Luke 40082 Posted May 23, 2022 Posted May 23, 2022 I can try to build the new server with the older runtime so that we can compare the difference.
Painkiller8818 229 Posted May 23, 2022 Posted May 23, 2022 2 hours ago, moviefan said: Is Win10 still officially supported by Emby? yes absolutely
moviefan 187 Posted May 23, 2022 Author Posted May 23, 2022 Don't understand what's breaking it for only certain people then.
Luke 40082 Posted May 23, 2022 Posted May 23, 2022 With 4.6.7, what does the browser report as the TLS version?
Luke 40082 Posted May 24, 2022 Posted May 24, 2022 Ok, purely for testing purposes, please try unzipping this over the top of your existing install: https://www.dropbox.com/s/a5znc1g8g3cqbt7/embyserver-win-x64-4.7.1.0.7z?dl=0 It's the 4.7.1 release but targeting the .net 3.1 runtime instead of 6.0. It's not a perfect 3.1 environment as it is still being built with the 6.0 SDK, but targeting 3.1. On MacOS I saw that I had to completely purge newer SDK versions from the machine in order to get a true 3.1 build without any newer updates. I can't do that right now, so let's start with this and see what happens. Thanks. 1
moviefan 187 Posted May 24, 2022 Author Posted May 24, 2022 Hey Luke. Thanks for putting this out. I followed your instructions and it appears to be working.
Luke 40082 Posted May 24, 2022 Posted May 24, 2022 Just now, moviefan said: Hey Luke. Thanks for putting this out. I followed your instructions and it appears to be working. Hmm, well I guess that confirms it. Thanks.
Luke 40082 Posted May 24, 2022 Posted May 24, 2022 So we're not going to go back to the older version of the runtime for all users, and give up the benefits that come with it, so I guess now we wait. We'll wait to see if this is impactful enough to justify having a separate download for older versions of Windows. 1
Q-Droid 881 Posted May 25, 2022 Posted May 25, 2022 1 hour ago, Luke said: So we're not going to go back to the older version of the runtime for all users, and give up the benefits that come with it, so I guess now we wait. We'll wait to see if this is impactful enough to justify having a separate download for older versions of Windows. You're a glutton for punishment. While you're at it, can you maintain a release for WinXP too? /j 1
moviefan 187 Posted May 25, 2022 Author Posted May 25, 2022 5 hours ago, Luke said: So we're not going to go back to the older version of the runtime for all users, and give up the benefits that come with it, so I guess now we wait. We'll wait to see if this is impactful enough to justify having a separate download for older versions of Windows. Just clarifying - I understand Win7 isn't a priority. Win10 seems to be impacted however. Are we just waiting to see how many people are still on Win10 vs Win 11? I should obviously stop upgrading at this point?
Luke 40082 Posted May 26, 2022 Posted May 26, 2022 On 5/25/2022 at 1:07 AM, moviefan said: Just clarifying - I understand Win7 isn't a priority. Win10 seems to be impacted however. Are we just waiting to see how many people are still on Win10 vs Win 11? I should obviously stop upgrading at this point? Can you show us exactly what the browser says with Windows 10? Lots of users run Windows 10 with ssl around here.
Carlo 4552 Posted May 26, 2022 Posted May 26, 2022 Following a long on this too. @moviefan can you show us what you're referring to with Windows 10?
moviefan 187 Posted June 4, 2022 Author Posted June 4, 2022 @deccatsaid he was using Win10 and had this issue and solved with reverse proxy. I dont have a personal example.
rbjtech 4996 Posted June 4, 2022 Posted June 4, 2022 (edited) Glad to see Emby make the decision not to downgrade their security to work with an out of date security protocol. By 'accommodating' older protocols, you add security risk to those who are running with the latest ciphers by allowing 'downgrade' type attacks. I have not done this myself as I no longer run Win 7 but why not simply upgrade the protocol stack in Win 7 to use TLS 1.2+ ? https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392 Having a minimum set of security standards for emby to use TLS 1.2+ is a good thing. Edited June 4, 2022 by rbjtech
moviefan 187 Posted June 8, 2022 Author Posted June 8, 2022 On 6/3/2022 at 8:11 PM, Luke said: Are you using a VPN? No I am not using a VPN.
moviefan 187 Posted June 8, 2022 Author Posted June 8, 2022 On 6/4/2022 at 1:07 AM, rbjtech said: Glad to see Emby make the decision not to downgrade their security to work with an out of date security protocol. By 'accommodating' older protocols, you add security risk to those who are running with the latest ciphers by allowing 'downgrade' type attacks. I have not done this myself as I no longer run Win 7 but why not simply upgrade the protocol stack in Win 7 to use TLS 1.2+ ? https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392 Having a minimum set of security standards for emby to use TLS 1.2+ is a good thing. I am using a version of Windows 7 that supports TLS 1.2. My system using TLS 1.2 was shown above in the connection details. This has nothing to do with reducing security, it is simply appears to be using a newer version of the .net runtime to support it. BTW I tried installing the patch in the link you posted and it says already installed. 1
Luke 40082 Posted June 8, 2022 Posted June 8, 2022 Does the server dashboard display the ssl url as your remote address?
Happy2Play 9442 Posted June 8, 2022 Posted June 8, 2022 Is it just a Windows 7 issue having issues connecting? I can see your HTTPS login page without issue from my Windows 10 system.
rbjtech 4996 Posted June 8, 2022 Posted June 8, 2022 5 hours ago, moviefan said: I am using a version of Windows 7 that supports TLS 1.2. My system using TLS 1.2 was shown above in the connection details. This has nothing to do with reducing security, it is simply appears to be using a newer version of the .net runtime to support it. BTW I tried installing the patch in the link you posted and it says already installed. Sorry - It has everything to do with security. Just because .NET 3.1 supports TLS 1.2 - it does not mean it is fully updated to comply with all the previously found/fixed security related vulnerabilities now in v6 ! If you wish to carry on using an out of support OS, then that is your choice - but personally I don't think you can expect other software to carry on supporting this platform.
moviefan 187 Posted June 9, 2022 Author Posted June 9, 2022 20 hours ago, rbjtech said: If you wish to carry on using an out of support OS, then that is your choice - but personally I don't think you can expect other software to carry on supporting this platform. I don't expect this and never indicated so. And no, .NET runtime 3.1 doesn't have worse security than v6. Despite your exclamation point. It's just a version number.
moviefan 187 Posted June 9, 2022 Author Posted June 9, 2022 On 6/7/2022 at 6:50 PM, Luke said: Does the server dashboard display the ssl url as your remote address? Yes
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now