Elsaya 1 Posted May 23, 2022 Share Posted May 23, 2022 the reverse proxy is a good idea for windows 7. Link to comment Share on other sites More sharing options...
Luke 37022 Posted May 23, 2022 Share Posted May 23, 2022 I can try to build the new server with the older runtime so that we can compare the difference. Link to comment Share on other sites More sharing options...
Painkiller8818 203 Posted May 23, 2022 Share Posted May 23, 2022 2 hours ago, moviefan said: Is Win10 still officially supported by Emby? yes absolutely Link to comment Share on other sites More sharing options...
moviefan 183 Posted May 23, 2022 Author Share Posted May 23, 2022 Don't understand what's breaking it for only certain people then. Link to comment Share on other sites More sharing options...
Luke 37022 Posted May 23, 2022 Share Posted May 23, 2022 With 4.6.7, what does the browser report as the TLS version? Link to comment Share on other sites More sharing options...
Elsaya 1 Posted May 24, 2022 Share Posted May 24, 2022 Link to comment Share on other sites More sharing options...
moviefan 183 Posted May 24, 2022 Author Share Posted May 24, 2022 Link to comment Share on other sites More sharing options...
Luke 37022 Posted May 24, 2022 Share Posted May 24, 2022 Ok, purely for testing purposes, please try unzipping this over the top of your existing install: https://www.dropbox.com/s/a5znc1g8g3cqbt7/embyserver-win-x64-4.7.1.0.7z?dl=0 It's the 4.7.1 release but targeting the .net 3.1 runtime instead of 6.0. It's not a perfect 3.1 environment as it is still being built with the 6.0 SDK, but targeting 3.1. On MacOS I saw that I had to completely purge newer SDK versions from the machine in order to get a true 3.1 build without any newer updates. I can't do that right now, so let's start with this and see what happens. Thanks. 1 Link to comment Share on other sites More sharing options...
moviefan 183 Posted May 24, 2022 Author Share Posted May 24, 2022 Hey Luke. Thanks for putting this out. I followed your instructions and it appears to be working. Link to comment Share on other sites More sharing options...
Luke 37022 Posted May 24, 2022 Share Posted May 24, 2022 Just now, moviefan said: Hey Luke. Thanks for putting this out. I followed your instructions and it appears to be working. Hmm, well I guess that confirms it. Thanks. Link to comment Share on other sites More sharing options...
Luke 37022 Posted May 24, 2022 Share Posted May 24, 2022 So we're not going to go back to the older version of the runtime for all users, and give up the benefits that come with it, so I guess now we wait. We'll wait to see if this is impactful enough to justify having a separate download for older versions of Windows. 1 Link to comment Share on other sites More sharing options...
Q-Droid 634 Posted May 25, 2022 Share Posted May 25, 2022 1 hour ago, Luke said: So we're not going to go back to the older version of the runtime for all users, and give up the benefits that come with it, so I guess now we wait. We'll wait to see if this is impactful enough to justify having a separate download for older versions of Windows. You're a glutton for punishment. While you're at it, can you maintain a release for WinXP too? /j 1 Link to comment Share on other sites More sharing options...
moviefan 183 Posted May 25, 2022 Author Share Posted May 25, 2022 5 hours ago, Luke said: So we're not going to go back to the older version of the runtime for all users, and give up the benefits that come with it, so I guess now we wait. We'll wait to see if this is impactful enough to justify having a separate download for older versions of Windows. Just clarifying - I understand Win7 isn't a priority. Win10 seems to be impacted however. Are we just waiting to see how many people are still on Win10 vs Win 11? I should obviously stop upgrading at this point? Link to comment Share on other sites More sharing options...
Luke 37022 Posted May 26, 2022 Share Posted May 26, 2022 On 5/25/2022 at 1:07 AM, moviefan said: Just clarifying - I understand Win7 isn't a priority. Win10 seems to be impacted however. Are we just waiting to see how many people are still on Win10 vs Win 11? I should obviously stop upgrading at this point? Can you show us exactly what the browser says with Windows 10? Lots of users run Windows 10 with ssl around here. Link to comment Share on other sites More sharing options...
