Jump to content

Recommended Posts

Happy2Play
Posted (edited)

Maybe someone else has some insight or knowledge on this, has anyone one successfully used the new TVDB v4 plugin on Windows 7 and got it to work as it requires a minimum of TLS 1.2.

I have done everything I could find online to activate TLS 1.2 on Windows 7, but no luck with this plugin.

System.Net.Http.HttpRequestException: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.

InnerException: System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.

InnerException: System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted.

Is this just beyond the protocols in Windows 7?

Edited by Happy2Play
Posted

Did you try the registry edits that can be found when google searching this issue?

Happy2Play
Posted
5 minutes ago, Luke said:

Did you try the registry edits that can be found when google searching this issue?

Yes all have been applied.  As mentioned in in other topic TLS 1.2 would appear to work, as api.github.com query works and it is TLS 1.2/TLS 1.3 also from the testing I have done.

Even tried IISCrypto

But still get the "The message received was unexpected or badly formatted." for V4 TVDB.

adminExitium
Posted

It's almost definitely due to the cipher suites that are available on Windows 7, none of which are currently supported on the new TVDB API server, which only supports a handful of newer cipher suites. Github on the other hand supports many more cipher suites.

SSL Analysis of api4.thetvdb.com: https://www.ssllabs.com/ssltest/analyze.html?d=api4.thetvdb.com&s=13.35.125.115&latest#suitesBody

SSL Analysis of api.github.com: https://www.ssllabs.com/ssltest/analyze.html?d=api.github.com#suitesBody

Supported Cipher Suites on Windows 7 via IE11 (which uses the OS suites, unlike Firefox or Chrome who use their own bundled suites): https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win 7

Microsoft Docs regarding supported suites on Windows 7: https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-7

Similar Issue here: https://stackoverflow.com/questions/68458467/all-known-steps-have-been-taken-but-tls-1-2-is-still-not-working-on-windows-7

 

I guess someone could ask TVDB to allow a couple of the older Cipher Suites for wider compatibility?

  • Thanks 1
Happy2Play
Posted (edited)

It would appear this is not possible, do to Windows 7 not having the cipher suites TVDB is using.

image.png.650ed8064e43b0c401cdea18eab699c0.png

https://social.technet.microsoft.com/Forums/ie/en-US/d1a10844-18fb-4400-b649-60183c5f58c6/how-to-add-cipher-suite-to-windows-7-tlsrsawithaes128gcmsha256?forum=w7itprosecurity

SSL2, SSL3, TLS 1.0 and TLS 1.1 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA                 
TLS_RSA_WITH_AES_256_CBC_SHA                 
TLS_RSA_WITH_RC4_128_SHA                     
TLS_RSA_WITH_3DES_EDE_CBC_SHA                
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384       
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521    
TLS_DHE_DSS_WITH_AES_128_CBC_SHA             
TLS_DHE_DSS_WITH_AES_256_CBC_SHA              
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5                                       
SSL_CK_RC4_128_WITH_MD5                      
SSL_CK_DES_192_EDE3_CBC_WITH_MD5             
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5                        

TLS 1.2 SHA256 and SHA384 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256

TLS 1.2 ECC GCM cipher suites:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521

@kjhedges@Luke

 

Edited by Happy2Play
edit suites
  • Thanks 2
Happy2Play
Posted

Opened a ticket on TVDB asking about this issue.

Posted
12 hours ago, Happy2Play said:

It would appear this is not possible, do to Windows 7 not having the cipher suites TVDB is using.

image.png.650ed8064e43b0c401cdea18eab699c0.png

https://social.technet.microsoft.com/Forums/ie/en-US/d1a10844-18fb-4400-b649-60183c5f58c6/how-to-add-cipher-suite-to-windows-7-tlsrsawithaes128gcmsha256?forum=w7itprosecurity

SSL2, SSL3, TLS 1.0 and TLS 1.1 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA                 
TLS_RSA_WITH_AES_256_CBC_SHA                 
TLS_RSA_WITH_RC4_128_SHA                     
TLS_RSA_WITH_3DES_EDE_CBC_SHA                
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384       
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521    
TLS_DHE_DSS_WITH_AES_128_CBC_SHA             
TLS_DHE_DSS_WITH_AES_256_CBC_SHA              
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5                                       
SSL_CK_RC4_128_WITH_MD5                      
SSL_CK_DES_192_EDE3_CBC_WITH_MD5             
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5                        

TLS 1.2 SHA256 and SHA384 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256

TLS 1.2 ECC GCM cipher suites:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521

@kjhedges@Luke

 

Thank you for confirming this.

An upgrade of windows is now in order then lol

Posted

Just wanted to comment, in order to follow this thread. 

I am a windows 7 user still.. .. ... yup.

 

I am experiencing issues with the api, and hopefully we see thetvdb allow support for older machines. 

 

Posted

We'll see what they say.

Posted

I have now migrated to windows 10.

 

No problems with migration. All users and activity still in place.

  • Like 1
Posted

Thanks for the feedback.

Posted

A little bit more information here.

