Hi there,
is there already a version for 5.0.0.M1 where you need some testing?
KR
Many many thanks @nemer - you are great!
Yes ! I built a 5.X.X version, but I couldn’t test it already because my test environment is a 32bit and java 21 needed for this version doesn’t have a 32bit release yet.
I delivered the 5.X.X in my repository, please let me know if it’s working.
Regards.
1 Like
The property names for text configuration was changed to follow the OH standard naming as @jgesser explained. Maybe other text config names can change as well because the binding is passing though a official review, and I ask people that use text file based specification to pay attention in every update. I will let some examples in the REDME.md file about changes and property names.
I just updated OH from 4.2 to 4.3.3 as well. I can no longer get the bridge online.
Is there any breaking changes in the binding? I camt seem to find any info.
This is what I get in the log file:
2025-03-09 11:35:54.013 [ERROR] [ices.LGThinQAbstractApiClientService] - Error calling device list from LG Server API. The reason is:Please consider using the official API. Visit https://smartsolution.developer.lge.com/en/product/useCase11?s=1740015848379 for more details.
2025-03-09 11:35:54.017 [INFO ] [ab.event.ThingStatusInfoChangedEvent] - Thing 'lgthinq:bridge:4bb559ca4d' changed from ONLINE to OFFLINE: Error getting devices from LG API in scanner process.
2025-03-09 11:35:54.018 [INFO ] [ab.event.ThingStatusInfoChangedEvent] - Thing 'lgthinq:202:4bb559ca4d:a6fc6dc7-34e8-147a-8f50-44cb8b0819e7' changed from ONLINE to OFFLINE (BRIDGE_OFFLINE)
2025-03-09 11:35:54.018 [INFO ] [ab.event.ThingStatusInfoChangedEvent] - Thing 'lgthinq:201:4bb559ca4d:592bd2a4-d3e7-16e9-a69f-44cb8b2e0c43' changed from ONLINE to OFFLINE (BRIDGE_OFFLINE)
Please, get the lateste 4.3.0 version in my repo.
1 Like
Works perfectly, thanks guys!
Thx..
Could you link to your repo?
Thx for your work! You are the best!
1 Like
Is it possible in the API to get energy monitoring details for washers and dryers? Here’s what the app shows:
It’s possible. However, you need to share with me your device in order to I can map the data exchange to program in the binding. If you agree with it, we can call me privately.
My System:
ASUS PN41 PE (PentiumSilver N6000 1.10GHz /8GB RAM/SSD) / WinSrv2025 Latest
OHv5.0.3, Temurin 21.0.9+10-LTS
Mosquitto v2.0.22, Z2M v2.7.1
PosgeSQLv17.6.2 (special items), rrd4j(supported types), mapdb (strings restore on startup)
Binding doesn’t work, reports an error
Status: OFFLINE
**COMMUNICATION_ERROR**
Communication Error with LG API
My Config
Tell me what I’m doing wrong, please (((( 
Full from DEBUG
2025-12-08 16:57:22.216 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : invoking deactivate: deactivate: parameters []
2025-12-08 16:57:22.217 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : invoked deactivate: deactivate
2025-12-08 16:57:22.220 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : DependencyManager: osgi.ds.satisfying.condition close component unbinding from org.apache.felix.scr.impl.manager.ComponentContextImpl@51083967 at tracking count 1 refpairs: [[RefPair: ref: [{org.osgi.service.condition.Condition}={service.id=6, service.bundleid=0, service.scope=singleton, service.pid=0.org.osgi.service.condition.ConditionImpl, osgi.condition.id=true}] service: [null]]]
2025-12-08 16:57:22.223 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : Querying state active
2025-12-08 16:57:22.225 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : Changed state from active to satisfied
2025-12-08 16:57:23.361 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : ServiceFactory.getService()
2025-12-08 16:57:23.362 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : This thread collected dependencies
2025-12-08 16:57:23.363 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : getService (ServiceFactory) dependencies collected.
2025-12-08 16:57:23.363 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : Querying state satisfied
2025-12-08 16:57:23.364 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : For dependency osgi.ds.satisfying.condition, optional: false; to bind: [[RefPair: ref: [{org.osgi.service.condition.Condition}={service.id=6, service.bundleid=0, service.scope=singleton, service.pid=0.org.osgi.service.condition.ConditionImpl, osgi.condition.id=true}] service: [null]]]
2025-12-08 16:57:23.366 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : invoking activate: activate: parameters [org.apache.felix.scr.impl.helper.ReadOnlyDictionary]
2025-12-08 16:57:23.367 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : invoked activate: activate
2025-12-08 16:57:23.367 [DEBUG] [al.discovery.LGThinqDiscoveryService] - bundle org.openhab.binding.lgthinq:5.0.3 (291)[org.openhab.binding.lgthinq.internal.discovery.LGThinqDiscoveryService(359)] : Changed state from satisfied to active
2025-12-08 16:57:23.374 [DEBUG] [nternal.handler.LGThinQBridgeHandler] - Initializing LGThinq bridge handler.
