Forum Discussion

joetesta's avatar
joetesta
Roku Guru
10 years ago

roTextureRequest to Cloudfront https not working

Greetings,

I'm looking for confirmation that roTextureRequest is using TLS1.0.

When trying to get images from AWS CloudFront over https, I'm seeing "handshakefailed" with roTextureRequest.
I used roUrlTransfer and it gets the same images with no error. So I suspect roTextureRequest is subject to the same issue as described here:
viewtopic.php?f=34&t=85897&p=487233&hilit=tls+https

It seems the options I have are:
1) use non-secure http:// for images from Cloudfront
2) find a CDN that allows TLS1.0
3) revise the app to use roUrlTransfer and store the images in tmp for use by TextureManager

Is there anything else I'm missing?
tyvmia,
Joe
Roku Developer Program

10 Replies

  • TheEndless's avatar
    TheEndless
    Channel Surfer
    10 years ago
    I assume you are, but you don't mention it, so it's worth asking if you're setting the certificates file on your roTextureRequest...?
    request = CreateObject("roTextureRequest", "https://.....")
    request.SetCertificatesFile("common:/certs/ca-bundle.crt")
  • joetesta's avatar
    joetesta
    Roku Guru
    10 years ago
    Hi TheEndless -
    Thanks for your reply - yes the certificates are being set. roTextureRequest gets images over https from our origin, just not from Cloudfront. My guess is that the origin allows TLS1.0, but I'm trying to verify and figure out the best solution.
    Thanks!
    Joe
  • NewManLiving's avatar
    NewManLiving
    Visitor
    10 years ago
    anything uploaded to your AWS does not immediately get referenced in the cloud front
    So if you are recently updating your AWS bucket then give it some time before you try to access it via cloud front
  • joetesta's avatar
    joetesta
    Roku Guru
    10 years ago
    Thanks NewManLiving -

    I'm confirming the images are there in the browser using the same URL I'm getting from the channel debug output. In the app they fail with the "handshakefailed" error.
    I now have the channel using roUrlTransfer to store the images in tmp:/ then pulling them up with TextureManager, but it seems to be slower this way. Testing on some other roku models to confirm.

    But basically this tells me that, "yes roTextureManager is using the outdated TLS1.0 and won't get anything over https from modern CDN's that enforce security by requiring TLS1.2"

    Now we are faced with using this slower method or switching to http:// or a less secure CDN that uses TLS1.0.
    Or hope for a new roku firmware release tomorrow that resolves the TLS issues 😄
  • joetesta's avatar
    joetesta
    Roku Guru
    10 years ago
    Update - Looks like it works correctly on Roku 4 / firmware 7.X - the same channel on that device is getting the images from Cloudfront.
    But not on Roku 3 or less.
  • joetesta's avatar
    joetesta
    Roku Guru
    10 years ago
    my boss received some sort of advanced demo model a few weeks ago, I haven't used it much other than limited testing. The model we have isn't in the production case, but it's thinner and has a larger physical footprint (about 5" x 5") compared to older models and gets nice and warm while running.

    Happy the TLS works with modern servers, but concerned that means older Rokus might never work with TLS > 1.0

    Is there something you'd want me to test on it?
  • RokuJoel's avatar
    RokuJoel
    Binge Watcher
    10 years ago
    Fixes that work on the Roku 4 are likely to eventually make it to all non-legacy devices.

    - Joel
  • bosborne's avatar
    bosborne
    Visitor
    10 years ago
    Joel - any chance you can dig into this issue a bit more w/ engineering and see if / when a fix for this would be pushed to the older devices? Having some components only support TLS 1.0 is pretty rough to deal with.