Shidapu 14 Posted May 10, 2019 Share Posted May 10, 2019 Heya guys. I tried to use TLS 1.3 yesterday, and it worked great on all platforms except on my Nvidia Shield using Android TV. Is it because of the Emby Application on Android TV? Link to comment Share on other sites More sharing options...
neik 837 Posted May 10, 2019 Share Posted May 10, 2019 Same problem over here with the FireTV Stick, TLS 1.3 doesn't seem to be supported by the App yet. Let's see what ebr says. Link to comment Share on other sites More sharing options...
Solution Luke 37112 Posted May 10, 2019 Solution Share Posted May 10, 2019 Emby Server runs on .NET Core 2.2, which does not yet support TLS 1.3. Support for this has been added to the upcoming .NET Core 3.0 release: https://docs.microsoft.com/en-us/dotnet/core/whats-new/dotnet-core-3-0 When this release goes stable later this year, then we will be able to support TLS 1.3. In the meantime, if you have SSL handled by a reverse proxy, then it may work there provided that both your proxy and the client device support TLS 1.3. Please let us know if this helps. Thanks. 1 Link to comment Share on other sites More sharing options...
neik 837 Posted May 10, 2019 Share Posted May 10, 2019 Hi Luke, I am using nginx as reverse proxy and iirc the last time I tried it it was the show stopper on my FTVS. It could either be a OS limitation or something with the ATV App. @@ebr, is TLS1.3 implemented in the ATV app? Link to comment Share on other sites More sharing options...
Luke 37112 Posted May 10, 2019 Share Posted May 10, 2019 There's nothing for the app to implement. It's handled by the platform. We'll have to see if fire tv devices support it. Link to comment Share on other sites More sharing options...
KMBanana 84 Posted May 10, 2019 Share Posted May 10, 2019 TLS1.3 is being listed as a feature of Android Q, I'm assuming it is OS dependent, not application specific. Can't find anything specific about 1.3 for Amazon's fire series of devices but I'd guess it's not supported yet. Link to comment Share on other sites More sharing options...
Luke 37112 Posted May 10, 2019 Share Posted May 10, 2019 I'm assuming it is OS dependent, not application specific. Yes, exactly right. Link to comment Share on other sites More sharing options...
neik 837 Posted May 10, 2019 Share Posted May 10, 2019 TLS1.3 is being listed as a feature of Android Q, I'm assuming it is OS dependent, not application specific. Can't find anything specific about 1.3 for Amazon's fire series of devices but I'd guess it's not supported yet. Yes, apparently it is an Android issue that will be implemented in Android Q, as you said. Source: https://www.xda-developers.com/android-q-tls-1-3-support/ Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted May 11, 2019 Share Posted May 11, 2019 (edited) when you do a test at: https://www.ssllabs.com/ssltest/index.html what Cipher Suites do you have available? Are you trying to force 1.3 or do you still have 1.2 available for fallback? Cipher Suites # TLS 1.3 (server has no preference) TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS 128 TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS 256P Edited May 11, 2019 by pir8radio Link to comment Share on other sites More sharing options...
ebr 14929 Posted May 11, 2019 Share Posted May 11, 2019 The Fire platform hasn't even made it to Android O yet... Link to comment Share on other sites More sharing options...
neik 837 Posted May 11, 2019 Share Posted May 11, 2019 @@pir8radio, I am not able to use SSLabs as I am not using the standard https port but a "custom" one and they don't seem to support it. @@ebr, I'm afraid we can give up on the Fire devices for TLS1.3 until new devices are released. TLS1.2 is the best we will get there, I guess. Link to comment Share on other sites More sharing options...
Tony B. 38 Posted May 15, 2019 Share Posted May 15, 2019 A lot of users are going to have issues with 1.3 just because Windows 7 is probably not going to get it. That means that Server 2008 R2 won't either. I wouldn't expect it to become "mainstream" for another 5 years. PLUS! It's a new protocol. There is nothing to say that 1.3 is "safe" yet. It could be like SSL2 and 3; Which were a disaster. Only time will tell with enough hackers on the loose to really give it a shot of hacking it to bits. Link to comment Share on other sites More sharing options...
Shidapu 14 Posted May 16, 2019 Author Share Posted May 16, 2019 A lot of users are going to have issues with 1.3 just because Windows 7 is probably not going to get it. That means that Server 2008 R2 won't either. I wouldn't expect it to become "mainstream" for another 5 years. PLUS! It's a new protocol. There is nothing to say that 1.3 is "safe" yet. It could be like SSL2 and 3; Which were a disaster. Only time will tell with enough hackers on the loose to really give it a shot of hacking it to bits. Everything can be hacked.. That doesn't mean we shouldn't adopt to new security standards. TLS 1.2 has been out longer than 1.3, The banking sector still uses 1.2. But to minimize the hacking risk, latest standard should always be used. Link to comment Share on other sites More sharing options...
Sanderluc 4 Posted March 22, 2023 Share Posted March 22, 2023 This is still a issue, because if I enable TLS 1.3 within cloudflare some devices won't connect anymore, like: - Emby for Windows (App) - Android TV But "Android Mobiles and IOS & Webbrowsers" are working just fine. Link to comment Share on other sites More sharing options...
Luke 37112 Posted March 29, 2023 Share Posted March 29, 2023 On 3/22/2023 at 6:53 PM, Sanderluc said: This is still a issue, because if I enable TLS 1.3 within cloudflare some devices won't connect anymore, like: - Emby for Windows (App) - Android TV But "Android Mobiles and IOS & Webbrowsers" are working just fine. @Sanderlucwhat versions of those two apps do you have? Link to comment Share on other sites More sharing options...
Sanderluc 4 Posted March 30, 2023 Share Posted March 30, 2023 (edited) On 29/03/2023 at 22:27, Luke said: @Sanderlucwhat versions of those two apps do you have? I have identified the problem: devices older than Android 10 do not support TLS 1.3. For example, I encountered this issue while using a MI Box running on Android 9. Additionally, there is a concern with Windows 10 as, by default, store-applications do not have TLS 1.3 enabled. However, this can be manually configured. For more information, please refer to the following resource: https://www.asustor.com/en-gb/knowledge/detail/?id=&group_id=1011 Edited March 30, 2023 by Sanderluc 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now