2025-12-08 16:57:23.547 [DEBUG] [ces.api.LGThinqOauthEmpAuthenticator] - encrypted_pw=```Ag1+V4...PRIVACY_REMOVED...xQbEkFm, signature=Xnl...PRIVACY_REMOVED...qZHKug=, tStamp=1765202243
2025-12-08 16:57:23.594 [DEBUG] [nternal.handler.LGThinQBridgeHandler] - Error accessing LG API. Updating Bridge Status to OFFLINE.
org.openhab.binding.lgthinq.lgservices.errors.AccountLoginException: Error doing user's account login on the Emp LG Server
at org.openhab.binding.lgthinq.lgservices.api.TokenManager.oauthFirstRegistration(TokenManager.java:111) ~[?:?]
at org.openhab.binding.lgthinq.internal.handler.LGThinQBridgeHandler$PollingRunnable.run(LGThinQBridgeHandler.java:276) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) ~[?:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:317) ~[?:?]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[?:?]
at java.lang.Thread.run(Thread.java:1583) [?:?]
Caused by: org.openhab.core.i18n.CommunicationException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure
at org.openhab.binding.lgthinq.lgservices.api.RestUtils.postCall(RestUtils.java:161) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.RestUtils.postCall(RestUtils.java:134) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.LGThinqOauthEmpAuthenticator.loginUser(LGThinqOauthEmpAuthenticator.java:165) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.TokenManager.oauthFirstRegistration(TokenManager.java:109) ~[?:?]
... 7 more
Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure
at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) ~[?:?]
at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101) ~[?:?]
at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:732) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.RestUtils.postCall(RestUtils.java:146) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.RestUtils.postCall(RestUtils.java:134) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.LGThinqOauthEmpAuthenticator.loginUser(LGThinqOauthEmpAuthenticator.java:165) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.TokenManager.oauthFirstRegistration(TokenManager.java:109) ~[?:?]
... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure
at sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[?:?]
at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:370) ~[?:?]
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:287) ~[?:?]
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:209) ~[?:?]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]
at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482) ~[?:?]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection.unwrap(SslConnection.java:429) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:718) ~[?:?]
at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:168) ~[?:?]
at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:80) ~[?:?]
at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:131) ~[?:?]
at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:172) ~[?:?]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164) ~[?:?]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[?:?]
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) ~[?:?]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) ~[?:?]
... 1 more
Some from TRACE
2025-12-08 16:59:08.864 [TRACE] [ing.lgthinq.lgservices.api.RestUtils] - POST response: {"encrypted_pw":"Ag1+V4...PRIVACY_REMOVED...3yVsO7sFn","signature":"7v7...PRIVACY_REMOVED...ibIRk=","tStamp":"1765202348"}
2025-12-08 16:59:08.864 [DEBUG] [ces.api.LGThinqOauthEmpAuthenticator] - encrypted_pw=Ag1+V4.....PRIVACY_REMOVED....3yVsO7sFn, signature=7v7...PRIVACY_REMOVED...ibIRk=, tStamp=1765202348
2025-12-08 16:59:08.864 [TRACE] [ing.lgthinq.lgservices.api.RestUtils] - POST request to URI: https://ru.emp.lgsmartplatform.com/emp/v2.0/account/session/PRIVACY_REMOVED%40gmail.com
2025-12-08 16:59:08.908 [DEBUG] [nternal.handler.LGThinQBridgeHandler] - Error accessing LG API. Updating Bridge Status to OFFLINE.
org.openhab.binding.lgthinq.lgservices.errors.AccountLoginException: Error doing user's account login on the Emp LG Server
at org.openhab.binding.lgthinq.lgservices.api.TokenManager.oauthFirstRegistration(TokenManager.java:111) ~[?:?]
at org.openhab.binding.lgthinq.internal.handler.LGThinQBridgeHandler$PollingRunnable.run(LGThinQBridgeHandler.java:276) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) ~[?:?]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:358) ~[?:?]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[?:?]
at java.lang.Thread.run(Thread.java:1583) [?:?]
