• Anything ‘published’ on the web is viewed as intellectual property and, regardless of whether it displays a copyright symbol or not, is therefore copyrighted by the originator. The only exception to this is if there is a “free and unrestricted reuse” statement associated with the work.

    In order to protect our members and TFL from possible litigation, all members must abide by the following new rules:

    1. Copying and pasting entire articles from another site to TFL is strictly prohibited. The same applies to articles from print or other media, and to posting photographs taken of copyrighted pages or other media.

    2. Copyright law provides for “fair use” of portions of a copyrighted work. You can copy no more than a SINGLE paragraph from the article to your post (3 or 4 sentences at most).

    3. You must provide a link to the article along with the name of website. For example: ww.xxx.yyy/zzz (The Lower Thumbsuck Daily News).

    4. You must provide, in your own words, a brief summary of the article AND your reasons for believing it will be of interest to TFL members. Failure to do so may result in the thread being closed or your post being deleted as a “cut and paste drive by.”

    5. Photographs and other images are also copyrighted. "Hotlinking" of images (so that it appears in your message) from other sites is also prohibited unless you own rights to the image. If you wish to share an image, provide a clickable link to it.

    Posts that do not follow these new guidelines will be altered or deleted by staff. Members who continue to violate this policy may lose their posting privileges at TFL.

    Thank you for your cooperation and your participation in TFL, the leading online forum for firearms enthusiasts.

TLS handshake failed

F

foolzrushn

New member
I have a 'not so smart' LG TV from which until recently, I was able to access TFL forums. This last week something changed, and now I get a message that the TLS handshake failed. Has there been a change in TLS protocol very recently at TFL? The TV browser seems to work on other forums and everything else as usual, only TFL has changed and gives me the error message.

TV manufacturers are bad about continuing to issue updates for their browsers, so I am probably stuck there. I miss being able to access the forum from bed at all hours when something wakes me. I know, but reading helps me get sleepy again. If I got up to use the computer I would be wide awake.

thx
 
Due to just-released (firefox) and imminent (chrome) requirements that all pages with login forms be served over ssl, TFL is now ssl-only as of about Jan 25.

Most likely, your TV wasn't using SSL before, and now it's forced to. Previously, SSL was available but there was no redirect, which meant that, for most people, there was effectively no SSL. Now there is. For those who had been using SSL, no SSL-related settings or parameters changed, as far as I know.

TFL is reverse-proxied through cloudflare. If your TV isn't compatible with cloudflare's SSL settings, there's an excellent chance that your TV's requirements are broken and/or insecure. I realize that shifting blame doesn't help fix the situation, but the only options are:

- TV manufacturer fixes whatever SSL limitation it has that's breaking things.
- TFL ditches cloudflare and goes back to normal. I'm hesitant to do this on the basis of one report of a (how old?) smart TV failing to deal with cloudflare's well-considered though perhaps slighly aggressive ssl configuration.

I'll add one other thing: if you can get diagnostic information (the REASON the tv was unable to complete the ssl handshake), and take a picture where the info is readable, that wouldn't hurt. However, it's also not very likely to help fix anything; it would probably only help identify what the TV is doing wrong.
 
I guess I'm a little surprised that I'm the only one using a TV to access TFL. My LG is about 3 years old (not exactly sure..47LM6400-UA 47" 3D), and I am not sure what the browser OS is, really.

I would guess that other TVs might have the same problem with the switch to SSL only. It may be that I will lose other websites soon as, or if, they also switch to SSL.

I'm afraid that TV support for firmware is dismal...probably for all brands. I have read that the latest firmware push was to speed up gaming on the TV, but bundled with that is code to collect viewing/surfing information.

The updates had stopped until LG reconsidered an update as a revenue stream. There are some ULA changes associated with it and you can't back out once you start.

Using a TV for the Net is a stretch anyway. You have pinpointed the reason for the change, and I can see the dilemma. Security improvement. Should more complaints generate a change in situation, please let me know.

thanks

"the needs of the many outweigh the needs of the few"--Spock
 
I realize you don't want viewing habits and telemetry data leaked to LG, but refusing to update firmware on an internet-connected TV is probably even worse. And there's at least a chance that it would fix this problem.

Your TV is probably insecure. Your TV's browser is probably even worse. Browsing the web from a TV is begging to have your TV hacked.

Do you have a laptop or tablet with chrome? I think you could then "cast" that browser to a chromecast-enabled TV (or probably amazon fire tv, or roku, too). That's by far a better solution for browsing from a TV. It requires no direct internet connection, which is good because I don't trust TV manufacturers to implement or maintain anything internet-related.

How do you even browse TFL from a TV? Are you just looking at threads without typing anything, or do you have a better input setup than using the remote to direct the cursor over the on-screen keyboard? That seems like it would be extremely aggravating and painful.
 
tyme

It's not that I don't want my viewing sold to someone. I'm just mad because I think LG didn't do this update to improve the processor speed/function for general surfing, but instead for tying up the ULA a little tighter.

Yes surfing is quite aggravating. The RAM in the TV is very limited. Too many pictures and it will crash. It is also very slow. The LGs have a 'magic remote' which is a motion activated rf remote. You need to peck out each letter, and if the text is too long (memory small) it may freeze and not file the post to TFL. The cursor drops off after about 5 seconds of inactivity, and will start to creep even when the remote is not being moved. It's a real task.

Several times I have typed up a post only to not be able to actually post it. However all that said, if it's 3 or 4 in the morning, it's more convenient to use the TV than to get up to use the computer.

I don't think I understand how you would 'cast' (connect the laptop and TV) a browser to the TV. I guess you are speaking of a bluetooth connection. Does that take another black box on the laptop? The TV can search for WIFI connections, but I have not investigated how to cast from the laptop. I use Firefox on my computer.

I share you concerns about security of the TV, but think that the TV may not be sophisticated enough to generally accept code from anyone but LG. I suspect that they have some special encoding when they push updates. Hackers may be more interested in hacking phones. People do a lot of financial things on phones.

I have a ROKU hardwired to the TV. I haven't gone through to LG store for apps. They have a limited selection. Some of the forums say it's a hassle and not very good. They want a credit card and I will not do that, because I might incur charges for things I don't want.

I think the browser may be an earlier version of Safari, but that's just what someone said on a forum. I don't know how I would be able to tell what it is. I would probably need to get into the maintenance menu to find it. Not for the general consumer.

Since I don't consider my TV to be all that old, I am wondering what will happen if all the log on sites go SSL only. Surely I am not the only one using the TV part time. Ebay, Yahoo, other forums, Utube, Craig's List...well TFL is the only log on site that prevents my use so far.
 
I expect any site that uses cloudflare would have the same problem, and that you've been fortunate in not encountering another one yet.

Update the TV's firmware. Hedging that hackers won't be interested in your TV is naive. If you don't like its spying features, don't connect the TV directly to the internet. Since you have a Roku and a laptop, I don't understand why you're using your TV's built-in internet functionality at all. If you disconnect it, which you should, it won't report anything to LG no matter what the EULA says.

Here's what "casting" means (different devices have slightly different ways of going about it):
https://www.cnet.com/how-to/roku-screen-sharing-android-windows/
https://support.google.com/chromecast/answer/3228332?hl=en
 
You must log in or register to reply here.
Back
Top