Login at Kodi Home

paplo · 2017-09-28, 13:45

Hi guys

I'm using a mariadb sql server to store a shared library database to share between multiple Kodi instances in my household and across the internet. I have created certificates for server and clients and added the <key></key>, <cert>, </cert>, <ca></ca> entries in my advancedsettings.xml file. It's working fine but I've noticed by capturing packets with wireshark that the TLS connection only uses version 1.0 I know my sql server supports TLS v1.2 and when I enforce TLS 1.2 on the server the TLS handshake doesn't happen. Is there a tweak in Kodi to amp it up to TLS v1.2? Does it support it at all?

**Rechi** · 2017-09-28, 14:42

Which OS and Kodi version do you use on your devices?

paplo · 2017-09-28, 14:48

I use Kodi 17.3/4 on Windows 10 and on Libreelec 8.0.2 on some raspberry pi's

(2017-09-28, 14:42)Rechi Wrote: Which OS and Kodi version do you use on your devices?

**Rechi** · 2017-09-28, 15:15

Kodi 17 on Windows and LibreELEC 8.0 won't support TLS 1.1 or TLS 1.2.

On Windows a 64 bit nightly should support them and it looks like LibreELEC 8.2 will also support the newer protocols.

paplo · 2017-09-28, 15:21

So this is not Kodi related? I thought it was a build in sql client in Kodi that had the limitation. Can you please link to this information?

(2017-09-28, 15:15)Rechi Wrote: Kodi 17 on Windows and LibreELEC 8.0 won't support TLS 1.1 or TLS 1.2.

On Windows a 64 bit nightly should support them and it looks like LibreELEC 8.2 will also support the newer protocols.

marantz · 2017-10-07, 16:09

Tls 1.2 works fine om le 8.0 bit not Windows. It needs mysql 5.7 or higher to use Tls 1.2

**Rechi** · 2017-10-07, 22:20

(2017-09-28, 15:21)paplo Wrote: So this is not Kodi related? I thought it was a build in sql client in Kodi that had the limitation. Can you please link to this information?

For TLS 1.2 support you need MySQL 5.7.10 or newer and OpenSSL 1.0.1 or newer.
We are a bit lazy on using the latest versions of those libraries and therefore it isn't supported on all Kodi versions (except Windows 64 bit nightly).

LibreELEC builds Kodi with different versions of those libraries, but last time I looked at it 8.0 didn't have the required versions.

marantz · 2017-10-08, 00:30

I know for a fact that le 8.0 works with tls 1.2, becouse with mariadb you can force tls 1.2 and I have tested that.

**Rechi** · (This post was last modified: 2017-10-08, 09:53 by Rechi.)

(2017-10-08, 00:30)marantz Wrote: I know for a fact that le 8.0 works with tls 1.2, becouse with mariadb you can force tls 1.2 and I have tested that.

LibreELEC uses a new enough version of mysql, but they use libressl instead of openssl in 8.0.
I wasn't sure if TLS 1.2 works with that libressl version, but thanks for clarifying it.