Caused by: org.openhab.core.i18n.CommunicationException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure
at org.openhab.binding.lgthinq.lgservices.api.RestUtils.postCall(RestUtils.java:161) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.RestUtils.postCall(RestUtils.java:134) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.LGThinqOauthEmpAuthenticator.loginUser(LGThinqOauthEmpAuthenticator.java:165) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.TokenManager.oauthFirstRegistration(TokenManager.java:109) ~[?:?]
... 7 more
Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure
at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) ~[?:?]
at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101) ~[?:?]
at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:732) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.RestUtils.postCall(RestUtils.java:146) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.RestUtils.postCall(RestUtils.java:134) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.LGThinqOauthEmpAuthenticator.loginUser(LGThinqOauthEmpAuthenticator.java:165) ~[?:?]
at org.openhab.binding.lgthinq.lgservices.api.TokenManager.oauthFirstRegistration(TokenManager.java:109) ~[?:?]
... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: (handshake_failure) Received fatal alert: handshake_failure
at sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[?:?]
at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:370) ~[?:?]
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:287) ~[?:?]
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:209) ~[?:?]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]
at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482) ~[?:?]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection.unwrap(SslConnection.java:429) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:718) ~[?:?]
at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:168) ~[?:?]
at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:80) ~[?:?]
at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:131) ~[?:?]
at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:172) ~[?:?]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410) ~[?:?]
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164) ~[?:?]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[?:?]
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) ~[?:?]
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) ~[?:?]
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) ~[?:?]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) ~[?:?]
... 1 more
I tried it from Python and created a PAT for this login/password. Everything works.
import asyncio
from aiohttp import ClientSession
from thinqconnect.thinq_api import ThinQApi
async def test_devices_list():
async with ClientSession() as session:
thinq_api = ThinQApi(session=session, access_token='thinqpat_PRIVACY_REMOVED', country_code='RU', client_id='38314311-cedc-4cd8-a856-adbd1f939722')
response = await thinq_api.async_get_device_list()
print("device_list : %s", response)
asyncio.run(test_devices_list())
From python
device_list : %s [{'deviceId': 'PRIVACY_REMOVED', 'deviceInfo': {'deviceType': 'DEVICE_WASHER', 'modelName': 'F_V7_F___W.B_1QEUK', 'alias': 'washing machine', 'reportable': True}}]
LG Servers test (for RU)
=== LG Servers Connection Test ===
Java version: 21.0.9
Java home: r:\servers\openhab\jdk\openjdk21u-jdk_x64_windows_hotspot_21.0.9_10
1. Testing with STRICT SSL verification (like OpenHAB):
================================================================================
? https://ruic.lgthinq.com:46030/api | Code: 200 | Time: 1844ms
? https://ruic-service.lgthinq.com:46030/v1 | Error: IOException: Server returned HTTP response code: 400 for URL: https://ruic-service.lgthinq.com:46030/v1
? https://ru.m.lgaccount.com | Code: 200 | Time: 598ms
? https://ru.m.lgaccount.com/spx | Code: 200 | Time: 111ms
? https://ru.emp.lgsmartplatform.com | Error: FileNotFoundException: https://ru.emp.lgsmartplatform.com
? https://ru.lgeapi.com | Error: FileNotFoundException: https://ru.lgeapi.com
? https://ru.emp.lgsmartplatform.com/ | Error: FileNotFoundException: https://ru.emp.lgsmartplatform.com/
? https://ru.lgemembers.com/lgacc/service/v1/ | Error: FileNotFoundException: https://ru.lgemembers.com/lgacc/service/v1/
? https://ru.rac.lgeapi.com | Error: SSL Error: CertificateExpiredException: NotAfter: Wed Jul 17 02:59:59 MSK 2024
--> Possible certificate store issue!
