[ ]   [ ]   [ ]                        [ ]      [ ]   [ ]

Radio Paradise Comments - islander - Mar 28, 2024 - 7:00am
 
Trump - islander - Mar 28, 2024 - 6:59am
 
NYTimes Connections - islander - Mar 28, 2024 - 6:55am
 
Wordle - daily game - islander - Mar 28, 2024 - 6:47am
 
Breaking News - black321 - Mar 28, 2024 - 6:25am
 
Outstanding Covers - thisbody - Mar 28, 2024 - 5:51am
 
NY Times Strands - Proclivities - Mar 28, 2024 - 5:34am
 
Today in History - DaveInSaoMiguel - Mar 28, 2024 - 4:28am
 
Ukraine - NoEnzLefttoSplit - Mar 28, 2024 - 2:36am
 
The Obituary Page - ScottFromWyoming - Mar 27, 2024 - 10:58pm
 
March 2024 Photo Theme - Many - KurtfromLaQuinta - Mar 27, 2024 - 8:52pm
 
USA! USA! USA! - R_P - Mar 27, 2024 - 7:40pm
 
Little known information...maybe even facts - haresfur - Mar 27, 2024 - 6:21pm
 
Live Music - oldviolin - Mar 27, 2024 - 5:08pm
 
RightWingNutZ - R_P - Mar 27, 2024 - 3:48pm
 
Lyrics that strike a chord today... - miamizsun - Mar 27, 2024 - 2:44pm
 
Please Don't Post Here - Red_Dragon - Mar 27, 2024 - 11:02am
 
Motivational Office Cliches... - NoEnzLefttoSplit - Mar 26, 2024 - 10:20pm
 
(Big) Media Watch - Red_Dragon - Mar 26, 2024 - 6:18pm
 
YouTube: Music-Videos - miamizsun - Mar 26, 2024 - 4:10pm
 
Israel - R_P - Mar 26, 2024 - 12:24pm
 
Photos you have taken of your walks or hikes. - Steely_D - Mar 26, 2024 - 12:04pm
 
Business as Usual - black321 - Mar 26, 2024 - 12:02pm
 
Solar / Wind / Geothermal / Efficiency Energy - islander - Mar 26, 2024 - 8:00am
 
Is there any DOG news out there? - Beez - Mar 26, 2024 - 7:24am
 
Food - Steely_D - Mar 26, 2024 - 1:41am
 
• • • The Once-a-Day • • •  - Red_Dragon - Mar 25, 2024 - 7:30pm
 
Vinyl Only Spin List - kurtster - Mar 25, 2024 - 6:56pm
 
Derplahoma! - Red_Dragon - Mar 25, 2024 - 3:48pm
 
Frequent drop outs (The Netherlands) - kingen - Mar 25, 2024 - 2:43pm
 
China - R_P - Mar 25, 2024 - 11:59am
 
Musky Mythology - R_P - Mar 25, 2024 - 11:20am
 
Play history seems to indicate that I"m streaming 24/7, b... - jarro - Mar 25, 2024 - 10:44am
 
April 8th Partial Solar Eclipse - Coaxial - Mar 24, 2024 - 6:22pm
 
New Music - KurtfromLaQuinta - Mar 24, 2024 - 5:07pm
 
Dental Floss Tycoons, and other Montana Myths, Facts, and... - Red_Dragon - Mar 24, 2024 - 12:32pm
 
Orbiting Earth - oldviolin - Mar 24, 2024 - 9:42am
 
Basketball - oldviolin - Mar 23, 2024 - 2:50pm
 
What Makes You Laugh? - ScottFromWyoming - Mar 23, 2024 - 1:54pm
 
Joe Biden - kurtster - Mar 23, 2024 - 11:17am
 
Technical Streaming Note for Nerdy RP DIYers - sjagminas1 - Mar 23, 2024 - 10:16am
 
Museum Of Bad Album Covers - Proclivities - Mar 23, 2024 - 8:56am
 
Other Medical Stuff - Antigone - Mar 22, 2024 - 3:06pm
 
Country Up The Bumpkin - oldviolin - Mar 22, 2024 - 11:06am
 
Pernicious Pious Proclivities Particularized Prodigiously - Red_Dragon - Mar 22, 2024 - 9:17am
 
