only support plain RSA key exchange ciphers
  (AES256-GCM-SHA384, AES128-GCM-SHA256), but Python's OpenSSL 3.x
  defaults exclude them in favor of forward-secrecy (ECDHE/DHE) only.
  Add the RSA ciphers to the client SSL context so the TLS proxy can
  connect to the printer's bind port (3002).
maziggy 2 месяцев назад
Родитель
150eaffe1c
Сommit
aa39f6c866
2 измененных файлов с 5 добавлено и 1 удалено
Разделённый вид Показать статистику Diff
  1. 2 1
      CHANGELOG.md
  2. 3 0
      backend/app/services/virtual_printer/tcp_proxy.py

+ 2 - 1
CHANGELOG.md
Просмотреть файл 

@@ -11,7 +11,8 @@ All notable changes to Bambuddy will be documented in this file.
 
 - **Print Queue Scheduler Diagnostics** ([#616](https://github.com/maziggy/bambuddy/issues/616)) — Added diagnostic logging to the print queue scheduler to help diagnose why queued prints aren't starting. After each queue check, the scheduler now logs a skip summary (how many items were skipped due to manual_start, scheduled_time, etc.) and for each busy printer, logs the exact state preventing it from being considered idle (connected status, printer state, plate_cleared flag). Previously the scheduler only logged "found N pending items" with no visibility into why items were skipped.
 
 
 ### Fixed
 
-- **Bug Report Bubble Overlapping Toasts** — Moved the bug report bubble into the toast container so it always sits at the bottom-right with toast notifications and upload progress stacking above it, instead of overlapping on top of each other.
 
+- **Bug Report Bubble Overlapping Toasts** — Moved toast notifications and upload progress up so they stack above the bug report bubble instead of overlapping on top of each other.
 
+- **Virtual Printer: Bind-TLS Proxy Handshake Failure on OpenSSL 3.x** — The TLS proxy connecting to the printer's bind port (3002) failed with `SSLV3_ALERT_HANDSHAKE_FAILURE` on systems with OpenSSL 3.x (e.g. Python 3.12+) because the default cipher set excludes plain RSA key exchange, which is the only mode Bambu printers support. Added `AES256-GCM-SHA384` and `AES128-GCM-SHA256` to the client SSL context's cipher list.
 
 - **Windows: Server Shuts Down After 60 Seconds** ([#605](https://github.com/maziggy/bambuddy/issues/605)) — On Windows, terminating orphaned ffmpeg camera processes broadcast `CTRL_C_EVENT` to the entire process group, causing uvicorn to interpret it as a user-initiated shutdown. ffmpeg is now spawned in its own process group (`CREATE_NEW_PROCESS_GROUP`) so cleanup no longer affects the server. Reported by @Reactantvr.
 
 
 ## [0.2.2b1] - 2026-03-03

+ 3 - 0
backend/app/services/virtual_printer/tcp_proxy.py
Просмотреть файл 

@@ -129,6 +129,9 @@ class TLSProxy:
 
         ctx.check_hostname = False
 
         ctx.verify_mode = ssl.CERT_NONE
 
         ctx.minimum_version = ssl.TLSVersion.TLSv1_2
 
+        # Bambu printers use plain RSA key exchange (no ECDHE/DHE),
 
+        # which modern OpenSSL 3.x defaults exclude. Add them back.
 
+        ctx.set_ciphers("DEFAULT:AES256-GCM-SHA384:AES128-GCM-SHA256")
 
         return ctx
 
 
     async def start(self) -> None: