Zello error message. "Can't establish a secure connection"

[KC1ART]

This fixed both login problems. Now let's just hope Zello people won't see this post and block this workaround.

Neat, I’ll have to try it out. My only issue, I’ve already got TwoToneDetect using port 8080. Is it as easy as changing to a different port in the MITM settings?

 

[Fireman-Sam]

Neat, I’ll have to try it out. My only issue, I’ve already got TwoToneDetect using port 8080. Is it as easy as changing to a different port in the MITM settings?

Yes you can specify port in command line, for example "mitmproxy.exe -p 5555". You will see the listening port in the bottom right corner of the console. Remember to set the same port in Zello and add parameter p- 5555 in Windows Task for automatic start at Windows startup. See below screenshots. Note I didn't have time to test the task parameter (last screenshot). Please report back if it works.

 

[txdaredvl]

Hi guys, I found a solution that enables full Zello legacy app functionality as before (Enable TLS and Sign-in when Zello starts).

Just follow these two steps:
1. Install mitmproxy (mitmproxy - an interactive HTTPS proxy). You do not need to configure anything, the default configuration is OK. Just run mitmproxy from start menu or from C:\Program Files\mitmproxy\bin\mitmproxy.exe if you have disabled script execution.
2. Set Zello connection settings as in the screenshot below:

View attachment 187428

Now you will be able to normally login. When you confirm everything works, you can set mitmproxy to autorun with Windows and without the console. Just create Windows Task that runs mitmproxy.exe as SYSTEM on startup:

View attachment 187429View attachment 187430
View attachment 187431

 

[txdaredvl]

As it looks like the legacy app has now been closed off. Both of my computers won't log in at all with the legacy app. (Different accounts). Can any confirm if this set up is working today. I got one of my accounts on using bluestack but would love to get both on if this method hasn't been blocked by zello today.

 

[nosoup4u]

May I ask what the point of doing this is? You are still sending unencrypted traffic over the internet to zello. As long as you can disable TLS in the client, you are not really solving anything here other than being able to click the check box. This

As it looks like the legacy app has now been closed off. Both of my computers won't log in at all with the legacy app. (Different accounts). Can any confirm if this set up is working today. I got one of my accounts on using bluestack but would love to get both on if this method hasn't been blocked by zello today.

I found mine was not working, so I shut it down and restarted it and is working again

 

[txdaredvl]

May I ask what the point of doing this is? You are still sending unencrypted traffic over the internet to zello. As long as you can disable TLS in the client, you are not really solving anything here other than being able to click the check box. This


I found mine was not working, so I shut it down and restarted it and is working again

Will do a pc restart and try it. As I closed mine and tried it still failed. Wonder if the work around above will keep it going after the August deadline.

Edit. The computer had 2 instances of it running. Not sure how that happened. So even though I exited I guess the other running didnt allow it to actually exit.

 

[Fireman-Sam]

For users that are unable to upgrade legacy app, Zello suggested disabling TLS although it is not really recommended. But disabling TLS broke the automatic sign option and required for legacy users to restart their computers and the application to get it to connect.

With mitmproxy you can enable TLS and Sign in when Zello starts without receiving messages "Can't establish a secure connection" and "can't verify your account reconnecting in XX seconds" and you won't have to restart Zello or your computer after every disconnect. The app will work as before.

I'm using this proxy for the first time so I'm not sure if traffic really is encrypted or not after leaving mitmproxy, but the mitmproxy manual says it can intercept and inject the certificates.

Keep in mind that Zello can decide at any time to cancel the token the legacy app is using for connection and completely disable it. So this is still a temporary fix until we migrate to Zello bridge as another user suggested.

 

[Fireman-Sam]

May I ask what the point of doing this is? You are still sending unencrypted traffic over the internet to zello. As long as you can disable TLS in the client, you are not really solving anything here other than being able to click the check box. This


I found mine was not working, so I shut it down and restarted it and is working again

It solves the need for restarting Zello. This was bothering me the most since I needed it to be running unattended and not check every day if it's still working or not.

 

[uni396xt]

so the PC app function is ending right... and with zello bridge we could keep it working? What if I run 5-7 instances of zello on 1 pc? would the bridge allow this?

 

[Fireman-Sam]

You can define multiple links in Zello Bridge. But you need to enter your network name (not free) or your developer token (free) which expires every 30 days. Maybe some brave person will create a script to generate a new token and write it to ZelloBridge.json every 30 days to keep it running... Meanwhile I'm trying to extend the use of legacy app with mitmproxy as long as possible. Maybe I will have time to try zellostream.py... If everything else fails, we will use Zello Bridge with Work account.