Memorials - Remembering Our Loved Ones - Bill_J - Mar 21, 2024 - 8:54pm
 
Talk Behind Their Backs Forum - VV - Mar 21, 2024 - 2:29pm
 
Can you afford to retire? - DaveInSaoMiguel - Mar 21, 2024 - 2:15pm
 
Bug Reports & Feature Requests - blt - Mar 21, 2024 - 12:49pm
 
Mixtape Culture Club - KurtfromLaQuinta - Mar 21, 2024 - 11:10am
 
Baseball, anyone? - ScottFromWyoming - Mar 21, 2024 - 7:11am
 
What Did You See Today? - KurtfromLaQuinta - Mar 20, 2024 - 5:13pm
 
Annoying stuff. not things that piss you off, just annoyi... - ScottFromWyoming - Mar 20, 2024 - 4:31pm
 
Upcoming concerts or shows you can't wait to see - Antigone - Mar 20, 2024 - 3:10pm
 
Russia - NoEnzLefttoSplit - Mar 20, 2024 - 11:44am
 
Photography Forum - Your Own Photos - Proclivities - Mar 20, 2024 - 9:33am
 
2024 Elections! - Lazy8 - Mar 20, 2024 - 7:26am
 
Economix - R_P - Mar 19, 2024 - 4:36pm
 
Name My Band - DaveInSaoMiguel - Mar 19, 2024 - 10:53am
 
RP automation with iOS Shortcuts App - jarro - Mar 19, 2024 - 10:15am
 
Delicacies: a..k.a.. the Gross Food forum - DaveInSaoMiguel - Mar 19, 2024 - 10:12am
 
Irony 101 - Proclivities - Mar 19, 2024 - 6:02am
 
New Forum Member on "What Makes RP Great" - miamizsun - Mar 19, 2024 - 4:38am
 
Cache stopped working on old Android Phone - Eisenwindel - Mar 19, 2024 - 1:50am
 
Cryptic Posts - Leave Them Guessing - Bill_J - Mar 18, 2024 - 8:23pm
 
Damn Dinosaurs! - oldviolin - Mar 18, 2024 - 8:16pm
 
One Partying State - Wyoming News - geoff_morphini - Mar 18, 2024 - 3:58pm
 
Great guitar faces - skyguy - Mar 18, 2024 - 3:33pm
 
Despots, dictators and war criminals - R_P - Mar 18, 2024 - 12:41pm
 
Uploading Music - dischuckin - Mar 18, 2024 - 11:55am
 
Media Matters - thisbody - Mar 18, 2024 - 10:03am
 
NASA & other news from space - miamizsun - Mar 18, 2024 - 4:13am
 
MEALTICKET - drinpt - Mar 17, 2024 - 4:13am
 
What makes you smile? - Steely_D - Mar 16, 2024 - 7:31pm
 
Apple Computer - GeneP59 - Mar 16, 2024 - 12:02pm
 
Index » Internet/Computer » Streaming/Media » Sonos not working for http://stream.radioparadise.com/mellow-128
Post to this Topic
jarro

jarro Avatar

Location: #guad
Gender: Male


Posted: Oct 4, 2021 - 3:50am

 pbflyingdutchman wrote:
Hello Jarro,
Shall we continue this conversation via e-mail? 



 tech-support@radioparadise.com
jarro

jarro Avatar

Location: #guad
Gender: Male


Posted: Oct 4, 2021 - 3:32am

 pbflyingdutchman wrote:


Here are the certs for a radiostation that still works;

Certificates (4671 bytes)

Certificate:  (id-at-commonName=omroep.nl)

Certificate:  (id-at-commonName=Sectigo RSA Domain Validation Secure Server CA,id-at-organizationName=Sectigo Limited,id-at-localityName=Salford,id-at-stateOrProvin


Certificate: (id-at-commonName=USERTrust RSA Certification Authority,id-at-organizationName=The USERTRUST Network,id-at-localityName=Jersey City,id-at-stateOrProvi




We'd like to avoid switching if we can. 
For your hardware,  we should be able to bypass the issue.  
But we'll have to see what other devices are affected.





pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Oct 4, 2021 - 2:30am

 jarro wrote:

This is the site we use to check for cert issues.  
We have a pretty loose config so it can work all the way back to Android 2.
https://www.ssllabs.com/ssltes...

I see what you mean about cr100 being locked out of updates.   Looks like they dropped support in 2018.  
https://en.community.sonos.com...
In theory things should still work fine if it wasn't trying to upgrade the http connection to https.

So this may work.   
http://stream-tx1.radioparadis...





Here are the certs for a radiostation that still works;

Certificates (4671 bytes)

Certificate:  (id-at-commonName=omroep.nl)

Certificate:  (id-at-commonName=Sectigo RSA Domain Validation Secure Server CA,id-at-organizationName=Sectigo Limited,id-at-localityName=Salford,id-at-stateOrProvin


Certificate: (id-at-commonName=USERTrust RSA Certification Authority,id-at-organizationName=The USERTRUST Network,id-at-localityName=Jersey City,id-at-stateOrProvi



pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Oct 4, 2021 - 2:27am

 jarro wrote:

This is the site we use to check for cert issues.  
We have a pretty loose config so it can work all the way back to Android 2.
https://www.ssllabs.com/ssltes...