? https://ruic-common.lgthinq.com | Error: FileNotFoundException: https://ruic-common.lgthinq.com
? https://ruic-iotservice.lgthinq.com | Error: IOException: Server returned HTTP response code: 403 for URL: https://ruic-iotservice.lgthinq.com
? https://apigw-ext.lge.com:7211/gateway/gobs/api2api | Error: FileNotFoundException: https://apigw-ext.lge.com:7211/gateway/gobs/api2api
? https://emp-oauth.lgecloud.com | Error: FileNotFoundException: https://emp-oauth.lgecloud.com
? https://ru-mdc.lgeapi.com | Error: UnknownHostException: ru-mdc.lgeapi.com
2. Testing with DISABLED SSL verification (diagnostic):
================================================================================
? https://ruic.lgthinq.com:46030/api | Code: 200 | Time: 78ms
? https://ruic-service.lgthinq.com:46030/v1 | Error: IOException: Server returned HTTP response code: 400 for URL: https://ruic-service.lgthinq.com:46030/v1
? https://ru.m.lgaccount.com | Code: 200 | Time: 83ms
? https://ru.m.lgaccount.com/spx | Code: 200 | Time: 156ms
? https://ru.emp.lgsmartplatform.com | Error: FileNotFoundException: https://ru.emp.lgsmartplatform.com
? https://ru.lgeapi.com | Error: FileNotFoundException: https://ru.lgeapi.com
? https://ru.emp.lgsmartplatform.com/ | Error: FileNotFoundException: https://ru.emp.lgsmartplatform.com/
? https://ru.lgemembers.com/lgacc/service/v1/ | Error: FileNotFoundException: https://ru.lgemembers.com/lgacc/service/v1/
? https://ru.rac.lgeapi.com | Error: FileNotFoundException: https://ru.rac.lgeapi.com
? https://ruic-common.lgthinq.com | Error: FileNotFoundException: https://ruic-common.lgthinq.com
? https://ruic-iotservice.lgthinq.com | Error: IOException: Server returned HTTP response code: 403 for URL: https://ruic-iotservice.lgthinq.com
? https://apigw-ext.lge.com:7211/gateway/gobs/api2api | Error: FileNotFoundException: https://apigw-ext.lge.com:7211/gateway/gobs/api2api
? https://emp-oauth.lgecloud.com | Error: FileNotFoundException: https://emp-oauth.lgecloud.com
? https://ru-mdc.lgeapi.com | Error: UnknownHostException: ru-mdc.lgeapi.com
3. Testing port availability (without HTTPS):
================================================================================
? ruic.lgthinq.com | Port 46030 OPEN | Time: 20ms
? ruic.lgthinq.com | Port 47878 OPEN | Time: 17ms
? ruic-media.lgthinq.com | Port 47800 OPEN | Time: 446ms
4. System SSL configuration:
================================================================================
SSL Protocols enabled: TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2Hello
Default TrustStore: Default Java store
SSL Cipher Suites:
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
... and 27 more
The servers is all available. Is there a way I can test the connection/login myself? Is there some a script? Maybe in JavaScript?
Hi, can you extend your binding with my hot water heat pump LG WH27STR2.FA? I will share device profile list and responses for device information via DM. BR
Sorry for the late reply. I’m currently on vacation. Based on the logs you shared, this does not look like an issue in the OpenHAB add-on itself. It looks like a TLS/SSL certificate problem on the LG RU endpoints.
The key line is this one:
SSL Error: CertificateExpiredException (NotAfter: Wed Jul 17 02:59:59 MSK 2024)
If an endpoint (or the certificate chain it presents) is expired or invalid, Java will fail the TLS handshake by design. OpenHAB runs on the JVM, and the JVM is quite strict about certificate validation for security reasons. Because of that, I don’t recommend any workaround that disables SSL verification or “trusts” an expired certificate, that would reduce security and could expose your account/session to interception.
When I’m back and have more time, I’ll dig deeper and propose the best next steps. In the meantime, if you want to help confirm the root cause, you can run (or share) a quick certificate check from the affected network, for example:
curl -vI https://ru.rac.lgeapi.com/
or openssl s_client -servername ru.rac.lgeapi.com -connect ru.rac.lgeapi.com:443
Thanks again for the detailed report. it’s very helpful, and I’ll update you as soon as I have a safe troubleshooting path.
Hi! Thanks for your reply.
I compiled the extension and checked its operation in debug mode.
The problem occurs when accessing this site: https://ru.emp.lgsmartplatform.com/emp/v2.0/account/session/user@domain.com.
I weakened the SSL using the httpClient in RestUtils.java’s postCall method and was able to obtain a auth token when calling methid loginUser (which is where the connection failure occurred). Then I removed the debug jar and installed your original binding. Everything works.
