Shidapu 14 Posted May 10, 2019 Posted May 10, 2019 Heya guys. I tried to use TLS 1.3 yesterday, and it worked great on all platforms except on my Nvidia Shield using Android TV. Is it because of the Emby Application on Android TV?
neik 873 Posted May 10, 2019 Posted May 10, 2019 Same problem over here with the FireTV Stick, TLS 1.3 doesn't seem to be supported by the App yet. Let's see what ebr says.
Solution Luke 42078 Posted May 10, 2019 Solution Posted May 10, 2019 Emby Server runs on .NET Core 2.2, which does not yet support TLS 1.3. Support for this has been added to the upcoming .NET Core 3.0 release: https://docs.microsoft.com/en-us/dotnet/core/whats-new/dotnet-core-3-0 When this release goes stable later this year, then we will be able to support TLS 1.3. In the meantime, if you have SSL handled by a reverse proxy, then it may work there provided that both your proxy and the client device support TLS 1.3. Please let us know if this helps. Thanks. 1
neik 873 Posted May 10, 2019 Posted May 10, 2019 Hi Luke, I am using nginx as reverse proxy and iirc the last time I tried it it was the show stopper on my FTVS. It could either be a OS limitation or something with the ATV App. @@ebr, is TLS1.3 implemented in the ATV app?
Luke 42078 Posted May 10, 2019 Posted May 10, 2019 There's nothing for the app to implement. It's handled by the platform. We'll have to see if fire tv devices support it.
KMBanana 116 Posted May 10, 2019 Posted May 10, 2019 TLS1.3 is being listed as a feature of Android Q, I'm assuming it is OS dependent, not application specific. Can't find anything specific about 1.3 for Amazon's fire series of devices but I'd guess it's not supported yet.
Luke 42078 Posted May 10, 2019 Posted May 10, 2019 I'm assuming it is OS dependent, not application specific. Yes, exactly right.
neik 873 Posted May 10, 2019 Posted May 10, 2019 TLS1.3 is being listed as a feature of Android Q, I'm assuming it is OS dependent, not application specific. Can't find anything specific about 1.3 for Amazon's fire series of devices but I'd guess it's not supported yet. Yes, apparently it is an Android issue that will be implemented in Android Q, as you said. Source: https://www.xda-developers.com/android-q-tls-1-3-support/
pir8radio 1312 Posted May 11, 2019 Posted May 11, 2019 (edited) when you do a test at: https://www.ssllabs.com/ssltest/index.html what Cipher Suites do you have available? Are you trying to force 1.3 or do you still have 1.2 available for fallback? Cipher Suites # TLS 1.3 (server has no preference) TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS 128 TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS 256P Edited May 11, 2019 by pir8radio
ebr 16182 Posted May 11, 2019 Posted May 11, 2019 The Fire platform hasn't even made it to Android O yet...
neik 873 Posted May 11, 2019 Posted May 11, 2019 @@pir8radio, I am not able to use SSLabs as I am not using the standard https port but a "custom" one and they don't seem to support it. @@ebr, I'm afraid we can give up on the Fire devices for TLS1.3 until new devices are released. TLS1.2 is the best we will get there, I guess.
Tony B. 38 Posted May 15, 2019 Posted May 15, 2019 A lot of users are going to have issues with 1.3 just because Windows 7 is probably not going to get it. That means that Server 2008 R2 won't either. I wouldn't expect it to become "mainstream" for another 5 years. PLUS! It's a new protocol. There is nothing to say that 1.3 is "safe" yet. It could be like SSL2 and 3; Which were a disaster. Only time will tell with enough hackers on the loose to really give it a shot of hacking it to bits.
Shidapu 14 Posted May 16, 2019 Author Posted May 16, 2019 A lot of users are going to have issues with 1.3 just because Windows 7 is probably not going to get it. That means that Server 2008 R2 won't either. I wouldn't expect it to become "mainstream" for another 5 years. PLUS! It's a new protocol. There is nothing to say that 1.3 is "safe" yet. It could be like SSL2 and 3; Which were a disaster. Only time will tell with enough hackers on the loose to really give it a shot of hacking it to bits. Everything can be hacked.. That doesn't mean we shouldn't adopt to new security standards. TLS 1.2 has been out longer than 1.3, The banking sector still uses 1.2. But to minimize the hacking risk, latest standard should always be used.
Sanderluc 11 Posted March 22, 2023 Posted March 22, 2023 This is still a issue, because if I enable TLS 1.3 within cloudflare some devices won't connect anymore, like: - Emby for Windows (App) - Android TV But "Android Mobiles and IOS & Webbrowsers" are working just fine.
Luke 42078 Posted March 29, 2023 Posted March 29, 2023 On 3/22/2023 at 6:53 PM, Sanderluc said: This is still a issue, because if I enable TLS 1.3 within cloudflare some devices won't connect anymore, like: - Emby for Windows (App) - Android TV But "Android Mobiles and IOS & Webbrowsers" are working just fine. @Sanderlucwhat versions of those two apps do you have?
Sanderluc 11 Posted March 30, 2023 Posted March 30, 2023 (edited) On 29/03/2023 at 22:27, Luke said: @Sanderlucwhat versions of those two apps do you have? I have identified the problem: devices older than Android 10 do not support TLS 1.3. For example, I encountered this issue while using a MI Box running on Android 9. Additionally, there is a concern with Windows 10 as, by default, store-applications do not have TLS 1.3 enabled. However, this can be manually configured. For more information, please refer to the following resource: https://www.asustor.com/en-gb/knowledge/detail/?id=&group_id=1011 Edited March 30, 2023 by Sanderluc 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now