Check if we can default to TLS 1.2

[razzeee]

Had a user report this:

trakt/script.trakt#333 (comment)

Seems that's a certificate issue.
I fix it changing your 3.1.8 version file "~/.kodi/addons/script.module.trakt/lib/trakt/core/http.py"
The actual line:

        self.session.mount('https://', HTTPSAdapter(ssl_version=ssl.PROTOCOL_TLSv1, **self.adapter_kwargs))

by this one:

        self.session.mount('https://', HTTPSAdapter(ssl_version=ssl.PROTOCOL_TLSv1_2, **self.adapter_kwargs))

And works. Certificate on the autorization page acepts TLS v 1.2 and fails (at least for me) with TLS v 1.0

Feel free to double check it and add it to yor version if you like.

Regards

[fuzeman]

The SSL version was originally set to TLSv1 due to #25, not sure if that's still an issue though...

I'm wondering if we should try change back to the default auto-negotiate mode (PROTOCOL_SSLv23 / PROTOCOL_TLS), as changing the protocol to TLSv1_2 will mean OpenSSL v1.0.1+ is now required to make any requests with the library (unless you switch back to http://)...

If there is still some users experiencing issue #25 in Kodi, maybe there should just be an option to pick a specific SSL version? (could define a property for you to change it)

---

I would also try get the requests library updated to the latest version, currently Kodi is using v2.9.1 which is 3 minor releases behind the latest version (v2.12.4).

[razzeee]

I think we should go for auto-negotiation.
If it's still an issue, it will pop up again and then we can look at a property.

I'll try to ping the maintainer of the requests module, if he doesn't respond, I'll take it over.

[fuzeman]

I've switched back to automatic negotiation on the develop branch, will be publishing a new release after some more testing later today.

---

I've also made the changes described in this post on the develop branch, so you might want to check your lookup and search calls are still working correctly.

[razzeee]

I actually checked the URL changes this morning. So I knew they were there :)

…

On Wed, Jan 11, 2017, 01:57 Dean Gardiner ***@***.***> wrote: I've switched back to automatic negotiation on the develop branch, will be publishing a new release after some more testing later today. ------------------------------ I've also made the changes described in this post <https://plus.google.com/u/0/109991097847241028373/posts/B4gpC22priV> on the develop branch, so you might want to check your lookup and search calls are still working correctly. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#52 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFqyZAv5lA_2osPMenyKdizgOqBP5knwks5rRCkOgaJpZM4Lfhby> .

[razzeee]

Updating requests also might help a bunch. This particular sounds ingesting.

Fixed a bug when sending JSON data that could cause us to encounter

obscure OpenSSL errors in certain network conditions (yes, really).

…

On Wed, Jan 11, 2017, 02:07 Kolja ***@***.***> wrote: I actually checked the URL changes this morning. So I knew they were there :) On Wed, Jan 11, 2017, 01:57 Dean Gardiner ***@***.***> wrote: I've switched back to automatic negotiation on the develop branch, will be publishing a new release after some more testing later today. ------------------------------ I've also made the changes described in this post <https://plus.google.com/u/0/109991097847241028373/posts/B4gpC22priV> on the develop branch, so you might want to check your lookup and search calls are still working correctly. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#52 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFqyZAv5lA_2osPMenyKdizgOqBP5knwks5rRCkOgaJpZM4Lfhby> .

[fuzeman]

Released changes in v2.12.0