I wanted to find the httpClient settings, but I don’t know how to clear auth token. The loginUser method is no longer called because the token has already been received. How to force reset token?
private static HttpClient createHttpClient() {
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
sslContextFactory.setTrustAll(true);
sslContextFactory.setValidateCerts(false);
sslContextFactory.setValidatePeerCerts(false);
sslContextFactory.setEndpointIdentificationAlgorithm(null);
sslContextFactory.setIncludeProtocols("TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
sslContextFactory.setExcludeProtocols();
sslContextFactory.setExcludeCipherSuites("^$");
HttpClient httpClient = new HttpClient(sslContextFactory);
httpClient.setConnectTimeout(10000);
return httpClient;
}
@Nullable
private static RestResult postCall(HttpClient httpClientOFF, String encodedUrl, Map<String, String> headers,
ContentProvider contentProvider) {
HttpClient httpClient = createHttpClient();
try {
httpClient.start();
Request request = httpClient.newRequest(encodedUrl).method("POST").content(contentProvider).timeout(10,
TimeUnit.SECONDS);
headers.forEach(request::header);
LOGGER.trace("POST request to URI: {}", request.getURI());
I wrote a simple Java program that connects like preLoginUser (https://ru.m.lgaccount.com/spx/preLogin) and loginUser (https://ru.emp.lgsmartplatform.com/emp/v2.0/account/session/user@domain.com) without any additional configuration. No problems, I log in just fine!
openssl s_client -servername ru.emp.lgsmartplatform.com -connect ru.emp.lgsmartplatform.com:443
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
CONNECTED(000001F0)
---
Certificate chain
0 s:CN = ru.emp.lgsmartplatform.com
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGXTCCBUWgAwIBAgIQVfISeuYf4D2mbMWo7lkgVjANBgkqhkiG9w0BAQsFADCB
jzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD
Ey5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB
MB4XDTI1MTExODAwMDAwMFoXDTI2MTIxOTIzNTk1OVowJTEjMCEGA1UEAxMacnUu
ZW1wLmxnc21hcnRwbGF0Zm9ybS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDaN4Cb55WSlmSwkf3V5aoXP0MRlJBwp9PFGRjdF+3YGNNdMCVm6Ptn
fl2Lt8cOz37BJ7NlbuzL9pkR/BkU/b4sS1AhORZPGKhUCOG9fvh9WPa3I4KzplMu
qAZ5VU4SWirbVgwMYSKDYA8HWVVjGs9pm8Qx06Y7SYD6sr0rtqLzMzdALnVzAIYJ
6YjNgFFdF92ckSF+QEC1pc60oeYEnRrS3ZsxX9/JJs6yhWHl440S5nIKzyVGfaql
04JJH7PqxvgMavcxqtrgworaWe+Bx5Dpcw2aNGEr57QKQ5qZSVu2d6LYW8b3pHFV
f6VZTtX/OPjUowUc+BwUwMvyayUqJtzRAgMBAAGjggMcMIIDGDAfBgNVHSMEGDAW
gBSNjF7EVK2K4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUC4xQEfbZ7JTBFuLd8HQf
P5Xyr5UwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAj
BggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGE
BggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5j
b20vU2VjdGlnb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMEUGA1UdEQQ+MDyC
GnJ1LmVtcC5sZ3NtYXJ0cGxhdGZvcm0uY29tgh53d3cucnUuZW1wLmxnc21hcnRw
bGF0Zm9ybS5jb20wggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2ANgJVTuUT3r/
yBYZb5RPhauw+Pxeh1UmDxXRLnK7RUsUAAABmpYAK2sAAAQDAEcwRQIhANxs9FaO
Teo6lg1NYWWoFZ6djL8wps2gxf0EKFJtnWjjAiB2kIEjA9PLkkrjTgfgk9Yai1zk
c42KC7YmnXV0WarNvQB3AK9niDtXsE7dj6bZfvYuqOuBCsdxYPAkXlXWDC/nhYc6
AAABmpYAK+IAAAQDAEgwRgIhAJH0IZu4WVFnk98vQJs74isJ/tg4BKVrNKJ7xjEo
kp4RAiEA7ySXnVXAwXBIu+XpULcYb7dCgXBUNkJhpKSsSyZG9FUAdQCsqzBwbOvs
hDH0E9L0kV8RHkIkQ7HypoxPPCs7px4CwwAAAZqWACsGAAAEAwBGMEQCIC/gC+Km
wBtSubjIdoKA/cIm3c9bwEzIrobT2Y76G5LDAiAN02Fo6wCeTRSgARnobtnV6hT8
FA2jd8zSrW/Oi8Os+TANBgkqhkiG9w0BAQsFAAOCAQEAtDLbh9S3gO02+VvlNf7/
nuw4jdJI9kWaCXeKYQi/Kq4o5OvZMuN7L5onV0vO07WHOW7OwQODn3i6eqBch7SP
aLpBsZhk00mKiuJ5i2abrCzeZQwSQ7eEo9cl2jrKxTRnrUVOwB5fwOq7xnCKTfze
9eDHvOS2dYwiCa7fXxlWagzyj8NhNgkH/tzKRfwn5KOSqcAnxbUszCrjqeqkCg3D
ElKtAkCSvIX0gce13bD+M/XYQAQck1oThc7PKU8ZoEsLNbMPol42TFEoODjz5osp
NLyBQjAZuyU9n8eZEqAJ5V5hmajVNwqbxD/Co7cfeFiZDilmJ3xk9AElM9SIGkZK
ag==
-----END CERTIFICATE-----
subject=CN = ru.emp.lgsmartplatform.com
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 5076 bytes and written 646 bytes
Verification error: self signed certificate in certificate chain
---
New, TLSv1.2, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: AEC6E1712518F1016210E60F896C74471ED9EAB399BCFD4A144AE0211FC151BB
Session-ID-ctx:
Master-Key: A1751E4CF56C7E0C64DB06075D6F9C97BFC2E857162BF884A1BF43F506FA9314C88EF61832E0ADA3BAD360DA410E7F9F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 10 a1 b3 cf b5 9c 9a 9c-e6 9f 7f e1 c5 e5 18 8e ................
