Jump to content

HTTPS Major bug causing causing external website to dropout


jayw654

Recommended Posts

I have noticed this issue developing in the past few releases but I was not sure if it was something on my end or your end.  I I have determined its your end and its a bug with the server after testing by completely uninstalling Emby and wiping all files to ensure a clean install. I have check my SSL certificate and chain which passes the check by using SSL Checker. I have other sites with SSL and they are having no issues with any sort of dropout using SSL.

 

So, What happens well website just intermittently and without warning drops out and is unreachable.

 

Q. What was I doing when this situation happens? Answer is: Nothing

 

Q. Is there a way to force this issue to occur so it may be observed? Answer is: Yes Whenever I attempted to connect via my mobile phone within the network simply using the Firefox web browser the connection will fail and hang and will cause HTTPS connectivity to drop until the server is restarted but once this occurs nobody from any device can connect via HTTPS internally or externally but I'm still able to connect locally/internally without SSL

 

I also thought it may be a firewall issue as well but I completely disabled the firewall and the issue is still occurring. Lastly, I also check router settings and everything is correct.

 

Do you have any log files? Yes, please use the following info to connect via web browser from the exact machine that Emby server is running on to retrieve them. The info to connect is:

 

URL: https://fileserver.jpwservices.net:446/

User is: emby

Pass is: emby

Edited by jayw654
Link to comment
Share on other sites

Yeah let me get that back up real quick, it was down because I wiped the machine as stated and tested under windows 10 x64

Link to comment
Share on other sites

This is a paid 3 year cert from comodo. Here's the site for the cert but I didn't pay anywhere near the price they are asking https://ssl.comodo.com/comodo-ssl-certificate.php

This is a SHA2 certificate and the Key and CSR was generate using OpenSSL the key strength is 2048 I didn't go higher since this site is for streaming and anything higher can cause lag and issues. My FTP site uses 4096 bit.

Edited by jayw654
Link to comment
Share on other sites

Your EssentialSSL Certificate for www.jpwservices.net is attached!

Dear jayw654@.com,

Thank you for placing your order. We are pleased to announce that your EssentialSSL Certificate for www.jpwservices.net has been issued.

To help reduce domain name mismatch warnings, we have also included the domain name jpwservices.net in your certificate.

We strongly recommend that you click here for instructions to ensure that your certificate is installed and your webserver is configured correctly.

Attached to this email you should find a .zip file containing:

  • Your EssentialSSL Certificate - www_jpwservices_net.crt
  • Your Apache "bundle" file - www_jpwservices_net.ca-bundle

You can also find your EssentialSSL Certificate for www.jpwservices.net in text format at the bottom of this email.

Should you have any questions or issues you would like to discuss, please do not hesitate to contact us.

Kind Regards,

Comodo Security Services

Support Telephone: +1.888.266.6361 / +1.703.581.6361
Support Website: http://support.comodo.com
Validation Docs Fax: US and Canada +1.866.831.5837 / Worldwide +1.801.303.9291

We now operate a registration-based system for support.
Please submit your ticket at the support website.
Please do not reply to this email as this email address is not monitored.

Comodo Group, Inc. - US Office
1255 Broad Street
Clifton, NJ 07013-3398
United States

Comodo CA Limited - European Office
26 Office Village,
Exchange Quay, Trafford Road,
Salford, Manchester M5 3EQ,
United Kingdom


Comodo offers essential infrastructure to enable e-merchants, and other Internet-connected companies, software providers, and individual consumers to interact and conduct business via the Internet safely and securely. Our PKI solutions, including SSL Certificates, EV SSL Certificates, Code Signing Certificates as well as Secure E-Mail Certificates, increase consumer trust in transacting business online, secure information through strong SSL encryption, and satisfy many industry best practices or security compliance requirements.

Your EssentialSSL Certificate for www.jpwservices.net in text format (if required):

Link to comment
Share on other sites

  • 4 weeks later...

You claimed the issue was either my redirect or my certificate for the HTTPS dropout. So anyway I wasn't connecting devices with the redirect address only the direct address of https://www.jpwservices.net so that kills that as a cause. Also I regened my certificate and I was using the wrong intermediate but that is resolved now as well. However, that still isn't the cause of the dropouts as I can still reproduce the error.

 

Also RC4 encryption is enable and that needs to be turned off by default of the server app. Lastly I still would like selectable ciphers and others have requested that as well. I think a good rework and/or update of the HTTPS module you are using will solve a lot of issues as well.

 

Luke if read this I sent this text privately as well with login to view logs.

Link to comment
Share on other sites

drashna

I've been experiencing this, as well. 

 

I'm using a signed (GlobalSign/RapidSSL) SSL certificate.

I just renewed it, but that's not the cause. I was having this issue intermittently prior and was hoping the new cert would fix the issue.

 

Emby is running on Windows 10 x64, running as a service (logged in as a domain user account). 

Using this guide specifically: https://emby.media/community/index.php?/topic/30792-howto-use-custom-ssl-cert-and-keep-private-key-secure/

 

This happens on both the stable and beta branches (3.0.8500 and 3.1.210) 

https://drashna.net/files/Emby/Logs/server-63616060799.zip

 

I do monitor emby with Uptime Robot, and the last reported up time was 4:53AM (PST)

Link to comment
Share on other sites

drashna

Was this in reference to my issue, or jay's?

 

Because if it is in response to mine, I've been using the certificate for a while, it's only in the last month that this has really been an issue. I've been using the beta, but switched back to the stable branch a week ago. 

Link to comment
Share on other sites

The .NET SslStream does not support cipher selection, however here is some info that might be of assistance:

 

http://stackoverflow.com/questions/22825663/cipher-selection-for-sslstream-in-net-4-5

well I can't disable but at I can prioritize  which cipher is tried first for use but still I would like the HTTPS module to be changed out to something ore flexible and due to the server crashes I say reliable as well. Luke thanks for the info as it may minimize issue until a real fix is added.

However as far as a complete HTTPS dropout is still occurring and others are complaining of same issue but calling various things so please take a strong look into that as that is a horrible bug.

Edited by jayw654
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...