I've got a bit of a question I hope someone can help me with. I have a Lightroom Export plugin that we had developed a year or so ago, and yesterday after disabling TLSv1 on our servers (due to PCI requirements) some of the users of our plugin are no longer able to connect. According to our access logs some people had been connecting with TLSv1, some with TLSv1.1, and others with TLSv1.2. Now we are only seeing TLSv1.1 and TLSv1.2 in our logs, and anyone that was previously connecting with TLSv1 is no longer able to connect at all.
So, my question is: Is there a way we can help these users out? For example, can we force our plugin to always use connect with TLSv1.1 or 1.2 instead of 1.0?
I found this advice for Windows users on another thread:
And for one of our Windows users that did in fact work. However, that seems very cumbersome to have to help every since user in this way. It also doesn't help our Mac users, which are the majority of our users, since they obviously don't have Internet Explorer.
For our Mac users I have had one of them try another suggestion that I saw, which was this:
In case you have Lr Desktop running on a Mac could you try to update the flash player and give it a try again after a restart.
However, that did not help and the could still not connect or login.
Our plugin uses a fairly basic logging-in function, like this:
local url = "https://xxxxxxxxx.com/login.php?"
local params = "user=" .. url_encode(propertyTable.userName) .. "&pwd=" .. url_encode(propertyTable.userPassword)
-- Contact the server to log in and get the login results
local response = LrHttp.get(url .. params)
Any tips or advice on what we can do to help our users who are having TLS troubles?
Thank you, johnrellis. I wasn't aware of that forum, but it does indeed sound like where this should be posted. I will post this question there, and this thread can be closed. Thanks!
I can't say I know the answer, but I can tell you how I solved it. I ditched the LrHttp module and I'm using external curl process to make the requests.
Of course, there are few downsides in that solution too, there's no support for using system configured proxy server and it might require blocking firewall users to add mysterious "curl.exe" to allowed processes.