Andy777 21 Posted September 19, 2016 Posted September 19, 2016 This may stem from the same reason as the other threads, but since the error message is a bit different I opened another thread. I'm performing a full database reset for a Kodi client using the port 8920 SSL connection. Server is Beta 3.1.150.0 on Ubuntu 16.04. The server log gets blastered with SSL error messages (as below and as in the attached log snippet). The full server log is not included as it is huge. Eventually the port 8920 response slows down and at some point after hundreds or thousands of errors it completely dies. Emby process itself is still alive and responds to 8096 but the SSL is down. In my case it means that the external access to my server is lost (I will not open unencrypted trafic). I know this server version is Beta, but I posted in this forum section as this contains the other SSL related threads. Error messsages: *** Error Report *** Version: 3.1.150.0 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /var/lib/emby-server -restartpath /usr/lib/emby-server/restart.sh Operating system: Unix 4.4.0.36 Processor count: 4 64-Bit OS: True 64-Bit Process: True Program data path: /var/lib/emby-server Mono: 4.4.2 (Stable 4.4.2.11/f72fe45 Tue Aug 30 16:43:57 UTC 2016) Application Path: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe The authentication or decryption has failed. System.IO.IOException at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (IAsyncResult asyncResult) <0x41eb4950 + 0x00157> in <filename unknown>:0 at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsServer (IAsyncResult asyncResult) <0x41f170e0 + 0x0003e> in <filename unknown>:0 at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) <0x41f08e60 + 0x00055> in <filename unknown>:0 at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate) <0x41f08e30 + 0x00022> in <filename unknown>:0 at Mono.Net.Security.Private.MonoSslStreamImpl.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate) <0x41f08c30 + 0x0002b> in <filename unknown>:0 at System.Net.Security.SslStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate) <0x41f08ac0 + 0x0002b> in <filename unknown>:0 at SocketHttpListener.Net.HttpConnection..ctor (ILogger logger, System.Net.Sockets.Socket sock, SocketHttpListener.Net.EndPointListener epl, Boolean secure, System.Security.Cryptography.X509Certificates.X509Certificate cert, System.String connectionId) <0x41e32900 + 0x0026b> in <filename unknown>:0 at SocketHttpListener.Net.EndPointListener.ProcessAccept (System.Net.Sockets.Socket accepted) <0x41e32610 + 0x00123> in <filename unknown>:0 InnerException: Mono.Security.Protocol.Tls.TlsException The client stopped the handshake. at Mono.Security.Protocol.Tls.SslServerStream.EndNegotiateHandshake (IAsyncResult asyncResult) <0x41f18df0 + 0x0022b> in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x41edf1f0 + 0x0008d> in <filename unknown>:0 2016-09-16 18:43:51.0222 Error HttpServer: Error in ProcessAccept *** Error Report *** Version: 3.1.150.0 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /var/lib/emby-server -restartpath /usr/lib/emby-server/restart.sh Operating system: Unix 4.4.0.36 Processor count: 4 64-Bit OS: True 64-Bit Process: True Program data path: /var/lib/emby-server Mono: 4.4.2 (Stable 4.4.2.11/f72fe45 Tue Aug 30 16:43:57 UTC 2016) Application Path: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe The authentication or decryption has failed. System.IO.IOException at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (IAsyncResult asyncResult) <0x41eb4950 + 0x00157> in <filename unknown>:0 at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsServer (IAsyncResult asyncResult) <0x41f170e0 + 0x0003e> in <filename unknown>:0 at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) <0x41f08e60 + 0x00055> in <filename unknown>:0 at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate) <0x41f08e30 + 0x00022> in <filename unknown>:0 at Mono.Net.Security.Private.MonoSslStreamImpl.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate) <0x41f08c30 + 0x0002b> in <filename unknown>:0 at System.Net.Security.SslStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate) <0x41f08ac0 + 0x0002b> in <filename unknown>:0 at SocketHttpListener.Net.HttpConnection..ctor (ILogger logger, System.Net.Sockets.Socket sock, SocketHttpListener.Net.EndPointListener epl, Boolean secure, System.Security.Cryptography.X509Certificates.X509Certificate cert, System.String connectionId) <0x41e32900 + 0x0026b> in <filename unknown>:0 at SocketHttpListener.Net.EndPointListener.ProcessAccept (System.Net.Sockets.Socket accepted) <0x41e32610 + 0x00123> in <filename unknown>:0 InnerException: Mono.Security.Protocol.Tls.TlsException The client stopped the handshake. at Mono.Security.Protocol.Tls.SslServerStream.EndNegotiateHandshake (IAsyncResult asyncResult) <0x41f18df0 + 0x0022b> in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x41edf1f0 + 0x0008d> in <filename unknown>:0 2016-09-16 18:43:51.0247 Info HttpServer: HTTP HEAD https://myserver.somewhereinthe.net:8920/emby/Items/1160be284d8263c44829cec190f9554b/Images/Primary/0?MaxWidth=10000&MaxHeight=10000&Format=original&Tag=e16401174f74f8cb16a9b35ead17026d. UserAgent: Kodi/16.1 (Windows NT 10.0; WOW64) App_Bitness/32 Version/16.1-Git:20160424-c327c53 Client is Kodi Jarvis 16.1 with emby plugin on Windows 10. BR, Andy Partial_ServerLog.txt
Luke 42077 Posted September 19, 2016 Posted September 19, 2016 The mono runtime is currently limited to supporting TLS 1.0, so some of this may be out of our control. The upcoming 4.6 release is expanding support to the more modern TLS 1.2: http://www.mono-project.com/docs/about-mono/releases/4.6.0/
Andy777 21 Posted September 19, 2016 Author Posted September 19, 2016 The mono runtime is currently limited to supporting TLS 1.0, so some of this may be out of our control. The upcoming 4.6 release is expanding support to the more modern TLS 1.2: http://www.mono-project.com/docs/about-mono/releases/4.6.0/ Thanks for the explanation and a really awesome and superb piece of software. In the mean time I'll research the options with nginx reverse proxy providing the SSL layer. I'm not giving up on Emby. Emby is just a plain killer in the media server arena especially with the integration with Kodi. BR, A
Untoten 306 Posted October 6, 2016 Posted October 6, 2016 Thanks for the explanation and a really awesome and superb piece of software. In the mean time I'll research the options with nginx reverse proxy providing the SSL layer. I'm not giving up on Emby. Emby is just a plain killer in the media server arena especially with the integration with Kodi. BR, A Andy, Emby staff is pretty busy to help with all connection troubleshooting. If you ever have questions or require assistance feel free to contact me.
Andy777 21 Posted October 12, 2016 Author Posted October 12, 2016 Andy, Emby staff is pretty busy to help with all connection troubleshooting. If you ever have questions or require assistance feel free to contact me. Thanks! I already got this problem worked around with nginx within 60 minutes of my previous posting in this thread. nginx is now providing the SSL/TLS layer and overcoming the mono limitations and everything is working fine and all external connections are fully encrypted. BR, Andy777
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now