Menu

#190 HTTPS using deprecated SSL version

Windows
open
nobody
HTTPS (1) SSL (1) TLS (1)
5
2021-04-10
2017-11-06
Jon
No

Running Juice version 2.2 on Windows 7. It has been downloading the ISC Stormcast using RSS from https://isc.sans.edu/dailypodcast.xml for example https://traffic.libsyn.com/securitypodcast/5728.mp3 fine for months. But a week or 2 ago the service apparently tightened their security to not allow SSL 3.0 and earlier protocols - maybe TLS 1.0 as well, I'm not certain. Anyway Juice has been unable to download any of their podcasts since then, just sits there with State : Downloading, Progress : 0.0%
Packet captures show it establishing the TCP connection, then sending the HTTPS Client Hello and then getting a FIN packet back from the server - closing the connection. Hitting that link from a browser or current wget successfully downloads the file, a very old wget exhibits the same problem.
Probably need to have Juice use TLS 1.2.

Discussion

  • Luke

    Luke - 2018-05-07

    This is really disappointing to me.

    I'm having to manually download 2-3 podcasts each week.

     

  • Tim Fadden

    Tim Fadden - 2018-05-09

    Here is a log of the problem just in case you don't have it yet. Well, I thing it is. Coast to coast changed to the site as listed below, previously not ssl, and now the downloads no longer work.

    Cheers!

    File "ipodder\grabbers.pyc", line 597, in _translateUsualDownloadErrors
    File "ipodder\grabbers.pyc", line 427, in _open_resource
    File "urllib2.pyc", line 326, in open
    File "urllib2.pyc", line 306, in _call_chain
    File "urllib2.pyc", line 908, in https_open
    File "urllib2.pyc", line 895, in do_open
    File "urllib2.pyc", line 346, in error
    File "urllib2.pyc", line 306, in _call_chain
    File "ipodder\contrib\feedparser.pyc", line 1489, in http_error_302
    File "urllib2.pyc", line 472, in http_error_302
    File "urllib2.pyc", line 326, in open
    File "urllib2.pyc", line 306, in _call_chain
    File "urllib2.pyc", line 908, in https_open
    File "urllib2.pyc", line 884, in do_open
    File "httplib.pyc", line 715, in endheaders
    File "httplib.pyc", line 600, in _send_output
    File "httplib.pyc", line 567, in send
    File "httplib.pyc", line 988, in connect
    File "socket.pyc", line 73, in ssl
    sslerror: (1, 'error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version')
    Can't grab https://dts.podtrac.com/redirect.mp3/services.premierenetworks.com/streamlink/T.FADDEN@COX.NET/5af4dd00f24feda722999504b63ce8cfc5784f78/coast/podcast/media/episode/5a915ffb65671757940d4701/Coast%20to%20Coast%20-%20Feb%2023%202018%20-%20Hour%201.mp3: unexpected error <socket.sslerror instance="" at="" 0x08d21440="">
    BasicGrabber 148471152 u'Coast to Coast - Feb 20 2018 - Hour 4.mp3.partial' reports: This traceback is new to us:
    Traceback (most recent call last):
    File "ipodder\grabbers.pyc", line 597, in _translateUsualDownloadErrors
    File "ipodder\grabbers.pyc", line 427, in _open_resource
    File "urllib2.pyc", line 326, in open
    File "urllib2.pyc", line 306, in _call_chain
    File "urllib2.pyc", line 908, in https_open
    File "urllib2.pyc", line 895, in do_open
    File "urllib2.pyc", line 346, in error
    File "urllib2.pyc", line 306, in _call_chain
    File "ipodder\contrib\feedparser.pyc", line 1489, in http_error_302
    File "urllib2.pyc", line 472, in http_error_302
    File "urllib2.pyc", line 326, in open
    File "urllib2.pyc", line 306, in _call_chain
    File "urllib2.pyc", line 908, in https_open
    File "urllib2.pyc", line 884, in do_open
    File "httplib.pyc", line 715, in endheaders
    File "httplib.pyc", line 600, in _send_output
    File "httplib.pyc", line 567, in send
    File "httplib.pyc", line 988, in connect
    File "socket.pyc", line 73, in ssl
    sslerror: (1, 'error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version')
    Can't grab https://dts.podtrac.com/redirect.mp3/services.premierenetworks.com/streamlink/T.FADDEN@COX.NET/5af4dd004bb951ea762a0fd2b1443fb3f85db8bc/coast/podcast/media/episode/5a8d5ddc1d27920c7a5dc9e2/Coast%20to%20Coast%20-%20Feb%2020%202018%20-%20Hour%204.mp3: unexpected error <socket.sslerror instance="" at="" 0x08d91dc8=""></socket.sslerror></socket.sslerror>