Carlo 4330 Posted May 26, 2022 Share Posted May 26, 2022 Following a long on this too. @moviefan can you show us what you're referring to with Windows 10? Link to comment Share on other sites More sharing options...
moviefan 183 Posted June 4, 2022 Author Share Posted June 4, 2022 @deccatsaid he was using Win10 and had this issue and solved with reverse proxy. I dont have a personal example. Link to comment Share on other sites More sharing options...
Luke 37022 Posted June 4, 2022 Share Posted June 4, 2022 Are you using a VPN? Link to comment Share on other sites More sharing options...
rbjtech 4223 Posted June 4, 2022 Share Posted June 4, 2022 (edited) Glad to see Emby make the decision not to downgrade their security to work with an out of date security protocol. By 'accommodating' older protocols, you add security risk to those who are running with the latest ciphers by allowing 'downgrade' type attacks. I have not done this myself as I no longer run Win 7 but why not simply upgrade the protocol stack in Win 7 to use TLS 1.2+ ? https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392 Having a minimum set of security standards for emby to use TLS 1.2+ is a good thing. Edited June 4, 2022 by rbjtech Link to comment Share on other sites More sharing options...
moviefan 183 Posted June 8, 2022 Author Share Posted June 8, 2022 On 6/3/2022 at 8:11 PM, Luke said: Are you using a VPN? No I am not using a VPN. Link to comment Share on other sites More sharing options...
moviefan 183 Posted June 8, 2022 Author Share Posted June 8, 2022 On 6/4/2022 at 1:07 AM, rbjtech said: Glad to see Emby make the decision not to downgrade their security to work with an out of date security protocol. By 'accommodating' older protocols, you add security risk to those who are running with the latest ciphers by allowing 'downgrade' type attacks. I have not done this myself as I no longer run Win 7 but why not simply upgrade the protocol stack in Win 7 to use TLS 1.2+ ? https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392 Having a minimum set of security standards for emby to use TLS 1.2+ is a good thing. I am using a version of Windows 7 that supports TLS 1.2. My system using TLS 1.2 was shown above in the connection details. This has nothing to do with reducing security, it is simply appears to be using a newer version of the .net runtime to support it. BTW I tried installing the patch in the link you posted and it says already installed. 1 Link to comment Share on other sites More sharing options...
Luke 37022 Posted June 8, 2022 Share Posted June 8, 2022 Does the server dashboard display the ssl url as your remote address? Link to comment Share on other sites More sharing options...
Happy2Play 8252 Posted June 8, 2022 Share Posted June 8, 2022 Is it just a Windows 7 issue having issues connecting? I can see your HTTPS login page without issue from my Windows 10 system. Link to comment Share on other sites More sharing options...
rbjtech 4223 Posted June 8, 2022 Share Posted June 8, 2022 5 hours ago, moviefan said: I am using a version of Windows 7 that supports TLS 1.2. My system using TLS 1.2 was shown above in the connection details. This has nothing to do with reducing security, it is simply appears to be using a newer version of the .net runtime to support it. BTW I tried installing the patch in the link you posted and it says already installed. Sorry - It has everything to do with security. Just because .NET 3.1 supports TLS 1.2 - it does not mean it is fully updated to comply with all the previously found/fixed security related vulnerabilities now in v6 ! If you wish to carry on using an out of support OS, then that is your choice - but personally I don't think you can expect other software to carry on supporting this platform. Link to comment Share on other sites More sharing options...
moviefan 183 Posted June 9, 2022 Author Share Posted June 9, 2022 20 hours ago, rbjtech said: If you wish to carry on using an out of support OS, then that is your choice - but personally I don't think you can expect other software to carry on supporting this platform. I don't expect this and never indicated so. And no, .NET runtime 3.1 doesn't have worse security than v6. Despite your exclamation point. It's just a version number. Link to comment Share on other sites More sharing options...
moviefan 183 Posted June 9, 2022 Author Share Posted June 9, 2022 On 6/7/2022 at 6:50 PM, Luke said: Does the server dashboard display the ssl url as your remote address? Yes Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now