Jump to content

Windows 7 (TLS 1.2)


Happy2Play

Recommended Posts

Happy2Play

Maybe someone else has some insight or knowledge on this, has anyone one successfully used the new TVDB v4 plugin on Windows 7 and got it to work as it requires a minimum of TLS 1.2.

I have done everything I could find online to activate TLS 1.2 on Windows 7, but no luck with this plugin.

System.Net.Http.HttpRequestException: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.

InnerException: System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.

InnerException: System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted.

Is this just beyond the protocols in Windows 7?

Edited by Happy2Play
Link to comment
Share on other sites

Happy2Play
5 minutes ago, Luke said:

Did you try the registry edits that can be found when google searching this issue?

Yes all have been applied.  As mentioned in in other topic TLS 1.2 would appear to work, as api.github.com query works and it is TLS 1.2/TLS 1.3 also from the testing I have done.

Even tried IISCrypto

But still get the "The message received was unexpected or badly formatted." for V4 TVDB.

Link to comment
Share on other sites

adminExitium

It's almost definitely due to the cipher suites that are available on Windows 7, none of which are currently supported on the new TVDB API server, which only supports a handful of newer cipher suites. Github on the other hand supports many more cipher suites.

SSL Analysis of api4.thetvdb.com: https://www.ssllabs.com/ssltest/analyze.html?d=api4.thetvdb.com&s=13.35.125.115&latest#suitesBody

SSL Analysis of api.github.com: https://www.ssllabs.com/ssltest/analyze.html?d=api.github.com#suitesBody

Supported Cipher Suites on Windows 7 via IE11 (which uses the OS suites, unlike Firefox or Chrome who use their own bundled suites): https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win 7

Microsoft Docs regarding supported suites on Windows 7: https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-7

Similar Issue here: https://stackoverflow.com/questions/68458467/all-known-steps-have-been-taken-but-tls-1-2-is-still-not-working-on-windows-7

 

I guess someone could ask TVDB to allow a couple of the older Cipher Suites for wider compatibility?

  • Thanks 1
Link to comment
Share on other sites

Happy2Play

It would appear this is not possible, do to Windows 7 not having the cipher suites TVDB is using.

image.png.650ed8064e43b0c401cdea18eab699c0.png

https://social.technet.microsoft.com/Forums/ie/en-US/d1a10844-18fb-4400-b649-60183c5f58c6/how-to-add-cipher-suite-to-windows-7-tlsrsawithaes128gcmsha256?forum=w7itprosecurity

SSL2, SSL3, TLS 1.0 and TLS 1.1 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA                 
TLS_RSA_WITH_AES_256_CBC_SHA                 
TLS_RSA_WITH_RC4_128_SHA                     
TLS_RSA_WITH_3DES_EDE_CBC_SHA                
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384       
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521    
TLS_DHE_DSS_WITH_AES_128_CBC_SHA             
TLS_DHE_DSS_WITH_AES_256_CBC_SHA              
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5                                       
SSL_CK_RC4_128_WITH_MD5                      
SSL_CK_DES_192_EDE3_CBC_WITH_MD5             
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5                        

TLS 1.2 SHA256 and SHA384 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256

TLS 1.2 ECC GCM cipher suites:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521

@kjhedges@Luke

 

Edited by Happy2Play
edit suites
  • Thanks 2
Link to comment
Share on other sites

kjhedges
12 hours ago, Happy2Play said:

It would appear this is not possible, do to Windows 7 not having the cipher suites TVDB is using.

image.png.650ed8064e43b0c401cdea18eab699c0.png

https://social.technet.microsoft.com/Forums/ie/en-US/d1a10844-18fb-4400-b649-60183c5f58c6/how-to-add-cipher-suite-to-windows-7-tlsrsawithaes128gcmsha256?forum=w7itprosecurity

SSL2, SSL3, TLS 1.0 and TLS 1.1 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA                 
TLS_RSA_WITH_AES_256_CBC_SHA                 
TLS_RSA_WITH_RC4_128_SHA                     
TLS_RSA_WITH_3DES_EDE_CBC_SHA                
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384      
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256      
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384       
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384    
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521    
TLS_DHE_DSS_WITH_AES_128_CBC_SHA             
TLS_DHE_DSS_WITH_AES_256_CBC_SHA              
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5                                       
SSL_CK_RC4_128_WITH_MD5                      
SSL_CK_DES_192_EDE3_CBC_WITH_MD5             
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5                        

TLS 1.2 SHA256 and SHA384 cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256

TLS 1.2 ECC GCM cipher suites:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521

@kjhedges@Luke

 

Thank you for confirming this.

An upgrade of windows is now in order then lol

Link to comment
Share on other sites

Just wanted to comment, in order to follow this thread. 

I am a windows 7 user still.. .. ... yup.

 

I am experiencing issues with the api, and hopefully we see thetvdb allow support for older machines. 

 

Link to comment
Share on other sites

A little bit more information here.

