Radio Paradise Comments
- islander - Mar 28, 2024 - 7:00am
Trump
- islander - Mar 28, 2024 - 6:59am
NYTimes Connections
- islander - Mar 28, 2024 - 6:55am
Wordle - daily game
- islander - Mar 28, 2024 - 6:47am
Breaking News
- black321 - Mar 28, 2024 - 6:25am
Outstanding Covers
- thisbody - Mar 28, 2024 - 5:51am
NY Times Strands
- Proclivities - Mar 28, 2024 - 5:34am
Today in History
- DaveInSaoMiguel - Mar 28, 2024 - 4:28am
Ukraine
- NoEnzLefttoSplit - Mar 28, 2024 - 2:36am
The Obituary Page
- ScottFromWyoming - Mar 27, 2024 - 10:58pm
March 2024 Photo Theme - Many
- KurtfromLaQuinta - Mar 27, 2024 - 8:52pm
USA! USA! USA!
- R_P - Mar 27, 2024 - 7:40pm
Little known information...maybe even facts
- haresfur - Mar 27, 2024 - 6:21pm
Live Music
- oldviolin - Mar 27, 2024 - 5:08pm
RightWingNutZ
- R_P - Mar 27, 2024 - 3:48pm
Lyrics that strike a chord today...
- miamizsun - Mar 27, 2024 - 2:44pm
Please Don't Post Here
- Red_Dragon - Mar 27, 2024 - 11:02am
Motivational Office Cliches...
- NoEnzLefttoSplit - Mar 26, 2024 - 10:20pm
(Big) Media Watch
- Red_Dragon - Mar 26, 2024 - 6:18pm
YouTube: Music-Videos
- miamizsun - Mar 26, 2024 - 4:10pm
Israel
- R_P - Mar 26, 2024 - 12:24pm
Photos you have taken of your walks or hikes.
- Steely_D - Mar 26, 2024 - 12:04pm
Business as Usual
- black321 - Mar 26, 2024 - 12:02pm
Solar / Wind / Geothermal / Efficiency Energy
- islander - Mar 26, 2024 - 8:00am
Is there any DOG news out there?
- Beez - Mar 26, 2024 - 7:24am
Food
- Steely_D - Mar 26, 2024 - 1:41am
• • • The Once-a-Day • • •
- Red_Dragon - Mar 25, 2024 - 7:30pm
Vinyl Only Spin List
- kurtster - Mar 25, 2024 - 6:56pm
Derplahoma!
- Red_Dragon - Mar 25, 2024 - 3:48pm
Frequent drop outs (The Netherlands)
- kingen - Mar 25, 2024 - 2:43pm
China
- R_P - Mar 25, 2024 - 11:59am
Musky Mythology
- R_P - Mar 25, 2024 - 11:20am
Play history seems to indicate that I"m streaming 24/7, b...
- jarro - Mar 25, 2024 - 10:44am
April 8th Partial Solar Eclipse
- Coaxial - Mar 24, 2024 - 6:22pm
New Music
- KurtfromLaQuinta - Mar 24, 2024 - 5:07pm
Dental Floss Tycoons, and other Montana Myths, Facts, and...
- Red_Dragon - Mar 24, 2024 - 12:32pm
Orbiting Earth
- oldviolin - Mar 24, 2024 - 9:42am
Basketball
- oldviolin - Mar 23, 2024 - 2:50pm
What Makes You Laugh?
- ScottFromWyoming - Mar 23, 2024 - 1:54pm
Joe Biden
- kurtster - Mar 23, 2024 - 11:17am
Technical Streaming Note for Nerdy RP DIYers
- sjagminas1 - Mar 23, 2024 - 10:16am
Museum Of Bad Album Covers
- Proclivities - Mar 23, 2024 - 8:56am
Other Medical Stuff
- Antigone - Mar 22, 2024 - 3:06pm
Country Up The Bumpkin
- oldviolin - Mar 22, 2024 - 11:06am
Pernicious Pious Proclivities Particularized Prodigiously
- Red_Dragon - Mar 22, 2024 - 9:17am
Memorials - Remembering Our Loved Ones
- Bill_J - Mar 21, 2024 - 8:54pm
Talk Behind Their Backs Forum
- VV - Mar 21, 2024 - 2:29pm
Can you afford to retire?