0010 - 7e 2b b9 b0 4d 1f 6c 99-b1 40 c1 fc c6 ba b7 24 ~+..M.l..@.....$
0020 - 1b 1f 15 30 28 8c 7d 22-22 3e 13 22 16 44 85 19 ...0(.}"">.".D..
0030 - 66 86 e4 20 7d b4 2a 25-44 a3 02 e9 f4 fd 31 51 f.. }.*%D.....1Q
0040 - 6d 01 8e 7c f8 b8 27 67-62 0e 26 97 f9 e2 d3 c9 m..|..'gb.&.....
0050 - b5 44 7a c8 01 86 5d 77-30 f2 e5 d6 b4 d4 ca 19 .Dz...]w0.......
0060 - 9a 03 b2 8d 54 b8 a6 5e-b1 ef 10 dc 43 36 c9 3a ....T..^....C6.:
0070 - 73 27 cf f3 02 7e a3 4f-71 a6 0a 0d 2f ae 6e 39 s'...~.Oq.../.n9
0080 - d2 43 06 0d d4 bc 75 97-70 b0 25 c4 50 84 11 41 .C....u.p.%.P..A
0090 - 17 ba c1 23 98 a5 eb a8-31 47 33 11 67 6c c4 6d ...#....1G3.gl.m
00a0 - 96 ff 75 fd 3c 85 be 65-b9 ae 19 e8 dc 22 a9 d9 ..u.<..e....."..
00b0 - 19 f4 b1 72 ad 7b c3 f6-c2 2b e9 73 30 b0 b2 f0 ...r.{...+.s0...
00c0 - 9c 55 88 b1 2d a4 32 0d-13 72 53 04 ea 11 7d 51 .U..-.2..rS...}Q
00d0 - b4 4f e8 f1 fb 94 e8 4b-1e fd 54 c8 6f 79 a8 ec .O.....K..T.oy..
Start Time: 1765806345
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
Extended master secret: no
---
closed
A couple of important observations:
- The certificate presented by ru.emp.lgsmartplatform.com itself does not look expired (your
openssl s_clientshows a valid leaf cert and TLS 1.2 negotiation). - However, your OpenSSL output shows: “Verify return code: 19 (self signed certificate in certificate chain)”. In practice, this usually means the local trust store / CA bundle on your system (or on the JVM used by OpenHAB) does not trust the chain (e.g., missing USERTrust / Sectigo roots), not that the server is actually “self-signed”.
Because of that, the safe fix is NOT to disable SSL verification (trustAll / validate=false), but to make sure OpenHAB is running with an up-to-date JVM truststore.
Please check which JVM OpenHAB is actually using
- On Linux, also run:
ps aux | grep -i openhaband check the Java path. - On Windows: I don’t know
Quick truststore check (Java)
If you can run keytool, please check whether the root CA is present:
- On Linux:
keytool -list -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit | grep -i usertrust - On Windows: I don’t know
If USERTrust/Sectigo roots are missing, updating/replacing the JVM used by OpenHAB normally fixes the handshake without weakening SSL.
About “forcing token reset”
The binding stores the auth token, so once a token exists loginUser won’t be called again.
To force a clean login:
- Stop OpenHAB.
- Move the file in <OH_USERDATA>/thinq/thinqbridge-XXXXXXX.json for some other extension (just to hold a backup) - the binding will recreate the token
- Start OpenHAB and see the status of the bridge.