I'm actually seeing issues with Win 8. I forgot that my test server for programming is actually running on windows 8.1(I really have to change that... Win 8 is horrendous)

 

I see this in the test server logs:

2021-11-16 21:56:18.212 Error App: Error in TheTVDB
	*** Error Report ***
	Version: 4.7.0.18
	Command line: C:\Users\Benjamin\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp
	Operating system: Microsoft Windows 6.3.9600
	Framework: .NET 6.0.0-rtm.21522.10
	OS/Process: x64/x64
	Runtime: C:/Users/Benjamin/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll
	Processor count: 4
	Data path: C:\Users\Benjamin\AppData\Roaming\Emby-Server\programdata
	Application path: C:\Users\Benjamin\AppData\Roaming\Emby-Server\system
	System.Net.Http.HttpRequestException: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
	 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
	 ---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.
	   --- End of inner exception stack trace ---
	   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
	   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
	   --- End of inner exception stack trace ---
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod)
	   at Tvdb.EntryPoint.EnsureToken(CancellationToken cancellationToken)
	   at Tvdb.EntryPoint.GetResponse(HttpRequestOptions request, String method)
	   at Tvdb.TvdbEpisodeProvider.FetchMainResult(String seriesId, String seasonType, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.DownloadEpisodesInfo(String id, String seasonType, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.GetEpisodeData(EpisodeInfo searchInfo, Boolean fillExtendedInfo, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.GetMetadata(EpisodeInfo searchInfo, CancellationToken cancellationToken)
	   at MediaBrowser.Providers.Manager.MetadataService`2.ExecuteRemoteProviders(MetadataResult`1 temp, LibraryOptions libraryOptions, String logName, TIdType id, IEnumerable`1 providers, CancellationToken cancellationToken)
	Source: System.Net.Http
	TargetSite: Void MoveNext()
	InnerException: System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
	Source: System.Net.Security
	TargetSite: Void MoveNext()
	   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
	   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
	InnerException: System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted.
	Source: 
	TargetSite: 

 

Link to comment
Share on other sites

Happy2Play
1 minute ago, chef said:

A little bit more information here.

I'm actually seeing issues with Win 8. I forgot that my test server for programming is actually running on windows 8.1(I really have to change that... Win 8 is horrendous)

 

I see this in the test server logs:

2021-11-16 21:56:18.212 Error App: Error in TheTVDB
	*** Error Report ***
	Version: 4.7.0.18
	Command line: C:\Users\Benjamin\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp
	Operating system: Microsoft Windows 6.3.9600
	Framework: .NET 6.0.0-rtm.21522.10
	OS/Process: x64/x64
	Runtime: C:/Users/Benjamin/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll
	Processor count: 4
	Data path: C:\Users\Benjamin\AppData\Roaming\Emby-Server\programdata
	Application path: C:\Users\Benjamin\AppData\Roaming\Emby-Server\system
	System.Net.Http.HttpRequestException: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
	 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
	 ---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.
	   --- End of inner exception stack trace ---
	   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
	   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
	   --- End of inner exception stack trace ---
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod)
	   at Tvdb.EntryPoint.EnsureToken(CancellationToken cancellationToken)
	   at Tvdb.EntryPoint.GetResponse(HttpRequestOptions request, String method)
	   at Tvdb.TvdbEpisodeProvider.FetchMainResult(String seriesId, String seasonType, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.DownloadEpisodesInfo(String id, String seasonType, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.GetEpisodeData(EpisodeInfo searchInfo, Boolean fillExtendedInfo, CancellationToken cancellationToken)
	   at Tvdb.TvdbEpisodeProvider.GetMetadata(EpisodeInfo searchInfo, CancellationToken cancellationToken)
	   at MediaBrowser.Providers.Manager.MetadataService`2.ExecuteRemoteProviders(MetadataResult`1 temp, LibraryOptions libraryOptions, String logName, TIdType id, IEnumerable`1 providers, CancellationToken cancellationToken)
	Source: System.Net.Http
	TargetSite: Void MoveNext()
	InnerException: System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
	Source: System.Net.Security
	TargetSite: Void MoveNext()
	   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
	   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
	InnerException: System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted.
	Source: 
	TargetSite: 

 

If this is correct It looks the same as Windows 7.

TLS Cipher Suites in Windows 8.1 - Win32 apps | Microsoft Docs

Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 8.1

Link to comment
Share on other sites

Happy2Play

Response from TVDB

Quote

Is there any chance of you adding a cipher suite that is compatible with Windows 7?

Quote

Unfortunately we won't be doing that. Sorry about that.

 

 

Link to comment
Share on other sites

Happy2Play

Looks like we may need an announcement about TVDB v4 TLS 1.2 cipher suite requirement as older Windows systems will not meet the requirements. @Luke

May need to update system requirements also, but there is a major difference in Emby requirements and this plugins TVDB 1.1.0.0+ (v4).  Or a note about the minimum requirement using TVDB plugin on our requirements KB. @cayars

Link to comment
Share on other sites

Thanks for the heads up on that @Happy2Play. I've not followed TVDB V4 at all as I knew you and other were on it.
Do you happen to have a link handy about this?  If not I'm sure I can Google it.

Link to comment
Share on other sites

Hmm... There must be a hack somewhere to get win 7 to have these ciphers.

But, it probabaly worth just updating.

I will miss my desktop. It is exactly the way I like it. 

 

Link to comment
Share on other sites

kjhedges
11 hours ago, chef said:

But, it probably worth just updating.

I will miss my desktop. It is exactly the way I like it. 

 

Luckily, my Emby server is a separate machine so I never miss my old faithful windows 7 Desktop.

  • Like 1
Link to comment
Share on other sites

1 hour ago, Happy2Play said:

Yes have verified working on Windows 7.  Really surprised they added the Weak ciphers.

@kjhedges @chef

That is great news. I'll get to keep my server the way it is for a while longer now 😆😬.

  • Like 1
Link to comment
Share on other sites

Gripweed107

As a Emby and TV Rename user I am doubly happy now especially since I had just recently stupidly paid for a yearly subscription with TVDB and it appeared as a Win7 user that I was going to be locked out of v3 & v4 shortly. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...