Jump to content

Recommended Posts

Posted

the reverse proxy is a good idea for windows 7.

Posted

I can try to build the new server with the older runtime so that we can compare the difference.

Painkiller8818
Posted
2 hours ago, moviefan said:

Is Win10 still officially supported by Emby?

yes absolutely

moviefan
Posted

Don't understand what's breaking it for only certain people then.

Posted

With 4.6.7, what does the browser report as the TLS version?

Posted

Ok, purely for testing purposes, please try unzipping this over the top of your existing install:

https://www.dropbox.com/s/a5znc1g8g3cqbt7/embyserver-win-x64-4.7.1.0.7z?dl=0

It's the 4.7.1 release but targeting the .net 3.1 runtime instead of 6.0. It's not a perfect 3.1 environment as it is still being built with the 6.0 SDK, but targeting 3.1. On MacOS I saw that I had to completely purge newer SDK versions from the machine in order to get a true 3.1 build without any newer updates. I can't do that right now, so let's start with this and see what happens. Thanks.

  • Agree 1
moviefan
Posted

Hey Luke.  Thanks for putting this out.  I followed your instructions and it appears to be working.

Posted
Just now, moviefan said:

Hey Luke.  Thanks for putting this out.  I followed your instructions and it appears to be working.

Hmm, well I guess that confirms it. Thanks.

Posted

So we're not going to go back to the older version of the runtime for all users, and give up the benefits that come with it, so I guess now we wait. We'll wait to see if this is impactful enough to justify having a separate download for older versions of Windows.

  • Agree 1
Q-Droid
Posted
1 hour ago, Luke said:

So we're not going to go back to the older version of the runtime for all users, and give up the benefits that come with it, so I guess now we wait. We'll wait to see if this is impactful enough to justify having a separate download for older versions of Windows.

You're a glutton for punishment. While you're at it, can you maintain a release for WinXP too?

/j

  • Thanks 1
moviefan
Posted
5 hours ago, Luke said:

So we're not going to go back to the older version of the runtime for all users, and give up the benefits that come with it, so I guess now we wait. We'll wait to see if this is impactful enough to justify having a separate download for older versions of Windows.

Just clarifying - I understand Win7 isn't a priority.  Win10 seems to be impacted however.  Are we just waiting to see how many people are still on Win10 vs Win 11?

I should obviously stop upgrading at this point?

Posted
On 5/25/2022 at 1:07 AM, moviefan said:

Just clarifying - I understand Win7 isn't a priority.  Win10 seems to be impacted however.  Are we just waiting to see how many people are still on Win10 vs Win 11?

I should obviously stop upgrading at this point?

Can you show us exactly what the browser says with Windows 10? Lots of users run Windows 10 with ssl around here.

Carlo
Posted

Following a long on this too.
@moviefan can you show us what you're referring to with Windows 10?

  • 2 weeks later...
moviefan
Posted

@deccatsaid he was using Win10 and had this issue and solved with reverse proxy.  I dont have a personal example.

Posted

Are you using a VPN?

rbjtech
Posted (edited)

Glad to see Emby make the decision not to downgrade their security to work with an out of date security protocol.  By 'accommodating' older protocols,  you add security risk to those who are running with the latest ciphers by allowing 'downgrade' type attacks. 

I have not done this myself as I no longer run Win 7 but why not simply upgrade the protocol stack in Win 7 to use TLS 1.2+ ?

https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392

Having a minimum set of security standards for emby to use TLS 1.2+  is a good thing. ;)

Edited by rbjtech
moviefan
Posted
On 6/3/2022 at 8:11 PM, Luke said:

Are you using a VPN?

No I am not using a VPN.

moviefan
Posted
On 6/4/2022 at 1:07 AM, rbjtech said:

Glad to see Emby make the decision not to downgrade their security to work with an out of date security protocol.  By 'accommodating' older protocols,  you add security risk to those who are running with the latest ciphers by allowing 'downgrade' type attacks. 

I have not done this myself as I no longer run Win 7 but why not simply upgrade the protocol stack in Win 7 to use TLS 1.2+ ?

https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392

Having a minimum set of security standards for emby to use TLS 1.2+  is a good thing. ;)

I am using a version of Windows 7 that supports TLS 1.2.  My system using TLS 1.2 was shown above in the connection details.  This has nothing to do with reducing security, it is simply appears to be using a newer version of the .net runtime to support it.

BTW I tried installing the patch in the link you posted and it says already installed.

  • Like 1
Posted

Does the server dashboard display the ssl url as your remote address? 

Happy2Play
Posted

Is it just a Windows 7 issue having issues connecting?

I can see your HTTPS login page without issue from my Windows 10 system.

rbjtech
Posted
5 hours ago, moviefan said:

I am using a version of Windows 7 that supports TLS 1.2.  My system using TLS 1.2 was shown above in the connection details.  This has nothing to do with reducing security, it is simply appears to be using a newer version of the .net runtime to support it.

BTW I tried installing the patch in the link you posted and it says already installed.

Sorry - It has everything to do with security.  Just because .NET 3.1 supports TLS 1.2 - it does not mean it is fully updated to comply with all the previously found/fixed security related vulnerabilities now in v6 !

If you wish to carry on using an out of support OS, then that is your choice - but personally I don't think you can expect other software to carry on supporting this platform.

moviefan
Posted
20 hours ago, rbjtech said:

If you wish to carry on using an out of support OS, then that is your choice - but personally I don't think you can expect other software to carry on supporting this platform.

I don't expect this and never indicated so.  And no, .NET runtime 3.1 doesn't have worse security than v6.  Despite your exclamation point.  It's just a version number.

moviefan
Posted
On 6/7/2022 at 6:50 PM, Luke said:

Does the server dashboard display the ssl url as your remote address? 

Yes

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...