- DaveInSaoMiguel - Mar 21, 2024 - 2:15pm
Bug Reports & Feature Requests
- blt - Mar 21, 2024 - 12:49pm
Mixtape Culture Club
- KurtfromLaQuinta - Mar 21, 2024 - 11:10am
Baseball, anyone?
- ScottFromWyoming - Mar 21, 2024 - 7:11am
What Did You See Today?
- KurtfromLaQuinta - Mar 20, 2024 - 5:13pm
Annoying stuff. not things that piss you off, just annoyi...
- ScottFromWyoming - Mar 20, 2024 - 4:31pm
Upcoming concerts or shows you can't wait to see
- Antigone - Mar 20, 2024 - 3:10pm
Russia
- NoEnzLefttoSplit - Mar 20, 2024 - 11:44am
Photography Forum - Your Own Photos
- Proclivities - Mar 20, 2024 - 9:33am
2024 Elections!
- Lazy8 - Mar 20, 2024 - 7:26am
Economix
- R_P - Mar 19, 2024 - 4:36pm
Name My Band
- DaveInSaoMiguel - Mar 19, 2024 - 10:53am
RP automation with iOS Shortcuts App
- jarro - Mar 19, 2024 - 10:15am
Delicacies: a..k.a.. the Gross Food forum
- DaveInSaoMiguel - Mar 19, 2024 - 10:12am
Irony 101
- Proclivities - Mar 19, 2024 - 6:02am
New Forum Member on "What Makes RP Great"
- miamizsun - Mar 19, 2024 - 4:38am
Cache stopped working on old Android Phone
- Eisenwindel - Mar 19, 2024 - 1:50am
Cryptic Posts - Leave Them Guessing
- Bill_J - Mar 18, 2024 - 8:23pm
Damn Dinosaurs!
- oldviolin - Mar 18, 2024 - 8:16pm
One Partying State - Wyoming News
- geoff_morphini - Mar 18, 2024 - 3:58pm
Great guitar faces
- skyguy - Mar 18, 2024 - 3:33pm
Despots, dictators and war criminals
- R_P - Mar 18, 2024 - 12:41pm
Uploading Music
- dischuckin - Mar 18, 2024 - 11:55am
Media Matters
- thisbody - Mar 18, 2024 - 10:03am
NASA & other news from space
- miamizsun - Mar 18, 2024 - 4:13am
MEALTICKET
- drinpt - Mar 17, 2024 - 4:13am
What makes you smile?
- Steely_D - Mar 16, 2024 - 7:31pm
Apple Computer
- GeneP59 - Mar 16, 2024 - 12:02pm
|
Index »
Internet/Computer »
Streaming/Media »
Sonos not working for http://stream.radioparadise.com/mellow-128
|
|
jarro
Location: #guad Gender:
|
Posted:
Oct 4, 2021 - 3:50am |
|
pbflyingdutchman wrote:Hello Jarro, Shall we continue this conversation via e-mail?
tech-support@radioparadise.com
|
|
jarro
Location: #guad Gender:
|
Posted:
Oct 4, 2021 - 3:32am |
|
pbflyingdutchman wrote:Here are the certs for a radiostation that still works; Certificates (4671 bytes)
Certificate: (id-at-commonName=omroep.nl)
Certificate: (id-at-commonName=Sectigo RSA Domain Validation Secure Server CA,id-at-organizationName=Sectigo Limited,id-at-localityName=Salford,id-at-stateOrProvin Certificate: (id-at-commonName=USERTrust RSA Certification Authority,id-at-organizationName=The USERTRUST Network,id-at-localityName=Jersey City,id-at-stateOrProvi We'd like to avoid switching if we can. For your hardware, we should be able to bypass the issue. But we'll have to see what other devices are affected.
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Oct 4, 2021 - 2:30am |
|
jarro wrote:
Here are the certs for a radiostation that still works;
Certificates (4671 bytes)
Certificate: (id-at-commonName=omroep.nl)
Certificate: (id-at-commonName=Sectigo RSA Domain Validation Secure Server CA,id-at-organizationName=Sectigo Limited,id-at-localityName=Salford,id-at-stateOrProvin
Certificate: (id-at-commonName=USERTrust RSA Certification Authority,id-at-organizationName=The USERTRUST Network,id-at-localityName=Jersey City,id-at-stateOrProvi
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Oct 4, 2021 - 2:27am |
|
jarro wrote:
Hello Jarro,
Shall we continue this conversation via e-mail?
|
|
jarro
Location: #guad Gender:
|
Posted:
Oct 3, 2021 - 1:42am |
|
pbflyingdutchman wrote:
I have a setup with old version of firmware to be able to use my CR100. Any firmware update would brick those. Issue is also applicable for users of old mobile phones who would use radio paradise app on those.