I'm actually seeing issues with Win 8. I forgot that my test server for programming is actually running on windows 8.1(I really have to change that... Win 8 is horrendous)

 

I see this in the test server logs:

2021-11-16 21:56:18.212 Error App: Error in TheTVDB
	*** Error Report ***
	Version: 4.7.0.18
	Command line: C:\Users\Benjamin\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp
	Operating system: Microsoft Windows 6.3.9600
	Framework: .NET 6.0.0-rtm.21522.10
	OS/Process: x64/x64
	Runtime: C:/Users/Benjamin/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll
	Processor count: 4
	Data path: C:\Users\Benjamin\AppData\Roaming\Emby-Server\programdata
	Application path: C:\Users\Benjamin\AppData\Roaming\Emby-Server\system
	System.Net.Http.HttpRequestException: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
	 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
	 ---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.
	   --- End of inner exception stack trace ---
	   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
	   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
	   --- End of inner exception stack trace ---
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod)
	   at Tvdb.EntryPoint.EnsureToken(CancellationToken cancellationToken)
	   at Tvdb.EntryPoint.GetResponse(HttpRequestOptions request, String method)
	   at Tvdb.TvdbEpisodeProvider.FetchMainResult(String seriesId, String seasonType, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.DownloadEpisodesInfo(String id, String seasonType, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.GetEpisodeData(EpisodeInfo searchInfo, Boolean fillExtendedInfo, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.GetMetadata(EpisodeInfo searchInfo, CancellationToken cancellationToken)
	   at MediaBrowser.Providers.Manager.MetadataService`2.ExecuteRemoteProviders(MetadataResult`1 temp, LibraryOptions libraryOptions, String logName, TIdType id, IEnumerable`1 providers, CancellationToken cancellationToken)
	Source: System.Net.Http
	TargetSite: Void MoveNext()
	InnerException: System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
	Source: System.Net.Security
	TargetSite: Void MoveNext()
	   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
	   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
	InnerException: System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted.
	Source: 
	TargetSite: 

 

Happy2Play
Posted
1 minute ago, chef said:

A little bit more information here.

I'm actually seeing issues with Win 8. I forgot that my test server for programming is actually running on windows 8.1(I really have to change that... Win 8 is horrendous)

 

I see this in the test server logs:

2021-11-16 21:56:18.212 Error App: Error in TheTVDB
	*** Error Report ***
	Version: 4.7.0.18
	Command line: C:\Users\Benjamin\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp
	Operating system: Microsoft Windows 6.3.9600
	Framework: .NET 6.0.0-rtm.21522.10
	OS/Process: x64/x64
	Runtime: C:/Users/Benjamin/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll
	Processor count: 4
	Data path: C:\Users\Benjamin\AppData\Roaming\Emby-Server\programdata
	Application path: C:\Users\Benjamin\AppData\Roaming\Emby-Server\system
	System.Net.Http.HttpRequestException: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
	 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
	 ---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.
	   --- End of inner exception stack trace ---
	   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
	   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
	   --- End of inner exception stack trace ---
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod)
	   at Tvdb.EntryPoint.EnsureToken(CancellationToken cancellationToken)
	   at Tvdb.EntryPoint.GetResponse(HttpRequestOptions request, String method)
	   at Tvdb.TvdbEpisodeProvider.FetchMainResult(String seriesId, String seasonType, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.DownloadEpisodesInfo(String id, String seasonType, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.GetEpisodeData(EpisodeInfo searchInfo, Boolean fillExtendedInfo, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.GetMetadata(EpisodeInfo searchInfo, CancellationToken cancellationToken)
	   at MediaBrowser.Providers.Manager.MetadataService`2.ExecuteRemoteProviders(MetadataResult`1 temp, LibraryOptions libraryOptions, String logName, TIdType id, IEnumerable`1 providers, CancellationToken cancellationToken)
	Source: System.Net.Http
	TargetSite: Void MoveNext()
	InnerException: System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
	Source: System.Net.Security
	TargetSite: Void MoveNext()
	   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
	   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
	InnerException: System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted.
	Source: 
	TargetSite: 

 

If this is correct It looks the same as Windows 7.

TLS Cipher Suites in Windows 8.1 - Win32 apps | Microsoft Docs

Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 8.1

Happy2Play
Posted

Response from TVDB

Quote

Is there any chance of you adding a cipher suite that is compatible with Windows 7?

Quote

Unfortunately we won't be doing that. Sorry about that.

 

 

Happy2Play
Posted

Looks like we may need an announcement about TVDB v4 TLS 1.2 cipher suite requirement as older Windows systems will not meet the requirements. @Luke

May need to update system requirements also, but there is a major difference in Emby requirements and this plugins TVDB 1.1.0.0+ (v4).  Or a note about the minimum requirement using TVDB plugin on our requirements KB. @cayars

Posted

Thanks for the heads up on that @Happy2Play. I've not followed TVDB V4 at all as I knew you and other were on it.
Do you happen to have a link handy about this?  If not I'm sure I can Google it.

Posted

Hmm... There must be a hack somewhere to get win 7 to have these ciphers.

But, it probabaly worth just updating.

I will miss my desktop. It is exactly the way I like it. 

 

Posted
11 hours ago, chef said:

But, it probably worth just updating.

I will miss my desktop. It is exactly the way I like it. 

 

Luckily, my Emby server is a separate machine so I never miss my old faithful windows 7 Desktop.

  • Like 1
Posted
11 minutes ago, Gripweed107 said:

Problem solved thanks to SirSparkles AKA Sparky at TV Rename.  TVDB (API v4) added in some additional ciphers so that Win 7 & 8 users can connect now.

Latest TLS analysis of api4.thetvdb.com

Excellent, that will save us some troubleshooting. Thanks for the update.

Happy2Play
Posted

Yes have verified working on Windows 7.  Really surprised they added the Weak ciphers.

@kjhedges @chef

  • Like 2
Posted
1 hour ago, Happy2Play said:

Yes have verified working on Windows 7.  Really surprised they added the Weak ciphers.

@kjhedges @chef

That is great news. I'll get to keep my server the way it is for a while longer now 😆😬.

  • Like 1
Gripweed107
Posted

As a Emby and TV Rename user I am doubly happy now especially since I had just recently stupidly paid for a yearly subscription with TVDB and it appeared as a Win7 user that I was going to be locked out of v3 & v4 shortly. 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...