I see what you mean about cr100 being locked out of updates.   Looks like they dropped support in 2018.  
https://en.community.sonos.com...
In theory things should still work fine if it wasn't trying to upgrade the http connection to https.

So this may work.   
http://stream-tx1.radioparadis...



Hello Jarro,
Shall we continue this conversation via e-mail? 


jarro

jarro Avatar

Location: #guad
Gender: Male


Posted: Oct 3, 2021 - 1:42am

 pbflyingdutchman wrote:


I have a setup with old version of firmware to be able to use my CR100. Any firmware update would brick those. Issue is also applicable for users of old mobile phones who would use radio paradise app on those.

This is the site we use to check for cert issues.  
We have a pretty loose config so it can work all the way back to Android 2.
https://www.ssllabs.com/ssltes...

I see what you mean about cr100 being locked out of updates.   Looks like they dropped support in 2018.  
https://en.community.sonos.com...
In theory things should still work fine if it wasn't trying to upgrade the http connection to https.

So this may work.   
http://stream-tx1.radioparadis...



pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Oct 3, 2021 - 12:16am

 jarro wrote:


It seems likely.   But I'll need to poke around the forums to see what is up.   ( They did say s1 devices will still get security updates and bug fixes ) 


I have a setup with old version of firmware to be able to use my CR100. Any firmware update would brick those. Issue is also applicable for users of old mobile phones who would use radio paradise app on those.
jarro

jarro Avatar

Location: #guad
Gender: Male


Posted: Oct 2, 2021 - 8:02pm

 pbflyingdutchman wrote:


Does this document explain the root problem? Old sonos devices falling under the category of devices that that don’t trust ISRG Root X1 certificates? 
See the following paragraph in that doc:
What should you do? For most people, nothing at all! We’ve set up our certificate issuance so your web site will do the right thing in most cases, favoring broad compatibility. If you provide an API or have to support IoT devices, you’ll need to make sure of two things: (1) all clients of your API must trust ISRG Root X1 (not just DST Root CA X3), and (2) if clients of your API are using OpenSSL, they must use version 1.1.0 or later. In OpenSSL 1.0.x, a quirk in certificate verification means that even clients that trust ISRG Root X1 will fail when presented with the Android-compatible certificate chain we are recommending by default.



It seems likely.   But I'll need to poke around the forums to see what is up.   ( They did say s1 devices will still get security updates and bug fixes ) 
pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Oct 2, 2021 - 9:52am

 pbflyingdutchman wrote:


I found the following document on sonos website with regards to cert requirements. Is it possible that the cert send by radioparadise has changed to  a newer cert that is not known toolder generation sonos devices ? https://developer.sonos.com/bu...


Does this document explain the root problem? Old sonos devices falling under the category of devices that that don’t trust ISRG Root X1 certificates? 
See the following paragraph in that doc:
What should you do? For most people, nothing at all! We’ve set up our certificate issuance so your web site will do the right thing in most cases, favoring broad compatibility. If you provide an API or have to support IoT devices, you’ll need to make sure of two things: (1) all clients of your API must trust ISRG Root X1 (not just DST Root CA X3), and (2) if clients of your API are using OpenSSL, they must use version 1.1.0 or later. In OpenSSL 1.0.x, a quirk in certificate verification means that even clients that trust ISRG Root X1 will fail when presented with the Android-compatible certificate chain we are recommending by default.

pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Oct 2, 2021 - 9:28am

 jarro wrote:


I'm testing on a Sonos One running s2.    This might be something specific to s1 devices and letsencrypt.   
But  the  http stream manually added to TuneIn should avoid the issue.

Could try mellow-192 that is encoded with mp3  since  the AAC one was throwing errors.   
I'd be curious if that also fails.   




I found the following document on sonos website with regards to cert requirements. Is it possible that the cert send by radioparadise has changed to  a newer cert that is not known toolder generation sonos devices ? https://developer.sonos.com/bu...
pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Oct 2, 2021 - 8:45am

 jarro wrote:


I'm testing on a Sonos One running s2.    This might be something specific to s1 devices and letsencrypt.   
But  the  http stream manually added to TuneIn should avoid the issue.

Could try mellow-192 that is encoded with mp3  since  the AAC one was throwing errors.   
I'd be curious if that also fails.   