This is the site we use to check for cert issues. We have a pretty loose config so it can work all the way back to Android 2. https://www.ssllabs.com/ssltes...I see what you mean about cr100 being locked out of updates. Looks like they dropped support in 2018. https://en.community.sonos.com...In theory things should still work fine if it wasn't trying to upgrade the http connection to https. So this may work. http://stream-tx1.radioparadis...
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Oct 3, 2021 - 12:16am |
|
jarro wrote:
It seems likely. But I'll need to poke around the forums to see what is up. ( They did say s1 devices will still get security updates and bug fixes )
I have a setup with old version of firmware to be able to use my CR100. Any firmware update would brick those. Issue is also applicable for users of old mobile phones who would use radio paradise app on those.
|
|
jarro
Location: #guad Gender:
|
Posted:
Oct 2, 2021 - 8:02pm |
|
pbflyingdutchman wrote:Does this document explain the root problem? Old sonos devices falling under the category of devices that that donât trust ISRG Root X1 certificates? See the following paragraph in that doc: What should you do? For most people, nothing at all! Weâve set up our certificate issuance so your web site will do the right thing in most cases, favoring broad compatibility. If you provide an API or have to support IoT devices, youâll need to make sure of two things: (1) all clients of your API must trust ISRG Root X1 (not just DST Root CA X3), and (2) if clients of your API are using OpenSSL, they must use version 1.1.0 or later. In OpenSSL 1.0.x, a quirk in certificate verification means that even clients that trust ISRG Root X1 will fail when presented with the Android-compatible certificate chain we are recommending by default. It seems likely. But I'll need to poke around the forums to see what is up. ( They did say s1 devices will still get security updates and bug fixes )
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Oct 2, 2021 - 9:52am |
|
pbflyingdutchman wrote:
I found the following document on sonos website with regards to cert requirements. Is it possible that the cert send by radioparadise has changed to a newer cert that is not known toolder generation sonos devices ? https://developer.sonos.com/bu...
Does this document explain the root problem? Old sonos devices falling under the category of devices that that donât trust ISRG Root X1 certificates?
See the following paragraph in that doc:
What should you do? For most people, nothing at all! Weâve set up our certificate issuance so your web site will do the right thing in most cases, favoring broad compatibility. If you provide an API or have to support IoT devices, youâll need to make sure of two things: (1) all clients of your API must trust ISRG Root X1 (not just DST Root CA X3), and (2) if clients of your API are using OpenSSL, they must use version 1.1.0 or later. In OpenSSL 1.0.x, a quirk in certificate verification means that even clients that trust ISRG Root X1 will fail when presented with the Android-compatible certificate chain we are recommending by default.
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Oct 2, 2021 - 9:28am |
|
jarro wrote:
I'm testing on a Sonos One running s2. This might be something specific to s1 devices and letsencrypt.
But the http stream manually added to TuneIn should avoid the issue.
Could try mellow-192 that is encoded with mp3 since the AAC one was throwing errors.
I'd be curious if that also fails.
I found the following document on sonos website with regards to cert requirements. Is it possible that the cert send by radioparadise has changed to a newer cert that is not known toolder generation sonos devices ? https://developer.sonos.com/bu...
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Oct 2, 2021 - 8:45am |
|
jarro wrote:
I'm testing on a Sonos One running s2. This might be something specific to s1 devices and letsencrypt.
But the http stream manually added to TuneIn should avoid the issue.
Could try mellow-192 that is encoded with mp3 since the AAC one was throwing errors.
I'd be curious if that also fails.
I've tried the 192 stream too, same problem. It definitely is the CERT certificate that is causing the issue. The CERT certification process is handled on TCP level far before the actual music stream is opened/requested. It could well be something to do with older Sonos devices. I only have older sonos devices here.
