5 Replies Latest reply on Oct 12, 2016 2:00 PM by Jens Troeger

    Lightroom plugins and the TLS version they connect with

    aellis2305

      I've got a bit of a question I hope someone can help me with.  I have a Lightroom Export plugin that we had developed a year or so ago, and yesterday after disabling TLSv1 on our servers (due to PCI requirements) some of the users of our plugin are no longer able to connect.  According to our access logs some people had previously been connecting with TLSv1, some with TLSv1.1, and others with TLSv1.2.  Now we are seeing only TLSv1.1 and TLSv1.2 in our logs, and anyone that was previously connecting with TLSv1 is no longer able to connect at all.

       

      So, my question is:  Is there a way we can help these users out?  For example, can we force our plugin to always connect with TLSv1.1 or 1.2 instead of 1.0?

       

      I found this advice for Windows users on another thread:

      1. On the Internet Explorer Tools menu, click Internet Options.
      2. In the Internet Options dialog box, click the Advanced tab.
      3. In the Security category, check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2 (if available).
      4. Note It is important to check consecutive versions. Not selecting consecutive versions (e.g. checking TLS 1.0 and 1.2, but not checking 1.1) could result in connection errors.
      5. Click OK

       

      And for our test Windows users that did in fact work.  However, that seems very cumbersome to have to help every single user in this way.  It also doesn't help our Mac users, which are the majority of our users, since they obviously don't have Internet Explorer.

       

      For our Mac users I have had one of them try another suggestion that I saw, which was this:

      In case you have Lr Desktop running on a Mac could you try to update the flash player and give it a try again after a restart.

       

      However, that did not help and they could still not connect or login.

       

      Our plugin uses a fairly basic logging-in function, like this:

      local url = "https://xxxxxxxxx.com/login.php?"

        local params = "user=" .. url_encode(propertyTable.userName) .. "&pwd=" .. url_encode(propertyTable.userPassword)

        -- Contact the server to log in and get the login results

        LrTasks.startAsyncTask(function()

            local response = LrHttp.get(url .. params)

            ...

       

      Any tips or advice on what we can do to help our users who are having TLS troubles?

       

      Thank you!

       

      Message was edited by: Adam Ellis - Cleared up spelling errors.