ksuzzo wrote:
> None of that fixes the issue that I still have been unable to get it
> working on any computer I have access to though. I have tried three
> different up to date windows 10 machines, in three different physical
> locations. We just tried with one at work and even tried going through a
> VPN in seattle and I still cannot get LMS to connect to any of my
> mysqueezebox.com accounts (I made a new test account just to make sure
> it wasn't an account issue).
Okay. I just installed the openssl binaries on my Win10 machine (instead
of LMS) and verified that a secure connection to MySB.com failed. After
running the Certificate Manager (run->certmgr) under administrative
authority and deleting the expired 'DST Root CA X3' certificate, I was
able to connect successfully:
Code:
--------------------
C:\Program Files\Common Files\SSL>openssl s_client -CAfile D:\Temp\MySB.cer
-connect www.mysqueezebox.com:443
CONNECTED(000001A8)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.squeezenetwork.com
verify return:1
---
Certificate chain
0 s:CN = www.squeezenetwork.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
(blah blah blah)
-----END CERTIFICATE-----
subject=CN = www.squeezenetwork.com
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: ECDSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4435 bytes and written 448 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
Session-ID: DD94744EFF6F5845B9D9165EC7A62F0A8BEE908ACC57E598140CC52923446102
Session-ID-ctx:
Master-Key:
B00DD7F36F3C1861F29B15C1346F3E7A3FBF71A7D8BB1CB08ACCDDD783F27BC6A610CB53FE41C2E2FD0E965A64E35558
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 73 cd 8a ad e4 72 b6 86-d4 dd 1a 21 de 42 df 8f s....r.....!.B..
0010 - cb 9c 89 3d 1f 8a dc 4a-d7 01 cb 37 ef 99 49 1d ...=...J...7..I.
0020 - 20 48 f2 e6 d3 ec 59 a1-dc 67 92 bb 4c a8 4e 7b H....Y..g..L.N{
0030 - c7 db 43 01 6b a0 05 4c-91 25 c9 90 25 f2 34 c6 ..C.k..L.%..%.4.
0040 - 2f 55 b7 f8 ce c2 9b 86-46 17 a4 a2 2b 91 cd 43 /U......F...+..C
0050 - eb 1b b1 62 4b 42 54 02-bb 96 1c 48 cb 23 b4 3a ...bKBT....H.#.:
0060 - 75 5b 3c 31 48 f8 a8 29-44 7f 79 72 9b 49 ae 05 u[<1H..)D.yr.I..
0070 - 14 76 83 1c 25 ff 9d ba-ca 89 cc 16 d3 50 8e 38 .v..%........P.8
0080 - ef cf 32 d3 fe 4f ed 20-6d 35 e2 e8 4b 2b 56 41 ..2..O. m5..K+VA
0090 - 50 64 c1 53 b5 a2 d1 d2-58 d4 45 23 51 b1 29 e3 Pd.S....X.E#Q.).
00a0 - 4a 19 e9 c8 06 7e fe d2-58 4e e8 05 c6 99 4f 30 J....~..XN....O0
00b0 - 8c 37 04 33 10 94 97 51-6c b6 1a 03 5c 88 40 77 .7.3...Ql...\.@w
Start Time: 1633549334
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
closed
--------------------
So the solution for Win10 machines running LMS is to delete the expired
'DST Root CA X3' certificate. I hope that helps.
Sam
------------------------------------------------------------------------
SamY's Profile: http://forums.slimdevices.com/member.php?userid=63495
View this thread: http://forums.slimdevices.com/showthread.php?t=115185
_______________________________________________
Squeezecenter mailing list
[email protected]
http://lists.slimdevices.com/mailman/listinfo/squeezecenter