     

    Last edit: Tim Fadden 2018-05-09

  • John Burbelbubble

    John Burbelbubble - 2019-03-21

    I've been dealing with the same problem for the past year, and it's getting worse as more podcast RSS distributors change (apparently) their security levels. I haven't found another podcast receiver that will work with WinXP, so I've also been stuck with downloading individual podcasts...and for me it's a lot more than 2 or 3 a week! Another alternative I've been using is the VLC program(v 2.2.4), it's Playlist has a crude podcast section that streams podcasts. It has some annoying bugs, but is a little quicker than manually downloading individual episodes.

    I'm not a programmer, but I think the only solution is to find a person who can re-program the iPodder/Juice to work with the newer security protocols. Would that be a difficult take for a knowledgeable person?

     

    • Scott Grayban

      Scott Grayban - 2019-05-18

      I was one of the original developers when it was called iPodder but it seems the only thing that needs to be updated are the url python libararies urllib2.pyc, httplib.pyc, socket.pyc and maybe feedparser.pyc

      I haven't messed with this code in years but I'll have a whack at it in the nexxt few weeks.

       

      Last edit: Scott Grayban 2019-05-18

  • Tim Fadden

    Tim Fadden - 2019-03-22

    I switched to gPodder, quite some time ago which works fine.

     

  • John Burbelbubble

    John Burbelbubble - 2019-04-03

    I've been trying out gPodder, but my first attempt (Fresh Air podcasts) is producing the same SSL Certificate Verify Failed error. Tried to get support at Github, but with my Firefox 52 ESR and Chrome v49 browsers, I'm denied registration. And since I use WinXP, those are the latest browsers I can use.

    I take it you haven't run into this problem...or did you find a way to solve it?

     

  • Scott Grayban

    Scott Grayban - 2019-05-18

    So I had a short look at this and it seems I'll have to add import ssl in grabbers.py and set the Protocol to use PROTOCOL_TLSv1

    In short something like this....

    import socket
import ssl

# SET VARIABLES
packet, reply = "<packet>SOME_DATA</packet>", ""
HOST, PORT = 'XX.XX.XX.XX', 4434

# CREATE SOCKET
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(10)

# WRAP SOCKET
wrappedSocket = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, ciphers="ADH-AES256-SHA")

# CONNECT AND PRINT REPLY
wrappedSocket.connect((HOST, PORT))
wrappedSocket.send(packet)
print wrappedSocket.recv(1280)

# CLOSE SOCKET CONNECTION
wrappedSocket.close()
     

    • Jared

      Jared - 2021-04-10

      Hey Scott, appreciate you looking into this back in 2019 (and your work on this in years past)!

      Any chance you might get your updates added into the code and new binaries built?

       

  • Larry Silvermintz

    Larry Silvermintz - 2020-09-20

    Greetings all! Any progress updating Juice to handle https? I am mostly blind, and Juice is by far and wide the best interface. The ease in selecting episodes, the Windows classic-explorer like lists, the simple and complete Preferences window, no comparison to anything I’ve tried. I would GLADLY pay someone for updated Juice! What can we do?
    --Larry S

     

Log in to post a comment.

MongoDB Logo MongoDB