3 Replies Latest reply on Oct 5, 2016 12:17 PM by jarnoh

    Lightroom plugins and the TLS version they connect with


      I've got a bit of a question I hope someone can help me with.  I have a Lightroom Export plugin that we had developed a year or so ago, and yesterday after disabling TLSv1 on our servers (due to PCI requirements) some of the users of our plugin are no longer able to connect.  According to our access logs some people had been connecting with TLSv1, some with TLSv1.1, and others with TLSv1.2.  Now we are only seeing TLSv1.1 and TLSv1.2 in our logs, and anyone that was previously connecting with TLSv1 is no longer able to connect at all.


      So, my question is:  Is there a way we can help these users out?  For example, can we force our plugin to always use connect with TLSv1.1 or 1.2 instead of 1.0?


      I found this advice for Windows users on another thread:

      1. On the Internet Explorer Tools menu, click Internet Options.
      2. In the Internet Options dialog box, click the Advanced tab.
      3. In the Security category, check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2 (if available).
      4. Note It is important to check consecutive versions. Not selecting consecutive versions (e.g. checking TLS 1.0 and 1.2, but not checking 1.1) could result in connection errors.
      5. Click OK


      And for one of our Windows users that did in fact work.  However, that seems very cumbersome to have to help every since user in this way.  It also doesn't help our Mac users, which are the majority of our users, since they obviously don't have Internet Explorer.


      For our Mac users I have had one of them try another suggestion that I saw, which was this:

      In case you have Lr Desktop running on a Mac could you try to update the flash player and give it a try again after a restart.


      However, that did not help and the could still not connect or login.


      Our plugin uses a fairly basic logging-in function, like this:

      local url = "https://xxxxxxxxx.com/login.php?"

        local params = "user=" .. url_encode(propertyTable.userName) .. "&pwd=" .. url_encode(propertyTable.userPassword)

        -- Contact the server to log in and get the login results


            local response = LrHttp.get(url .. params)



      Any tips or advice on what we can do to help our users who are having TLS troubles?


      Thank you!