Podcast won't download due to no common https cipher

Need help? Post your questions here.

Moderator: moderators

Podcast won't download due to no common https cipher

Postby manray » Tue Apr 14, 2020 3:01 pm

I think I have the majority of it figured out .. I just need a hand from someone smarter than I.

Bottom line: Subsonic's configuration of Java doesn't support the https ciphers of the server that hosts the mp3s of a podcast I listen to.

In the we gui, subsonic reports
Code: Select all
Received fatal alert: handshake_failure

Looking at the logs we get a bit more info:
Code: Select all
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure


A bit of googling and using a command line tool nmap shows the supported ciphers of the podcast's host server.
Code: Select all
nmap --script ssl-enum-ciphers -p 443 mp3s.nashownotes.com

Starting Nmap 6.40 ( http://nmap.org ) at 2020-04-14 09:27 CDT
Nmap scan report for mp3s.nashownotes.com (5.196.104.49)
Host is up (0.00020s latency).
Other addresses for mp3s.nashownotes.com (not scanned): 192.99.243.81 37.59.153.17 192.99.243.57 149.56.190.57
rDNS record for 5.196.104.49: fr1-mp3s.nashownotes.com
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   SSLv3: No supported ciphers found
|   TLSv1.2:
|     ciphers:
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|     compressors:
|       NULL
|_  least strength: strong

Nmap done: 1 IP address (1 host up) scanned in 3.92 seconds


Here's a link to some fellow's write up about this seemingly common java isssue: https://dzone.com/articles/troubleshooting-javaxnetsslsslhandshakeexception-r

Seems like the solution is to expand the Subsonic server's instantiation of java to allow other ciphers. Here's where I need help - how do adjust my Subsonic system to do that?

I wonder (I'm soliciting opinion here) as more/newer/evolving https ciphers are employed on podcast servers will we see more of this issue down the road?

Obligatory server info below

Code: Select all
Version   6.1.6 (build 0cfa60) – November 10, 2019
Server   jetty-6.1.x, java 1.7.0_201, HSQLDB, Linux (112.9 MB / 203.0 MB)
manray
 
Posts: 2
Joined: Tue Apr 14, 2020 2:28 pm

Re: Podcast won't download due to no common https cipher

Postby alphawave7 » Wed Apr 15, 2020 3:06 am

I would suggest updating your java...shut down SS first! I quickly dug up this quick-n-dirty how to, but you could use others: https://arkit.co.in/update-java-version-linux/

BTW, ITM, citizen..Sir Riptitious, Knight of the Marin Headlands, at your service.
alphawave7
 
Posts: 1035
Joined: Thu Feb 11, 2010 9:54 am

Re: Podcast won't download due to no common https cipher

Postby manray » Wed Apr 15, 2020 4:57 pm

ITM Sir Riptititous;

What a pleasant surprise! Glad to see knights at the service of human resources in the Candinavian protectorate.

Your solution (while I didn't follow it) got me thinking. Here's what I did wrong ... I upgraded the jre from 7 to 8 and didn't remove version 7. Two problems: first, it's untidy .. secondly the environment path referenced version 7's binaries.

Epic fail. What gave it away is
Code: Select all
Server   jetty-6.1.x, java 1.7.0_201, HSQLDB, Linux (112.9 MB / 203.0 MB)
... as opposed to the current situation:
Code: Select all
   jetty-6.1.x, java 1.8.0_222, HSQLDB, Linux (73.9 MB / 262.0 MB)


At the end of it all, version 8 does support the ciphers.

BingoBoomShakalaka

Thanks for the response. Love and light. Thank you for your service.
manray
 
Posts: 2
Joined: Tue Apr 14, 2020 2:28 pm


Return to Help

Who is online

Users browsing this forum: Bing [Bot] and 5 guests