Xpra: Ticket #1767: Cannot connect to a windows 10 pro server using SSL

The problem, described below is that I cannot connect using SSL. With TCP it works fine. One thing I remember is that VoidLinux seems to be using LibreSSL, not OpenSSL.

I've tried with kernel 4.14.xx and

Pristine and legit installation, no other software installed by me.

I haven't done changes, but the distribution packager might have.

client desktop is running in 4K

Windows server is running in a KVM virtual machine in the same computer. Tried with NAT only, now also with bridge only setup. Same behaviour.

The windows server is running the xpra shadow service. No modifications. The client works with TCP only:

XPRA_ALLOW_UNENCRYPTED_PASSWORDS=1 xpra attach --bind-tcp=  tcp://luispedro@

The problem is that it doesn't work with SSL:

xpra attach --ssl-server-verify=none ssl://luispedro@
2018-02-13 16:56:50,436 Xpra gtk2 client version 2.2.4-r18312 64-bit
2018-02-13 16:56:50,436  running on Linux VoidLinux rolling void
2018-02-13 16:56:50,436 Warning: failed to import opencv:
2018-02-13 16:56:50,437  No module named cv2
2018-02-13 16:56:50,437  webcam forwarding is disabled
2018-02-13 16:56:50,593 GStreamer version 1.12.4 for Python 2.7.14 64-bit
2018-02-13 16:56:50,660 Warning: cannot import gtk OpenGL module
2018-02-13 16:56:50,660  cannot import name gtkgl
2018-02-13 16:56:50,661 Warning: cannot import native OpenGL module
2018-02-13 16:56:50,661  No module named OpenGL
2018-02-13 16:56:50,661 Warning: no OpenGL backends found
SSL handshake failed: [Errno 104] Connection reset by peer

with the '-d all' debug option (last lines) - see attachment

In the client (Linux):

$ echo $PATH

In the server echo %PATH%:


In the client, from Void linux packaging system version:

$ xpra --version
xpra v2.2.4-r18312

In the server, from the xpra download page:

Xpra 2.2.4 64 bit
revision 18312

First time trying xpra for work.

Not that I know of.

VoidLinux uses !LibreSSL. No other that I know of.

Everytime I try to connect with the above mentioned xpra line with SSL

Tue, 13 Feb 2018 17:26:23 GMT - Luis Mendes: attachment set

answer to guidelines

Wed, 14 Feb 2018 04:11:02 GMT - Antoine Martin: owner, component, description changed; milestone set

(moving information where it can be found)

Your server log is full of stacktraces pointing straight to the issue:

Exception in thread new-tcp-connection:
Traceback (most recent call last):
  File "C:/msys64/mingw64/lib/python2.7/threading.py", line 801, in __bootstrap_inner
  File "C:/msys64/mingw64/lib/python2.7/threading.py", line 754, in run
  File "./xpra/server/server_core.py", line 847, in handle_new_connection
  File "./xpra/server/server_core.py", line 948, in may_wrap_socket
NameError: global name 'endpoint' is not defined

This error was fixed in the 2.2 branch in r18018 and this fix was included in the 2.2.4 release.

So my guess is that you're not running the server version you think you are. Maybe you started the shadow server when an older version was installed?

Wed, 14 Feb 2018 04:29:44 GMT - Antoine Martin: description changed

Never mind, the backport fix done in r18018 was wrong, so 2.2.4 was actually broken wrt ssl socket upgrades. r18429 should fix that, for real this time...

Sorry about that. I should have spotted that, maybe I tested with an earlier 2.2.x build, or with 2.3 RC which isn't affected.

Try the latest 2.2.5 RC or 2.3 beta builds: https://xpra.org/beta/windows. (only the server side is affected and needs updating)

Just don't use the 2.2.x "python3" builds as those need yet another backport fix.

Mon, 12 Mar 2018 15:00:31 GMT - Antoine Martin: status changed; resolution set

Feel free to re-open if I've missed something.

Sat, 23 Jan 2021 05:33:15 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1767