I've tried the 192 stream too, same problem. It definitely is the CERT certificate that is causing the issue.  The CERT certification process is handled on TCP level far before the actual music stream is opened/requested. It could well be something to do with older Sonos devices. I only have older sonos devices here.
Should a cert certificate never have a date/time that is newer that the current time?
jarro

jarro Avatar

Location: #guad
Gender: Male


Posted: Oct 2, 2021 - 6:36am

 pbflyingdutchman wrote:


Digging a bit further into the wireshark dump, revealed that sonos is issuing a cert certificate to the server ( radioparadise) with a very old date, 'GMT Unix Time: Jul 20, 2000 23:46:14.000000000 BST'. 
The radioparadise server is issuing certificates with a date far in the future, "GMT Unix Time: May  5, 2068  03:11:39.000000000 BST'
The sonos sends a message back, Certificate expired (alert 45) . This seems to indicate to me that the sonos is not happy with a certificate date 'newer' that the current date.

I've also used VLC and captured the same situation, VLC seems to be happy accepting the radioparadise certificate.






I'm testing on a Sonos One running s2.    This might be something specific to s1 devices and letsencrypt.   
But  the  http stream manually added to TuneIn should avoid the issue.

Could try mellow-192 that is encoded with mp3  since  the AAC one was throwing errors.   
I'd be curious if that also fails.   


pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Oct 2, 2021 - 5:12am

 jarro wrote:


The certificate on that domain is valid.   You might be getting a cached version,  the current one is only 30 days old.    Shift refresh will usually clear that up in a browser.

But that has nothing to do with the streams added to TuneIn.    If you are using http there won't be any certificates involved.   If you are using  https  then it's possible you are getting stale certificates and that might break the stream.    a

Nothing has changed recently so not sure what you are running into.  Definitely odd. 



Digging a bit further into the wireshark dump, revealed that sonos is issuing a cert certificate to the server ( radioparadise) with a very old date, 'GMT Unix Time: Jul 20, 2000 23:46:14.000000000 BST'. 
The radioparadise server is issuing certificates with a date far in the future, "GMT Unix Time: May  5, 2068  03:11:39.000000000 BST'
The sonos sends a message back, Certificate expired (alert 45) . This seems to indicate to me that the sonos is not happy with a certificate date 'newer' that the current date.

I've also used VLC and captured the same situation, VLC seems to be happy accepting the radioparadise certificate.




pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Oct 2, 2021 - 3:05am

 jarro wrote:


The certificate on that domain is valid.   You might be getting a cached version,  the current one is only 30 days old.    Shift refresh will usually clear that up in a browser.

But that has nothing to do with the streams added to TuneIn.    If you are using http there won't be any certificates involved.   If you are using  https  then it's possible you are getting stale certificates and that might break the stream.    a

Nothing has changed recently so not sure what you are running into.  Definitely odd. 



Hello Jarro
There definitely is something wrong related to cert certificates. See https://letsencrypt.org/docs/d...
My problems started on 01/10/2021, same day as the old certificates, mentioned in the above article, expired
Not sure yet if the problem is at the sonos side or radio paradise servers. I managed to capture a network trace of traffic between the sonos and audio-2.radioparadise.com server. My guess based in the trace is that radio paradise server is still issuing an old cert.


Here is the bit where the radio paradise server is contacted by my sonos and the sonos rejecting the cert certificate. For comparison I also used a stream from a radio station that works, no problems there with certs.
1750 10:30:30.851478    192.168.0.11 148.252.41.5          TCP      74 443  Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSval=13170445 TSecr=0 WS=1
1772 10:30:30.868572    148.252.41.5 192.168.0.11          TCP      74 33729  Seq=0 Ack=1 Win=28960 Len=0 MSS=1452 SACK_PERM=1 TSval=4211643913
TSecr=13170445 WS=128