Should a cert certificate never have a date/time that is newer that the current time?
|
|
jarro
Location: #guad Gender:
|
Posted:
Oct 2, 2021 - 6:36am |
|
pbflyingdutchman wrote:
Digging a bit further into the wireshark dump, revealed that sonos is issuing a cert certificate to the server ( radioparadise) with a very old date, 'GMT Unix Time: Jul 20, 2000 23:46:14.000000000 BST'. The radioparadise server is issuing certificates with a date far in the future, "GMT Unix Time: May 5, 2068 03:11:39.000000000 BST' The sonos sends a message back, Certificate expired (alert 45) . This seems to indicate to me that the sonos is not happy with a certificate date 'newer' that the current date.
I've also used VLC and captured the same situation, VLC seems to be happy accepting the radioparadise certificate.
I'm testing on a Sonos One running s2. This might be something specific to s1 devices and letsencrypt. But the http stream manually added to TuneIn should avoid the issue. Could try mellow-192 that is encoded with mp3 since the AAC one was throwing errors. I'd be curious if that also fails.
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Oct 2, 2021 - 5:12am |
|
jarro wrote:
The certificate on that domain is valid. You might be getting a cached version, the current one is only 30 days old. Shift refresh will usually clear that up in a browser.
But that has nothing to do with the streams added to TuneIn. If you are using http there won't be any certificates involved. If you are using https then it's possible you are getting stale certificates and that might break the stream. a
Nothing has changed recently so not sure what you are running into. Definitely odd.
Digging a bit further into the wireshark dump, revealed that sonos is issuing a cert certificate to the server ( radioparadise) with a very old date, 'GMT Unix Time: Jul 20, 2000 23:46:14.000000000 BST'.
The radioparadise server is issuing certificates with a date far in the future, "GMT Unix Time: May 5, 2068 03:11:39.000000000 BST'
The sonos sends a message back, Certificate expired (alert 45) . This seems to indicate to me that the sonos is not happy with a certificate date 'newer' that the current date.
I've also used VLC and captured the same situation, VLC seems to be happy accepting the radioparadise certificate.
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Oct 2, 2021 - 3:05am |
|
jarro wrote:
The certificate on that domain is valid. You might be getting a cached version, the current one is only 30 days old. Shift refresh will usually clear that up in a browser.
But that has nothing to do with the streams added to TuneIn. If you are using http there won't be any certificates involved. If you are using https then it's possible you are getting stale certificates and that might break the stream. a
Nothing has changed recently so not sure what you are running into. Definitely odd.
Hello Jarro
There definitely is something wrong related to cert certificates. See https://letsencrypt.org/docs/d...
My problems started on 01/10/2021, same day as the old certificates, mentioned in the above article, expired
Not sure yet if the problem is at the sonos side or radio paradise servers. I managed to capture a network trace of traffic between the sonos and audio-2.radioparadise.com server. My guess based in the trace is that radio paradise server is still issuing an old cert.
Here is the bit where the radio paradise server is contacted by my sonos and the sonos rejecting the cert certificate. For comparison I also used a stream from a radio station that works, no problems there with certs.
1750 10:30:30.851478 192.168.0.11 148.252.41.5 TCP 74 443 Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSval=13170445 TSecr=0 WS=1
1772 10:30:30.868572 148.252.41.5 192.168.0.11 TCP 74 33729 Seq=0 Ack=1 Win=28960 Len=0 MSS=1452 SACK_PERM=1 TSval=4211643913
TSecr=13170445 WS=128
33729 â 443 â
33729 â
Client
443 â
1773 10:30:30.868826 192.168.0.11 148.252.41.5
443 Seq=1 Ack=1 Win=5840 Len=0 TSval=13170446 TSecr=4211643913
1776 10:30:30.871026 192.168.0.11 148.252.41.5
Hello
TCP 66
TLSv1.2 205
TCP 66
1791 10:30:30.888365 148.252.41.5 192.168.0.11
33729 Seq=1 Ack=140 Win=30080 Len=0 TSval=4211643932 TSecr=13170447
1792 10:30:30.889434 148.252.41.5 192.168.0.11 TLSv1.2 1506 Server
Hello
1793 10:30:30.889702 192.168.0.11 148.252.41.5 TCP 66 33729 â
443 Seq=140 Ack=1441 Win=8640 Len=0 TSval=13170449 TSecr=4211643933
