When connecting sliver-py to the server, it prompts:“Ssl handshake failed ”

[eleveni386]

OS： MacOS 15.2 (24C101) M4 Pro
Python version: 3.13.1
openssl version: OpenSSL 3.4.0 22 Oct 2024 (Library: OpenSSL 3.4.0 22 Oct 2024)
sliver-server version : 1.5.42

when sliver-py connect the server , it prompts:

grpc.aio._call.AioRpcError: <AioRpcError of RPC that terminated with:
	status = StatusCode.UNAVAILABLE
	details = "failed to connect to all addresses; last error: UNKNOWN: ipv4:127.0.0.1:31337: Ssl handshake failed (TSI_PROTOCOL_FAILURE): SSL_ERROR_SSL: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE: Invalid certificate verification context"
	debug_error_string = "UNKNOWN:Error received from peer  {grpc_message:"failed to connect to all addresses; last error: UNKNOWN: ipv4:127.0.0.1:31337: Ssl handshake failed (TSI_PROTOCOL_FAILURE): SSL_ERROR_SSL: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE: Invalid certificate verification context", grpc_status:14, created_time:"2025-02-02T14:42:12.194445+08:00"}"
>

the client code:

#!/usr/bin/env python3
import os
import sys
import asyncio
from sliver import SliverClientConfig, SliverClient

DEFAULT_CONFIG = sys.argv[1]

async def main():
    config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)
    print(config)
    client = SliverClient(config)
    print(client)
    print('[*] Connected to server ...')
    await client.connect()
    sessions = await client.sessions()
    print('[*] Sessions: %r' % sessions)
    if len(sessions):
        print('[*] Interacting with session %s', sessions[0].ID)
        interact = await client.interact_session(sessions[0].ID)
        ls = await interact.ls()
        print('[*] ls: %r' % ls)

if __name__ == '__main__':
    asyncio.run(main())

[4dr1rb]

I have same error, any update?

[eleveni386]

I have same error, any update?

I found that this problem occurs when the teamserver is on Mac OS. However, when I deploy the teamserver to Linux and use the same Python code to access the teamserver service, this problem does not occur.

[moloch--]

Very odd, the server OS afaik shouldn't affect Go's TLS stack.

[TimBF]

tracked this one down to an issue with missing support in grpcio for a couple cyphers, we just merged a PR to fix this so if you re-create your server keys and re-generate new operator configs you should be good. That being said expect sliver-py to have some bugs, it hasn't been updated to reflect some of the recent changes done in the main proejct yet