SSL: Wrong signature type error on login

[atlflyer]

Region and Brand of car
Kia/USA

Describe the bug
Login fails during start up or trying to re-add the integration. Logs show an error: SSL: WRONG_SIGNATURE_TYPE

Debug logs if an error occurred

2022-07-12 17:39:35 DEBUG (MainThread) [custom_components.ha_kia_hyundai.api_cloud_util] US KIA in use
2022-07-12 17:39:35 DEBUG (MainThread) [kia_hyundai_api.us_kia] sending https://api.owners.kia.com/apigw/v1/prof/authUser request with {'deviceKey': '', 'deviceType': 2, 'userCredential': {'userId': '***', 'password': '***'}}
2022-07-12 17:39:35 ERROR (MainThread) [aiohttp.server] Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 986, in _wrap_create_connection
    return await self._loop.create_connection(*args, **kwargs)  # type: ignore[return-value]  # noqa
  File "/usr/local/lib/python3.10/asyncio/base_events.py", line 1089, in create_connection
    transport, protocol = await self._create_connection_transport(
  File "/usr/local/lib/python3.10/asyncio/base_events.py", line 1119, in _create_connection_transport
    await waiter
  File "/usr/local/lib/python3.10/asyncio/sslproto.py", line 534, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/local/lib/python3.10/asyncio/sslproto.py", line 188, in feed_ssldata
    self._sslobj.do_handshake()
  File "/usr/local/lib/python3.10/ssl.py", line 975, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:997)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/aiohttp/web_protocol.py", line 435, in _handle_request
    resp = await request_handler(request)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/web_app.py", line 504, in _handle
    resp = await handler(request)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/web_middlewares.py", line 117, in impl
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/security_filter.py", line 60, in security_filter_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/forwarded.py", line 100, in forwarded_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/request_context.py", line 28, in request_context_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/ban.py", line 79, in ban_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/auth.py", line 236, in auth_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/view.py", line 136, in handle
    result = await result
  File "/usr/src/homeassistant/homeassistant/components/config/config_entries.py", line 177, in post
    return await super().post(request, flow_id)
  File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 62, in wrapper
    result = await method(view, request, *args, **kwargs)
  File "/usr/src/homeassistant/homeassistant/helpers/data_entry_flow.py", line 109, in post
    result = await self._flow_mgr.async_configure(flow_id, data)
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 277, in async_configure
    result = await self._async_handle_step(
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 359, in _async_handle_step
    result: FlowResult = await getattr(flow, method)(user_input)
  File "/config/custom_components/ha_kia_hyundai/config_flow.py", line 141, in async_step_auth
    await api_cloud.login()
  File "/config/custom_components/ha_kia_hyundai/api_cloud_us_kia.py", line 82, in login
    self._session_id: str = await self.api.login(self.username, self.password)
  File "/usr/local/lib/python3.10/site-packages/kia_hyundai_api/us_kia.py", line 135, in login
    await self._post_request_with_logging_and_errors_raised(
  File "/usr/local/lib/python3.10/site-packages/kia_hyundai_api/us_kia.py", line 29, in request_with_logging_wrapper
    response = await func(*args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/kia_hyundai_api/us_kia.py", line 117, in _post_request_with_logging_and_errors_raised
    return await self.api_session.post(url=url, json=json_body, headers=headers)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/client.py", line 535, in _request
    conn = await self._connector.connect(
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 542, in connect
    proto = await self._create_connection(req, traces, timeout)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 907, in _create_connection
    _, proto = await self._create_direct_connection(req, traces, timeout)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 1206, in _create_direct_connection
    raise last_exc
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 1175, in _create_direct_connection
    transp, proto = await self._wrap_create_connection(
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 990, in _wrap_create_connection
    raise ClientConnectorSSLError(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host api.owners.kia.com:443 ssl:default [[SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:997)]

To Reproduce
Steps to reproduce the behavior:

1. Click add integration, select Kia/Hyundai
2. Chose region US; brand: Kia
3. Enter username and password.
4. UI shows unknown error; logs show SSL:WRONG_SIGNATURE_TYPE

Expected behavior
Successful login. This integration was working for me before. I didn't happen to notice if it stopped working after a particular HA upgrade, but I don't think there's been a new release of this integration since it was working for me.

[dahlb]

it is the result of a HA update, it stops working in 2022.7, quick fix is to lock HA to 2022.6.5 HA's docker image no longer allows low encryption ssl certs even if they are still valid. I'll look into a fix to allow use in newer HA images but it will likely require reduced security as the ssl cert is no longer able to be verified in newer HA docker images, and I do not expect kia to update their cert.

[dahlb]

this is caused by HA upgrading in 2022.7 to python 3.10 which rejects the weak cert provided by kia aio-libs/aiohttp#955 going to continue looking for a work around when I have more time but I've run out for today and in the mean time downgrading HA works

[dahlb]

the latest version is now compatible with HA 2022.7 by disabling SSL cert verification 640f553 leaving this open in case anybody has ideas on how to verify the cert while still being compatible with python 3.10

[dahlb]

master has been improved to continue checking ssl certs but allow the weak cypher used by kia's cert that is not in the default of python 3.10

[atlflyer]

Outstanding, thank you!