1794 10:30:30.890106 148.252.41.5 192.168.0.11 TCP 1506 443 â
33729 Seq=1441 Ack=140 Win=30080 Len=1440 TSval=4211643933 TSecr=13170447
1795 10:30:30.890448 192.168.0.11 148.252.41.5 TCP 66 33729 â
443 Seq=140 Ack=2881 Win=11520 Len=0 TSval=13170449 TSecr=4211643933
1796 10:30:30.890577 148.252.41.5 192.168.0.11 TCP 1282 443 â
33729 Seq=2881 Ack=140 Win=30080 Len=1216 TSval=4211643933 TSecr=13170447
1797 10:30:30.890579 148.252.41.5 192.168.0.11 TLSv1.2 475
Certificate, Server Key Exchange, Server Hello Done
1798 10:30:30.890881 192.168.0.11 148.252.41.5 TCP 66 33729 â
443 Seq=140 Ack=4097 Win=14400 Len=0 TSval=13170449 TSecr=4211643933
1799 10:30:30.890938 192.168.0.11 148.252.41.5 TCP 66 33729 â
443 Seq=140 Ack=4506 Win=14400 Len=0 TSval=13170449 TSecr=4211643934
1835 10:30:30.996679 192.168.0.11 148.252.41.5 TLSv1.2 73 Alert
(Level: Fatal, Description: Certificate Expired)
1845 10:30:31.001767 192.168.0.11 148.252.41.5 TCP 66 33729 â
443 Seq=147 Ack=4506 Win=14400 Len=0 TSval=13170460 TSecr=4211643934
|
|
jarro
Location: #guad Gender:
|
Posted:
Oct 1, 2021 - 6:11am |
|
pbflyingdutchman wrote:This is getting technical: Analysing the network traffic to radio paradise ( api.radioparadise.com ) I see TLS certificate error messages: TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Expired) Might this have anything to do with the problems Im experiencing? The certificate on that domain is valid. You might be getting a cached version, the current one is only 30 days old. Shift refresh will usually clear that up in a browser. But that has nothing to do with the streams added to TuneIn. If you are using http there won't be any certificates involved. If you are using https then it's possible you are getting stale certificates and that might break the stream. a Nothing has changed recently so not sure what you are running into. Definitely odd.
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Oct 1, 2021 - 5:28am |
|
pbflyingdutchman wrote:
Since this afternoon (UK time) my sonos does not play any of the aac streams anymore (http://stream.radioparadise.com/mellow-128). Has there been a change in the format of the stream?
Error message: File is in an unsupported format
As tunein is still not an option in UK, creating a station with the above stream address was the only way to listen on the sonos to radio paradise in the UK . Are there any alternatives?
Using the same stream address using VLC on my laptop works fine.
This is getting technical:
Analysing the network traffic to radio paradise ( api.radioparadise.com ) I see TLS certificate error messages:
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Expired)
Might this have anything to do with the problems Im experiencing?
|
|
jarro
Location: #guad Gender:
|
Posted:
Sep 30, 2021 - 6:16pm |
|
pbflyingdutchman wrote:Since this afternoon (UK time) my sonos does not play any of the aac streams anymore (http://stream.radioparadise.com/mellow-128). Has there been a change in the format of the stream?
Error message: File is in an unsupported format As tunein is still not an option in UK, creating a station with the above stream address was the only way to listen on the sonos to radio paradise in the UK . Are there any alternatives?
Using the same stream address using VLC on my laptop works fine.
I can't reproduce that. (perhaps reboot) But there are a few different ways to listen on Sonos. Not sure what the status of all of them are in the UK though. 1. We have a native music service on Sonos now, that should be the best way since it doesn't rely on the streams. ( Add music service and look for Radio Paradise ) 2. We are listed in the Sonos Radio service can search for us there. 3. And of course listed in TuneIn (except in the UK), and can be added to that service manually for better control over the bitrate. ( full list here https://radioparadise.com/list... )
|
|
pbflyingdutchman
Location: Edinburgh
|
Posted:
Sep 30, 2021 - 11:36am |
|
Since this afternoon (UK time) my sonos does not play any of the aac streams anymore ( http://stream.radioparadise.com/mellow-128). Has there been a change in the format of the stream?
Error message: File is in an unsupported format
As tunein is still not an option in UK, creating a station with the above stream address was the only way to listen on the sonos to radio paradise in the UK . Are there any alternatives?
Using the same stream address using VLC on my laptop works fine.
|
|
|