Your results strongly suggest a truststore / CA bundle mismatch between the JVM used by OpenHAB and the JVM used in your standalone Java test, but your analysis will confirm me better about that.
As I understand it, the server sends the root certificate (USERTrust RSA Certification Authority, third below in the command output) in the chain.
This is a self-signed certificate, according to SSL. I assume this is a server configuration issue, if I’m correct. The server might not be sending the full certificate chain. The USERTrust root certificate shouldn’t be in the chain sent by the server - only intermediate certificates should be sent.
openssl s_client -servername ru.emp.lgsmartplatform.com -connect ru.emp.lgsmartplatform.com:443 -showcerts
CONNECTED(000001D4)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = ru.emp.lgsmartplatform.com
verify return:1
---
Certificate chain
0 s:CN = ru.emp.lgsmartplatform.com
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----
MIIGXTCCBUWgAwIBAgIQVfISeuYf4D2mbMWo7lkgVjANBgkqhkiG9w0BAQsFADCB
jzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD
Ey5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB
MB4XDTI1MTExODAwMDAwMFoXDTI2MTIxOTIzNTk1OVowJTEjMCEGA1UEAxMacnUu
ZW1wLmxnc21hcnRwbGF0Zm9ybS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDaN4Cb55WSlmSwkf3V5aoXP0MRlJBwp9PFGRjdF+3YGNNdMCVm6Ptn
fl2Lt8cOz37BJ7NlbuzL9pkR/BkU/b4sS1AhORZPGKhUCOG9fvh9WPa3I4KzplMu
qAZ5VU4SWirbVgwMYSKDYA8HWVVjGs9pm8Qx06Y7SYD6sr0rtqLzMzdALnVzAIYJ
6YjNgFFdF92ckSF+QEC1pc60oeYEnRrS3ZsxX9/JJs6yhWHl440S5nIKzyVGfaql
04JJH7PqxvgMavcxqtrgworaWe+Bx5Dpcw2aNGEr57QKQ5qZSVu2d6LYW8b3pHFV
f6VZTtX/OPjUowUc+BwUwMvyayUqJtzRAgMBAAGjggMcMIIDGDAfBgNVHSMEGDAW
gBSNjF7EVK2K4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUC4xQEfbZ7JTBFuLd8HQf
P5Xyr5UwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAj
BggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGE
BggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5j
b20vU2VjdGlnb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMEUGA1UdEQQ+MDyC
GnJ1LmVtcC5sZ3NtYXJ0cGxhdGZvcm0uY29tgh53d3cucnUuZW1wLmxnc21hcnRw
bGF0Zm9ybS5jb20wggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2ANgJVTuUT3r/
yBYZb5RPhauw+Pxeh1UmDxXRLnK7RUsUAAABmpYAK2sAAAQDAEcwRQIhANxs9FaO
Teo6lg1NYWWoFZ6djL8wps2gxf0EKFJtnWjjAiB2kIEjA9PLkkrjTgfgk9Yai1zk
c42KC7YmnXV0WarNvQB3AK9niDtXsE7dj6bZfvYuqOuBCsdxYPAkXlXWDC/nhYc6
AAABmpYAK+IAAAQDAEgwRgIhAJH0IZu4WVFnk98vQJs74isJ/tg4BKVrNKJ7xjEo
kp4RAiEA7ySXnVXAwXBIu+XpULcYb7dCgXBUNkJhpKSsSyZG9FUAdQCsqzBwbOvs
hDH0E9L0kV8RHkIkQ7HypoxPPCs7px4CwwAAAZqWACsGAAAEAwBGMEQCIC/gC+Km
wBtSubjIdoKA/cIm3c9bwEzIrobT2Y76G5LDAiAN02Fo6wCeTRSgARnobtnV6hT8
FA2jd8zSrW/Oi8Os+TANBgkqhkiG9w0BAQsFAAOCAQEAtDLbh9S3gO02+VvlNf7/
nuw4jdJI9kWaCXeKYQi/Kq4o5OvZMuN7L5onV0vO07WHOW7OwQODn3i6eqBch7SP
aLpBsZhk00mKiuJ5i2abrCzeZQwSQ7eEo9cl2jrKxTRnrUVOwB5fwOq7xnCKTfze
9eDHvOS2dYwiCa7fXxlWagzyj8NhNgkH/tzKRfwn5KOSqcAnxbUszCrjqeqkCg3D
ElKtAkCSvIX0gce13bD+M/XYQAQck1oThc7PKU8ZoEsLNbMPol42TFEoODjz5osp
NLyBQjAZuyU9n8eZEqAJ5V5hmajVNwqbxD/Co7cfeFiZDilmJ3xk9AElM9SIGkZK
ag==
-----END CERTIFICATE-----
1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
-----BEGIN CERTIFICATE-----
MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
jjxDah2nGN59PRbxYvnKkKj9
-----END CERTIFICATE-----
---
Server certificate
subject=CN = ru.emp.lgsmartplatform.com
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 5076 bytes and written 646 bytes
Verification error: self signed certificate in certificate chain
---
New, TLSv1.2, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: 87EDC1B10CD52D5F7284D2C09888F8BE03161C41E7E127DDD272ED4697553223
Session-ID-ctx:
Master-Key: AD2224476F2F8490ADB0B1E4A121310B93BC3A52D9FFEF956209E91DE5CD2A505767B725568BFA2C9F1C2FDBDAE9B0F0
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 10 a1 b3 cf b5 9c 9a 9c-e6 9f 7f e1 c5 e5 18 8e ................
