If you have not already, we suggest setting your Plex username to something else rather than email which is displayed on your posts in forum. You can change the username at https://app.plex.tv/desktop#!/account
Welcome to our forums! Please take a few moments to read through our Community Guidelines (also conveniently linked in the header at the top of each page). There, you'll find guidelines on conduct, tips on getting the help you may be searching for, and more!

HTTPS broken

tomyuntomyun Posts: 51Members ✭✭

HTTP.Request() to HTTPS URLs result into an error:

URLError: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590)>

Seems like this has been an outstanding issue for sometime which requires an update for the built-in Python to at least 2.7.9 (which was released in 2014).

https://forums.plex.tv/discussion/229031/outdated-ssl-python-handshake-errors
https://forums.plex.tv/discussion/248351/fix-for-sni-ssl
https://forums.plex.tv/discussion/222070/plex-official-channel-vice-ssl-error-on-featured-vice-news

Since more and more websites are migrating to HTTPS by default, I'd say this could be a deal breaker for many channel plugins for Plex. Does anyone know whether Plex has a plan to address this issue?

Tagged:

Answers

  • JamminRJamminR Posts: 3,357Members, Plex Pass Plex Pass

    Someone does, but, Plex company will likely never tell anyone until after they update. That could be today. That could be 10 years. That could be never.
    I've suffered, and fortunately, got channel developers to do work-arounds, for several of the channels I use.
    And, honestly, I've not seen your error, but, usually see another error.
    Searching for "CERTIFICATE_VERIFY_FAILED" results in 44 posts.
    It seems Plex has been ignoring the error for several years.
    Scary thing.. it even affected the ability of Plex to obtain metadata within some of their agents for several.

    Server - HW: I7-4790K(Haswell), 16GB - SW: Win10 Pro + PMS v1.12.3.4973
    Misc. HW: HDHR Extend + 2TB RAID1(Intel Z87) + 4x4TB RAID5(QNAP TS-653Pro)
    Shares - From: 2  - To: 18(5) - Potential lifetime PlexPass data generating product customer!
    ISP: ~20mbps up/1TB monthly "cap" - (Monthly avg. xfer ~450gb)
    Search the Plex WIKI before asking silly questions.
    Plex stuff I favor - Tautulli - UASv3 - PlexEmail - FMoviesPlus
  • shopgirl284shopgirl284 Posts: 2,835Members, Plex Pass, Plex Ninja, Forum Moderator Plex Ninja

    Many issues and questions can be resolved by reviewing the Plex Support Documentation
    Providing details about your issue, Plex setup, and including log files are important when when asking for help on the forums.
    See Log Files
    Before posting channel plugin questions or issues, please review the pinned threads at the top of the Channel Plugin forum:
    READ FIRST: Guidelines for Posting Channel Plugin Issues/Questions and Things to Check First
    FAQ for Channel Plugin FAQ

  • ddnddn Posts: 5Members ✭✭

    Is anyone going to fix this?

    This basically breaks all scanners or agents that need HTTPS. The SNI issue is at least 5 years old.

  • JamminRJamminR Posts: 3,357Members, Plex Pass Plex Pass

    @ddn - what's your operating system?
    I've not seen SSL error in quite sometime on my WIndows box (but that might be due to the workarounds)
    Though Plex is still many versions behind, they've updated to Python 2.7.12 for Windows version of Plex sometime in the past year or two.
    M:\Program Files (x86)\Plex\Plex Media Server>PlexScriptHost.exe --version
    Python 2.7.12

    Server - HW: I7-4790K(Haswell), 16GB - SW: Win10 Pro + PMS v1.12.3.4973
    Misc. HW: HDHR Extend + 2TB RAID1(Intel Z87) + 4x4TB RAID5(QNAP TS-653Pro)
    Shares - From: 2  - To: 18(5) - Potential lifetime PlexPass data generating product customer!
    ISP: ~20mbps up/1TB monthly "cap" - (Monthly avg. xfer ~450gb)
    Search the Plex WIKI before asking silly questions.
    Plex stuff I favor - Tautulli - UASv3 - PlexEmail - FMoviesPlus
  • ddnddn Posts: 5Members ✭✭

    The machine is a bit older so it's running OS X Sierra. I could update it to HS, but I don't think it would make any difference in this.

    From what I can tell, Plex is using the python with internal libraries that ship with it, that are super old including using urrlib2.

    I did try installing a completely separate python with brew, but I couldn't get plex to use the /usr/local/bin/python vs system-installed.

  • ddnddn Posts: 5Members ✭✭

    Yeah, to follow up, @JamminR. I updated to High Sierra, and the system python isn't even linked to OpenSSL, it's LibreSSL 2.2.7 now. But the Plex scanning is still broken just the same. I'd be happy to be wrong, but I'm pretty sure this needs to be fixed in Plex's libraries.

  • sander1sander1 Channel Developer/Admin Posts: 3,669Members, Plex Pass, Plex Ninja Plex Ninja
    edited March 27

    I've never understood the error completely. I know it has something to do with new versions of Python/urllib trying to verify the security certificates (older versions of Python/urllib did not do this).
    I only know of some workarounds.

    1. Do not verify certificates. A bit like how older Python versions worked:

    Or:
    2. Use external Python libraries

  • ddnddn Posts: 5Members ✭✭

    @sander1 super helpful, thank you. Your guide to adding external libraries was perfect, and I was able to fix this scanner.

    Ironically though, now all the metadata is correct but the artwork display, most likely because the Plex internals still use the libraries with broken SNI! :s

    Same problem as your solution #1. It's fine to not verify certificates, unless the server on the other end refuses to handshake if you don't pass servername. So, basically, Plex still needs to fix this.

  • sander1sander1 Channel Developer/Admin Posts: 3,669Members, Plex Pass, Plex Ninja Plex Ninja

    @ddn Can I see your scanner and/or metadata code somewhere online? Or are we talking about the default Plex scanner(s) and agent(s)?

  • ddnddn Posts: 5Members ✭✭
    edited March 28

    @sander1 I ported the scanner code to requests, and now it works perfectly. You can see the original code here though https://github.com/mmmmmtasty/SportScanner

    That said, it's still fundamentally broken because Plex then internally tries to download the art that is on an HTTPS URL and fails.

    i.e.: com.plexapp.system.log.3:URLError: urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590)

    This needs to be fixed in Plex, it's ridiculous that it's still broken many years after SNI was fixed in python.

Sign In or Register to comment.