Jump to content


Photo

https reading bug


  • Please log in to reply
27 replies to this topic

#1 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 24 March 2019 - 10:15 AM

Hello

I have a problem, in https, video playback is impossible on the ps4, a message tells me that no flow is available. on the other hand everything goes well in http. at the first display on the ps4, there is a message that tells me that the browser does not embed the certificate, yet the site is displayed well.

thank you ;)

 

 

LOG :

System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
	   --- End of inner exception stack trace ---
	   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
	   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, Boolean isServer, Boolean remoteCertRequired)
	   --- End of inner exception stack trace ---
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
	   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
	   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
	   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
	   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
	   at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
	--- End of stack trace from previous location where exception was thrown ---
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
	   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
	   at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
	   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
	--- End of stack trace from previous location where exception was thrown ---
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	   at SocketHttpListener.Net.HttpConnection.<Init>d__30.MoveNext()
	--- End of stack trace from previous location where exception was thrown ---
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	   at SocketHttpListener.Net.HttpEndPointListener.<ProcessAccept>d__29.MoveNext()
	--- End of stack trace from previous location where exception was thrown ---
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	   at SocketHttpListener.Net.HttpEndPointListener.<ProcessAccept>d__27.MoveNext()
	System.Security.Authentication.AuthenticationException
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
	   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
	   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
	   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
	   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
	   at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
	--- End of stack trace from previous location where exception was thrown ---
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
	   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
	   at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
	   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
	--- End of stack trace from previous location where exception was thrown ---
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	   at SocketHttpListener.Net.HttpConnection.<Init>d__30.MoveNext()
	--- End of stack trace from previous location where exception was thrown ---
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	   at SocketHttpListener.Net.HttpEndPointListener.<ProcessAccept>d__29.MoveNext()
	--- End of stack trace from previous location where exception was thrown ---
	   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
	   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	   at SocketHttpListener.Net.HttpEndPointListener.<ProcessAccept>d__27.MoveNext()
	InnerException: Interop+OpenSsl+SslException
	Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
	   --- End of inner exception stack trace ---
	   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
	   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, Boolean isServer, Boolean remoteCertRequired)
	   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
	   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, Boolean isServer, Boolean remoteCertRequired)
	InnerException: Interop+Crypto+OpenSslCryptographicException
	Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
	

Edited by z3ndra, 24 March 2019 - 10:18 AM.


#2 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 128676 posts
  • Local time: 02:34 PM

Posted 24 March 2019 - 01:10 PM

What kind of certificate have you setup? Sounds like the ps4 is not supporting it.



#3 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 24 March 2019 - 01:44 PM

let's encrypt certificate

#4 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 128676 posts
  • Local time: 02:34 PM

Posted 24 March 2019 - 10:19 PM

Looks like at this time it will not work:

https://community.le...rtificate/15751



#5 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 27 March 2019 - 06:52 PM

i have an other ssl problem on safari

log

System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown --- End of inner exception stack trace --- at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, Boolean isServer, Boolean remoteCertRequired) --- End of inner exception stack trace --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at SocketHttpListener.Net.HttpConnection.<Init>d__30.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at SocketHttpListener.Net.HttpEndPointListener.<ProcessAccept>d__29.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at SocketHttpListener.Net.HttpEndPointListener.<ProcessAccept>d__27.MoveNext() System.Security.Authentication.AuthenticationException at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) at

#6 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 128676 posts
  • Local time: 02:34 PM

Posted 27 March 2019 - 08:36 PM

Have you checked that safari trusts your certificate?

#7 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 14 April 2019 - 02:23 PM

hello,  I come back because I buy therefore a certificate at namecheap certified by sectigo and same problem, the ps4 does not find root certificates. I obviously included the file ca-bundle in the pfx but nothing, always this message when there is no problem on other browsers. an idea ?

 

5cb37c226518f_ps4.jpg

 

 


Edited by z3ndra, 14 April 2019 - 02:30 PM.


#8 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 128676 posts
  • Local time: 02:34 PM

Posted 14 April 2019 - 02:53 PM

Did you configure the certificate in Emby? Does it work with other devices?



#9 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 15 April 2019 - 07:03 AM

yes with other devices, its perfect, but on the ps4 reading is impossible because of this root certificate problem, yet the file ca-bundle is well integrated with the pfx file crt, on the pc we see the hierarchy of the certificate, it's ca that I do not understand, eviscally cons everything works perfectly in http. I also noticed that it was marked that the site is encrypted with an obsolete method, it may be that, but I do not see why it puts me that it is obsolete.

#10 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 128676 posts
  • Local time: 02:34 PM

Posted 15 April 2019 - 12:31 PM

Have you checked that PS4 will trust this certificate?

#11 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 15 April 2019 - 05:19 PM

how i make that ? sectigo is the new name of comodo, normaly its compatible with the ps4 browser.

#12 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 128676 posts
  • Local time: 02:34 PM

Posted 15 April 2019 - 05:22 PM

normaly its compatible with the ps4 browser.

 

How do you know this?



#13 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 15 April 2019 - 05:26 PM

its written on there website

Edited by z3ndra, 15 April 2019 - 05:27 PM.


#14 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 128676 posts
  • Local time: 02:34 PM

Posted 15 April 2019 - 05:38 PM

Can you give me a link to that? thanks.



#15 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 15 April 2019 - 05:40 PM

https://support.sect...kA01N000000zFJt

#16 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 128676 posts
  • Local time: 02:34 PM

Posted 15 April 2019 - 11:46 PM

It only lists PS3, I do not see PS4 there.



#17 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 16 April 2019 - 03:57 AM

I contacted them and they confirmed it to me by message yesterday. the same is strange that I have a site certified by lets encrypt via my web host and the ps4 does not display this message and it puts me that the content is encrypted through a current method. out with emby, with the same certificate lets encrypt, it puts me that the encryption is obsolete and the ps4 shows me this message. so it comes from the side of the server that supports emby. it runs on a dedicated server under ubuntu, I made an iptable to redirect the 80 ports to 8096 and 443 to 8920.



#18 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 18 April 2019 - 07:30 PM

I found, in fact it is the private key in rsa that does not pass, while on another server it works but the key is in ecdhe_rsa under letencrypt. So, do you know how to generate such a key under ubuntu, because I have a paid certificate?



#19 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 128676 posts
  • Local time: 02:34 PM

Posted 18 April 2019 - 09:06 PM

So, do you know how to generate such a key under ubuntu, because I have a paid certificate?

@Jdiesel have you ever done this?



#20 z3ndra OFFLINE  

z3ndra

    Advanced Member

  • Members
  • 101 posts
  • Local time: 08:34 PM

Posted 19 April 2019 - 04:48 PM

Ok, well I just figured out where the problem came from. I tried under letsencrypt with version 3.4.1.0 and with version 4.0.2.0 and finally it turns out that version 3.4.1.0 only works with a rsa key in https and 4.0.2.0 works with a key ecdhe_rsa and therefore compatible with the player of the ps4.

so there must have been a change in the code which makes that emby does not go through the same type of key for the https.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users