I too am in the same boat... But interestingly enough.. I have two machines, both running the same version of Blue Iris Tools. But only one has this problem.
I have a windows 7 machine with BI 4 and BIT 1.6.0. On that machine, everything is working fine, it can talk to the weather station, and it tells me no new updates to BIT since Feb 2020.
Yet, on my new Windows 10 machine running BI 5, with BIT 1.6.0 it has the exact same problems as described above...
So I thought, lets do a wireshark capture of the two and see whats happening.
It appears, though I'm no expert on certificates, that the failure is on establishing the proper Cipher Suites.
It's here I'm not sure I understand. Since I see from the Client Hello message on my working machine, that the Client Hello includes the TLS Cipher suite the Server Hello settles on in it's offer to negotiate. And then works (although it appears because of a previously negotiated session)
And yet, on my Windows 10 machine, Blue Iris Tools Client Hello doesn't offer up that same TLS Cipher Suite. Hence, I believe thats why it fails.... Cipher Suite in question:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Now, whats odd, is I looked at the Windows 10 supported Cipher Suites, and this appears to be in the supported list configured on the box
re: TLS Cipher Suites in Windows 10 v1803 - Win32 apps
and following looking in Group policies under Administrative Templates -> Network -> SSL Configuration Settings -> "SSL Cipher Suite Order" when I look at what is enabled, it appears to be there.
Here are the captures, in case someone who understands this better than I do has some ideas...
First the Working machine (windows 7) :
Here you see the TCP SYN, SYN ACK, ACK of the SYN ACK, then the client hello, followed by and ACK and the a successful server Hello packet.. and everything works fine from that point on....
And here is a copy of the actual Client Hello packet, where it says what TLS Cipher Suites it supports, notice TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is there:
And a quick look at the server Hello indicating successful negotiation... Notice the "This sesion reuses previously negotiated keys (session resumption) ]" message. I think this means, it's only working because I had previously had it working.... But I don't know enough about TLS negotiation to know.
Now lets look at the failed session on the Windows 10 machine with BIT same version as above. Again, we have the inital TCP SYN, followed by SYN ACK, then ACK of the SYN ACK.
Then we send the client Hello message.
Notice that on packet 10 we have a "Level: Fatal, Description: Handshake Failure)" in the TLSv1.2 protocol... I believe it's cause the Hello message didn't offer up
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 as an option... I And I guess the server doesn't support anything else???
Here is the packet 5, the client Hello message without the TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 option in the list.
Assuming I'm correct. I'm not sure what one has to do to fix this... Is this a server problem, in that it doesn't support any of the common TLS Cipher suites?
I'm not sure where the issue sits.
Hoping this info helps someone to solve....
I have a windows 7 machine with BI 4 and BIT 1.6.0. On that machine, everything is working fine, it can talk to the weather station, and it tells me no new updates to BIT since Feb 2020.
Yet, on my new Windows 10 machine running BI 5, with BIT 1.6.0 it has the exact same problems as described above...
So I thought, lets do a wireshark capture of the two and see whats happening.
It appears, though I'm no expert on certificates, that the failure is on establishing the proper Cipher Suites.
It's here I'm not sure I understand. Since I see from the Client Hello message on my working machine, that the Client Hello includes the TLS Cipher suite the Server Hello settles on in it's offer to negotiate. And then works (although it appears because of a previously negotiated session)
And yet, on my Windows 10 machine, Blue Iris Tools Client Hello doesn't offer up that same TLS Cipher Suite. Hence, I believe thats why it fails.... Cipher Suite in question:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Now, whats odd, is I looked at the Windows 10 supported Cipher Suites, and this appears to be in the supported list configured on the box
re: TLS Cipher Suites in Windows 10 v1803 - Win32 apps
and following looking in Group policies under Administrative Templates -> Network -> SSL Configuration Settings -> "SSL Cipher Suite Order" when I look at what is enabled, it appears to be there.
Here are the captures, in case someone who understands this better than I do has some ideas...
First the Working machine (windows 7) :
Here you see the TCP SYN, SYN ACK, ACK of the SYN ACK, then the client hello, followed by and ACK and the a successful server Hello packet.. and everything works fine from that point on....
And here is a copy of the actual Client Hello packet, where it says what TLS Cipher Suites it supports, notice TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is there:
And a quick look at the server Hello indicating successful negotiation... Notice the "This sesion reuses previously negotiated keys (session resumption) ]" message. I think this means, it's only working because I had previously had it working.... But I don't know enough about TLS negotiation to know.
Now lets look at the failed session on the Windows 10 machine with BIT same version as above. Again, we have the inital TCP SYN, followed by SYN ACK, then ACK of the SYN ACK.
Then we send the client Hello message.
Notice that on packet 10 we have a "Level: Fatal, Description: Handshake Failure)" in the TLSv1.2 protocol... I believe it's cause the Hello message didn't offer up
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 as an option... I And I guess the server doesn't support anything else???
Here is the packet 5, the client Hello message without the TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 option in the list.
Assuming I'm correct. I'm not sure what one has to do to fix this... Is this a server problem, in that it doesn't support any of the common TLS Cipher suites?
I'm not sure where the issue sits.
Hoping this info helps someone to solve....