Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
RokuKevin
Visitor
‎11-05-2014 11:02 AM

Firmware v6.1 drops SSLv3 support

Please note that our upcoming firmware v6.1 release will no longer support SSL Protocol version 3. This change is in
response to a recent security vulnerability, CVE-2014-3566 (http://web.nvd.nist.gov/view/vuln/detai ... -2014-3566).
As of this release Roku firmware will only support TLS Protocol version 1, version 1.1 and version 1.2. This change should not
have an impact on Channel applications that use HTTP over TLS (sometimes referred to as HTTPS) to securely communicate
with service endpoints.

We recommend that our Channel Partners follow the advice given in the US-CERT Alert TA14-290A
(https://www.us-cert.gov/ncas/alerts/TA14-290A) and disable the use of SSL Protocol version 3 in their services.

--Kevin
0 Kudos
Reply
3 REPLIES 3
krh5150
Visitor
‎11-05-2014 06:24 PM

Re: Firmware v6.1 drops SSLv3 support

When will 6.1 be available for download and will it work with the Roku2?
0 Kudos
Reply
Komag
Roku Guru
‎11-06-2014 10:23 AM

Re: Firmware v6.1 drops SSLv3 support

Does that affect stuff like this:?
myaudio1 = CreateObject("roUrlTransfer")
myaudio1.SetPort(port)
myaudio1.SetCertificatesFile("common:/certs/ca-bundle.crt")
myaudio1.AddHeader("X-Roku-Reserved-Dev-Id", "")
myaudio1.InitClientCertificates()
myaudio1.SetUrl("https://dl.dropboxusercontent.com/u.......mp3")
myaudio1.GetToFile("tmp:/Co.....mp3")
0 Kudos
Reply
TheEndless
Channel Surfer
‎11-06-2014 08:52 PM

Re: Firmware v6.1 drops SSLv3 support

"Komag" wrote:
Does that affect stuff like this:?
myaudio1 = CreateObject("roUrlTransfer")
myaudio1.SetPort(port)
myaudio1.SetCertificatesFile("common:/certs/ca-bundle.crt")
myaudio1.AddHeader("X-Roku-Reserved-Dev-Id", "")
myaudio1.InitClientCertificates()
myaudio1.SetUrl("https://dl.dropboxusercontent.com/u.......mp3")
myaudio1.GetToFile("tmp:/Co.....mp3")

Only if dropboxusercontent.com doesn't support TLS, which is unlikely.
My Channels: http://roku.permanence.com - Twitter: @TheEndlessDev
Instant Watch Browser (NetflixIWB), Aquarium Screensaver (AQUARIUM), Clever Clocks Screensaver (CLEVERCLOCKS), iTunes Podcasts (ITPC), My Channels (MYCHANNELS)
0 Kudos
Reply
Need Assistance?
Welcome to the Roku Community! Feel free to search our Community for answers or post your question to get help.

Become a Roku Streaming Expert!

Share your expertise, help fellow streamers, and unlock exclusive rewards as part of the Roku Community. Learn more.
Top