33729 → 443 →

33729 →
Client
443 →
   1773 10:30:30.868826    192.168.0.11          148.252.41.5
443  Seq=1 Ack=1 Win=5840 Len=0 TSval=13170446 TSecr=4211643913
   1776 10:30:30.871026    192.168.0.11          148.252.41.5
Hello
TCP      66
TLSv1.2  205
TCP      66
   1791 10:30:30.888365    148.252.41.5          192.168.0.11
33729  Seq=1 Ack=140 Win=30080 Len=0 TSval=4211643932 TSecr=13170447
   1792 10:30:30.889434    148.252.41.5          192.168.0.11          TLSv1.2  1506   Server
Hello
   1793 10:30:30.889702    192.168.0.11          148.252.41.5          TCP      66     33729 →
443  Seq=140 Ack=1441 Win=8640 Len=0 TSval=13170449 TSecr=4211643933
   1794 10:30:30.890106    148.252.41.5          192.168.0.11          TCP      1506   443 →
33729  Seq=1441 Ack=140 Win=30080 Len=1440 TSval=4211643933 TSecr=13170447 
   1795 10:30:30.890448    192.168.0.11          148.252.41.5          TCP      66     33729 →
443  Seq=140 Ack=2881 Win=11520 Len=0 TSval=13170449 TSecr=4211643933
   1796 10:30:30.890577    148.252.41.5          192.168.0.11          TCP      1282   443 →
33729  Seq=2881 Ack=140 Win=30080 Len=1216 TSval=4211643933 TSecr=13170447 
   1797 10:30:30.890579    148.252.41.5          192.168.0.11          TLSv1.2  475
Certificate, Server Key Exchange, Server Hello Done
   1798 10:30:30.890881    192.168.0.11          148.252.41.5          TCP      66     33729 →
443  Seq=140 Ack=4097 Win=14400 Len=0 TSval=13170449 TSecr=4211643933
   1799 10:30:30.890938    192.168.0.11          148.252.41.5          TCP      66     33729 →
443  Seq=140 Ack=4506 Win=14400 Len=0 TSval=13170449 TSecr=4211643934
   1835 10:30:30.996679    192.168.0.11          148.252.41.5          TLSv1.2  73     Alert
(Level: Fatal, Description: Certificate Expired)
   1845 10:30:31.001767    192.168.0.11          148.252.41.5          TCP      66     33729 →
443  Seq=147 Ack=4506 Win=14400 Len=0 TSval=13170460 TSecr=4211643934

jarro

jarro Avatar

Location: #guad
Gender: Male


Posted: Oct 1, 2021 - 6:11am

 pbflyingdutchman wrote:


This is getting technical:
Analysing the network traffic to radio paradise ( api.radioparadise.com ) I see TLS certificate error messages:
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Expired)

Might this have anything to do with the problems Im experiencing?



The certificate on that domain is valid.   You might be getting a cached version,  the current one is only 30 days old.    Shift refresh will usually clear that up in a browser.

But that has nothing to do with the streams added to TuneIn.    If you are using http there won't be any certificates involved.   If you are using  https  then it's possible you are getting stale certificates and that might break the stream.    a

Nothing has changed recently so not sure what you are running into.  Definitely odd. 

pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Oct 1, 2021 - 5:28am

 pbflyingdutchman wrote:

Since this afternoon (UK time) my sonos does not play any of the aac streams anymore (http://stream.radioparadise.com/mellow-128). Has there been a change in the format of the stream?

Error message: File is in an unsupported format
As tunein is still not an option in UK, creating a station with the above stream address was the only way to listen on the sonos to radio paradise in the UK . Are there any alternatives?

Using the same stream address using VLC on my laptop works fine.



This is getting technical:
Analysing the network traffic to radio paradise ( api.radioparadise.com ) I see TLS certificate error messages:
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Expired)

Might this have anything to do with the problems Im experiencing?

jarro

jarro Avatar

Location: #guad
Gender: Male


Posted: Sep 30, 2021 - 6:16pm

 pbflyingdutchman wrote:

Since this afternoon (UK time) my sonos does not play any of the aac streams anymore (http://stream.radioparadise.com/mellow-128). Has there been a change in the format of the stream?

Error message: File is in an unsupported format
As tunein is still not an option in UK, creating a station with the above stream address was the only way to listen on the sonos to radio paradise in the UK . Are there any alternatives?

Using the same stream address using VLC on my laptop works fine.



I can't reproduce that. (perhaps reboot)
But there are a few different ways to listen on Sonos.   Not sure what the status of all of them are in the UK though.   

1.   We have a native music service on Sonos now,  that should be the best way since it doesn't rely on the streams.   ( Add music service and look for Radio Paradise )
2.   We are listed in the Sonos Radio service can search for us there.  
3.   And of course listed in TuneIn (except in the UK),  and can be added to that service manually for better control over the bitrate.  ( full list here https://radioparadise.com/list...   )
pbflyingdutchman

pbflyingdutchman Avatar

Location: Edinburgh


Posted: Sep 30, 2021 - 11:36am

Since this afternoon (UK time) my sonos does not play any of the aac streams anymore (http://stream.radioparadise.com/mellow-128). Has there been a change in the format of the stream?

Error message: File is in an unsupported format
As tunein is still not an option in UK, creating a station with the above stream address was the only way to listen on the sonos to radio paradise in the UK . Are there any alternatives?

Using the same stream address using VLC on my laptop works fine.