0010 - df 67 e1 13 cb 16 c2 21-51 21 ff 42 69 06 64 0e .g.....!Q!.Bi.d.
0020 - 8a 99 5d 14 ee 65 38 8c-b7 d8 c0 bc 46 e9 bd be ..]..e8.....F...
0030 - 43 31 89 20 b0 2e 3f 9d-7c ff f1 6b 16 68 58 27 C1. ..?.|..k.hX'
0040 - 95 a9 3d 29 c5 04 1f 00-47 22 3e 4a 3b 4c 24 06 ..=)....G">J;L$.
0050 - 6d 7f 40 35 00 fa 78 ec-76 f4 40 3b 35 e1 59 a2 m.@5..x.v.@;5.Y.
0060 - d9 3c 50 03 cd b5 bb 88-5d 3e 5a 8e 22 53 b0 2b .<P.....]>Z."S.+
0070 - ab 91 bd c4 8a b5 d2 2d-40 4b 35 33 c6 07 a2 78 .......-@K53...x
0080 - 57 49 64 82 17 eb 67 c5-56 c6 45 7d 73 ee 14 32 WId...g.V.E}s..2
0090 - 58 e7 ec f2 4c 98 ce 47-70 7a b4 90 14 51 19 3a X...L..Gpz...Q.:
00a0 - a7 a2 62 85 39 d4 53 19-31 8f d8 d3 a1 20 f2 20 ..b.9.S.1.... .
00b0 - 10 00 d0 26 d7 79 88 30-8e c9 e0 5a a1 27 34 39 ...&.y.0...Z.'49
00c0 - 0e 4b f7 ad 5f 49 3b 73-55 2f 63 ac 20 df cc b3 .K.._I;sU/c. ...
00d0 - e7 87 e7 62 cb a3 f0 fc-05 24 35 a2 92 87 80 e8 ...b.....$5.....
Start Time: 1765875575
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
Extended master secret: no
---
closed
Cerificate: USERTrust RSA Certification Authority
It exists and is available in cacert
Another improvement request 
I have an LG F2V5GG2S WasherDryer 2-in-1 combo
(I’m in OH5.0.3 maybe 5.1.0 already support this).
thinq-uid-cap.json (91.7 KB)
I’d like to ask you to add channels to this thing:
- soilWash
- dryLevel
- preWash
- ecoHybrid
- turboWash
- steam
- medicRinse
- loadItemWasher
- TCLCount - tub clean count
- and another very interesting channel is ERROR
These settings are changed (mostly) from the application, some when loading Smart Course.
course.csv.txt (5.7 KB)
Thanks, your tests were extremely helpful. We now have a clear root cause.
The RU EMP endpoint fails the TLS handshake whenever the client offers only modern ECDHE cipher suites (TLS_ECDHE_*). In our Java probe:
- ECDHE-only → server returns a fatal
handshake_failure - RSA-only (
TLS_RSA_WITH_AES_256_GCM_SHA384) → handshake succeeds
OpenHAB’s Jetty HttpClient prefers ECDHE/DHE suites, so it hits the failing path and the login step breaks. This is not a certificate/truststore issue, the server aborts the handshake right after ClientHello.
As a safe workaround, the binding needs a compatibility fallback for that specific endpoint: retry the connection using TLS 1.2 and RSA-GCM cipher suites (without disabling certificate validation). I’ll prepare, in a couple of days, a fix-patch implementing this fallback so RU users can authenticate without using “trustAll” SSL settings.
1 Like