-
-
Notifications
You must be signed in to change notification settings - Fork 413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
playSound/playSound3D TLSv1.2 on internet streams #3012
Comments
After some reading into this, here's what I found: https://www.un4seen.com/doc/#bass/BASS_CONFIG_LIBSSL.html
Could this mean that only some clients are still using TLSv1? Edit: I see that this line responsible for setting the user agent:
|
Windows 7 does not negotiate TLS 1.1 or 1.2 by default when using WinHTTP, so if the affected players are running Windows 7, that could be the reason. Microsoft has published a support article with details on how to enable TLS 1.2 support. If that is the reason, BASS in theory could work around this issue by forcing the set of protocols to negotiate, but not relying on OS defaults in this kind of things might cause trouble in certain network configurations (for example, if the player has to use a proxy with outdated server software to access the Internet). |
Appreciate the quick and detailed response! Seems this affects only certain users. Can you or anyone confirm if bass audio negotiates to use tlsv1.2 for Windows 10+?
It seems I have no choice but to setup a proxy to resolve this issue. I was thinking it would be an easy fix, looked into it myself last night and doesn't seem to be that way.
Feel free to close this issue, if you think it's appropriate.
Thanks,
Ricky
…________________________________
From: Alejandro González ***@***.***>
Sent: Friday, 19 May 2023, 08:29
To: multitheftauto/mtasa-blue ***@***.***>
Cc: Rick ***@***.***>; Author ***@***.***>
Subject: Re: [multitheftauto/mtasa-blue] playSound/playSound3D TLSv1.2 on internet streams (Issue #3012)
Windows 7 does not negotiate TLS 1.1 or 1.2 by default when using WinHTTP, so if the affected players are running Windows 7, that could be the reason. Microsoft has published a support article with details on how to enable TLS 1.2 support<https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392>.
If that is the reason, BASS in theory could work around this issue by forcing the set of protocols to negotiate, but not relying on OS defaults in this kind of things might cause trouble in certain network configurations (for example, if the player has to use a proxy with outdated server software to access the Internet).
—
Reply to this email directly, view it on GitHub<#3012 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AATDAYIZF227LO6COTK6UFTXG4OMNANCNFSM6AAAAAAYHE7SPU>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
I will send an email to the BASS developer (Ian from Un4seen studios) to ask for his thoughts on this, it can be useful as they are known to optimize compatibility with as many user systems/scenario's as they are able to in their libraries. Wouldn't surprise me if he'll end up adding a specific TLS negotiation mechanism for old OS users. |
Thanks Dutch, I'll look into alternatives in the meantime.
Since this seems like an OS issue, I know Windows 7 end of support was years ago now but we both know that many users continue to use it.
Are there any other http calls on the client-side which are affected?
…________________________________
From: Dutchman101 ***@***.***>
Sent: Friday, 19 May 2023, 11:41
To: multitheftauto/mtasa-blue ***@***.***>
Cc: Rick ***@***.***>; Author ***@***.***>
Subject: Re: [multitheftauto/mtasa-blue] playSound/playSound3D TLSv1.2 on internet streams (Issue #3012)
I will send an email to the BASS developer (Ian from Un4seen studios) to ask for his thoughts on this, it can be useful as they are known to optimize compatibility with as many user systems/scenario's as they are able to in their libraries. Wouldn't surprise me if he'll end up adding a specific TLS negotiation mechanism for old OS users.
—
Reply to this email directly, view it on GitHub<#3012 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AATDAYNGKFBAFJP4OKTH7S3XG5E5BANCNFSM6AAAAAAYHE7SPU>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Is your feature request related to a problem? Please describe.
I have a free (and open source) cloud based YouTube to mp3 downloader service with files hosted by public AWS S3 bucket.
Only MTA:SA user agents are affected, I believe it's stemming from
playSound
/playSound3D
and therefore the bass audio library (please correct me if I'm wrong). One of the servers, which I am affiliated with is owned by @Dutchman101 (I believe he has some knowledge about the bass audio library too)I recently received an email from AWS as follows (I've redacted any PII):
Describe the solution you'd like
As a best practice, we should enforce TLS 1.2 or higher if possible from playSound/playSound3D on internet streams.
Describe alternatives you've considered
For me personally, AWS have suggested I use (cloudfront as) a proxy. This could work for others too with services with similar problems.
Additional context
I know this is only a problem for myself but I wanted to bring it to your attention. Later down the line, it could become a problem for users that want to use similar services and it might also be related to
fetchRemote
et al (although I highly doubt it). I do not expect this to get fixed in any time soon, however, If can find a fix myself I will send a PR.As far as I am aware this poses no security risks, users are simply streaming mp3 music.
Security Policy
The text was updated successfully, but these errors were encountered: