Subsonic Forum

[manray]

I think I have the majority of it figured out .. I just need a hand from someone smarter than I.

Bottom line: Subsonic's configuration of Java doesn't support the https ciphers of the server that hosts the mp3s of a podcast I listen to.

In the we gui, subsonic reports

Code: Select all

Received fatal alert: handshake_failure

Looking at the logs we get a bit more info:

Code: Select all

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

A bit of googling and using a command line tool nmap shows the supported ciphers of the podcast's host server.

Code: Select all

nmap --script ssl-enum-ciphers -p 443 mp3s.nashownotes.com

Starting Nmap 6.40 ( http://nmap.org ) at 2020-04-14 09:27 CDT
Nmap scan report for mp3s.nashownotes.com (5.196.104.49)
Host is up (0.00020s latency).
Other addresses for mp3s.nashownotes.com (not scanned): 192.99.243.81 37.59.153.17 192.99.243.57 149.56.190.57
rDNS record for 5.196.104.49: fr1-mp3s.nashownotes.com
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   SSLv3: No supported ciphers found
|   TLSv1.2:
|     ciphers:
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|     compressors:
|       NULL
|_  least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 3.92 seconds

Here's a link to some fellow's write up about this seemingly common java isssue: https://dzone.com/articles/troubleshooting-javaxnetsslsslhandshakeexception-r

Seems like the solution is to expand the Subsonic server's instantiation of java to allow other ciphers. Here's where I need help - how do adjust my Subsonic system to do that?

I wonder (I'm soliciting opinion here) as more/newer/evolving https ciphers are employed on podcast servers will we see more of this issue down the road?

Obligatory server info below

Code: Select all

Version   6.1.6 (build 0cfa60) – November 10, 2019
Server   jetty-6.1.x, java 1.7.0_201, HSQLDB, Linux (112.9 MB / 203.0 MB)


[alphawave7]

I would suggest updating your java...shut down SS first! I quickly dug up this quick-n-dirty how to, but you could use others: https://arkit.co.in/update-java-version-linux/

BTW, ITM, citizen..Sir Riptitious, Knight of the Marin Headlands, at your service.

[manray]

ITM Sir Riptititous;

What a pleasant surprise! Glad to see knights at the service of human resources in the Candinavian protectorate.

Your solution (while I didn't follow it) got me thinking. Here's what I did wrong ... I upgraded the jre from 7 to 8 and didn't remove version 7. Two problems: first, it's untidy .. secondly the environment path referenced version 7's binaries.

Epic fail. What gave it away is

Code: Select all

Server   jetty-6.1.x, java 1.7.0_201, HSQLDB, Linux (112.9 MB / 203.0 MB)

... as opposed to the current situation:

Code: Select all

   jetty-6.1.x, java 1.8.0_222, HSQLDB, Linux (73.9 MB / 262.0 MB)

At the end of it all, version 8 does support the ciphers.

BingoBoomShakalaka

Thanks for the response. Love and light. Thank you for your service.