View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0013696MMW v4Podcastspublic2016-11-29 15:322016-12-03 00:19
Reporterpeke Assigned To 
PriorityurgentSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Target Version4.1.15Fixed in Version4.1.15 
Summary0013696: Podcast: Incorrect URL representation in podcasts
DescriptionThere is some cases where podcast if using regular http:// to RSS feed, but actual podcast download links are presented in https://

So unless there is a login information I would suggest that on SSL error or even by default MMW try using http:// instead of https:// to retrieve podcasts and see if it succeed. Especially if podcast subscription is in http:// and not in https:// there is no point of using https:/ tuneling

Example podcast RSS is http://blog.ct.de/ctuplink/ctuplink.rss where changing every link from https:// to http:// dovloads and plays podcast without any problems.
Additional InformationKSO-511-94355
http://www.mediamonkey.com/forum/viewtopic.php?f=1&t=86537
TagsNo tags attached.
Attached Files
SSL-error.jpg (203,384 bytes)   
SSL-error.jpg (203,384 bytes)   
Fixed in build1818

Relationships

related to 0013071 closedLudek Penny Arcade Podcast fails with SSL error 
related to 0013712 closedpeke Podcast: Downloading trigger COM elevation 
child of 0013699 closedLudek SSL Connections: We should update to latest OpenSSL libraries 

Activities

peke

2016-11-29 16:08

developer   ~0046304

podcast fail on SSL handshake which indicate not supported protocol for the url

Ludek

2016-11-29 16:58

developer   ~0046305

Last edited: 2016-11-29 17:05

 Changing the protocol would be a hack that I would rather avoid.

Better would be to find and fix why there is the handshake SSL error as this doesn't happen when the same link is put into IE or Chrome.

Tested on https://dz6rzbt3lkau8.cloudfront.net/audio/120860220_a232408c42.jom.ecd3caa208edd91a1bda0f4661b0027b.mp3

The strange thing is that the link can be played in MM (via menu File > 'Open URL or File...'), but fails to download with the SSL error (via menu File > Download file...)

peke

2016-11-30 00:07

developer   ~0046313

return "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake" means that they disabled SSL 3.0, and that site is 'safe' and further secure connections should be negotiated using TLS.

here are currently-valid SSL/TLS versions, listed from most-secure to least-secure:

Best to worst:
TLS 1.2 (best choice today)
TLS 1.1
TLS 1.0
SSL 3.0 (has the POODLE vulnerability)
SSL 2.0 (generally not recommended, and typically not even available in modern webservers)
SSL 1 (obsolete, no longer offered)

This should be fixed in Both MM4.x and merged into MM5 immediately as currently MMW uses SSL3.0 negotiation that is proved as unsafe and prone to POODLE vulnerability https://www.openssl.org/~bodo/ssl-poodle.pdf

Ludek

2016-11-30 14:56

developer   ~0046329

Last edited: 2016-11-30 15:10

 Tried updated Indy (with TLS 1.2 support) and it solves the issue (like in 0013071).

Ludek

2016-12-01 18:35

developer   ~0046356

Last edited: 2016-12-01 18:35

 Fixed in 1818

peke

2016-12-02 09:34

developer   ~0046367

Reopen This podcast still do not work same error no sslv3

Ludek

2016-12-02 10:52

developer   ~0046369

You are right, for some reason it doesn't work in 1818 although it works fine on my local sources.

Petr, did you updated sources from SVN before creating 1818?
Is the new Indy included?

petr

2016-12-02 15:33

developer   ~0046371

Uploaded updated 1818

peke

2016-12-03 00:19

developer   ~0046374

Verified 1818