Sonos: incomplete TLS handshake: no shared cipher

Joost45935 · March 12, 2021, 8:59pm

Server Version#: 1.22.0.4163 on Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-66-generic x86_64)
Player Version#: Sonos Connect S1

Somewhere the last few weeks my Sonos is unable to play songs from Plex. I can still browse the library from Sonos apps, but when I try to play the song it doesn’t work, Plex logs shows:

Mar 12, 2021 21:44:59.550 [0x7f24f3fff700] DEBUG - CERT: incomplete TLS handshake: no shared cipher

Any ideas?

Update

Did some more digging.

Plex seems to supports the following ciphers:

    [+] Testing for strong ciphers (based on AES) ...
Accepted  TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA256     Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA        Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA384     Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA        Curve 25519 DHE 253
Accepted  TLSv1.1  256 bits  ECDHE-ECDSA-AES256-SHA        Curve 25519 DHE 253
Accepted  TLSv1.0  256 bits  ECDHE-ECDSA-AES256-SHA        Curve 25519 DHE 253

The SSL Client Hello of Sonos contains these:

Cipher Suites (9 suites)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
    Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
    Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
    Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
    Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

So that would explain the error. But now how to fix this. Plex does not seem to support any RSA cipher??

Joost45935 · March 12, 2021, 9:47pm

All right, got it working. My conclusion is that Sonos probably just can’t work with the Plex issued certs. So, I’m now using my own certificate (under Settings → Network), and have disabled Remote Access (Under Settings → Remote Access). I have a port opened up to Plex in my router, so all still works outside of home network as well. Basically I’ve just shut off the Plex managed SSL certs, and have every connection just use my own cert.

Would be nice if this could be fixed by Sonos & Plex though. I should not be the only one having this issue…

tarcus69 · March 24, 2021, 1:51pm

I too am getting the same issue.

I am currently on plex server 1.21.4.4054

I have made sure dns-rebinding is not an issue (there are no plex.direct errors in the current logs although the attached logs show some at the start – this was spotted and corrected)

When I try to select plex content in the Sonos app I can see the content, however attempting to play it results in a “connection to the plex server was lost” error from the sonos app.

The log shows the error “CERT: incomplete TLS handshake: no shared cipher”

Log attached for hopefully someone at plex to look into for both of us!
debug.log (80.9 KB)

johnclayton · March 24, 2021, 5:24pm

@tarcus69 are you also still using the S1 Sonos app?

tarcus69 · March 24, 2021, 5:58pm

Yes I am, forgot to mention that. Do you think that’s a significant factor? I’m using Sonos S1 version 11.2.6 on Android, the speakers are set to auto-update.

Joost45935 · March 24, 2021, 8:41pm

The failing communication is between the speakers and Plex directly. The S1 app is not involved.

johnclayton · March 24, 2021, 9:15pm

Speakers still running the S1 software appear to not support newer ECDSA certificates like the ones that PMS uses if you don’t specify your own.

We’ve got a fix in the works for PMS to allow RSA-based certificates.

tarcus69 · March 25, 2021, 7:39am

S1 software on android matches S1 software on speakers, it’s what’s on the speakers that’s important here, the android software can connect but the speakers can’t from the look of it.

tarcus69 · March 25, 2021, 7:40am

Great to hear, I’ll look forward to it.

petr_beles_com · March 26, 2021, 8:51pm

Cool. Having the same issue. Also on S1 speakers.
Looking forward to a solution. So far I have disabled encryption in plex which did the trick for me but is hopefully not a long term solution.
Did anybody tried to solve this issue by upgrading to S2. Are there any disadvantages remaining with the S2 software?
Regards
Petr

tarcus69 · April 22, 2021, 3:01pm

I have just completed the update to S2, all my current S2-compatible devices transitioned flawlessly and even remained working with my complicated OpenHab setup (which does things like group speakers and set volumes, controls what’s playing, and mutes/unmutes speakers depending on whether someone is in the room). Plex immediately started working with the S2 speakers as well.

system · July 21, 2021, 3:02pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sonos: incomplete TLS handshake: no shared cipher Plex Media Server sonos	6	165	April 18, 2022
Sonos: incomplete TLS handshake: no shared cipher Plex Media Server sonos	6	143	December 27, 2021
Previously working Sonos streaming suddenly stopped this morning, updates don't fix Streaming Devices server-linux , sonos	6	300	September 13, 2021
Error Streaming to SONOS Streaming Devices sonos	2	263	November 14, 2023
Sonos: “The connection to Plex was lost.” Streaming Devices sonos	1	242	September 13, 2021

Sonos: incomplete TLS handshake: no shared cipher

Related topics