email notify

[Barboots]

I very much doubt that there will be a quick fix. Direct your efforts at creating a Yahoo account or similar.

Cheers, Steve

 

[Aajjoo]

I very much doubt that there will be a quick fix. Direct your efforts at creating a Yahoo account or similar.

Cheers, Steve

Can someone confirm that a Yahoo account will work without issues?
I’m pretty sure I’ve read people stating that it’s exactly the same problems with Yahoo, Hotmail etc accounts.


Skickat från min iPhone med Tapatalk

 

[Aajjoo]

Can someone confirm that a Yahoo account will work without issues?

I just set up a Yahoo! account and it actually seems to work (let’s see for how long)
The only thing seems to be that it takes a while for the emails to come through.






Skickat från min iPhone med Tapatalk

 

[EMPIRETECANDY]

The reason is google'S new security update make dahua as unsafe device/ip address. So have to make the set up with less Security or Allow 3rd party loading. Dahua company still talk with them for this, here is news that i get.

 

[alastairstevenson]

The reason is google'S new security update make dahua as unsafe device/ip address. So have to make the set up with less Security or Allow 3rd party loading. Dahua company still talk with them for this, here is news that i get.

Sorry - but I thought the good analysis by @freshcoast showed that the TLS setup dialogue issued by the Dahua firmware was flawed in terms of how it didn't follow the RFC 7507 correctly. Nothing to do with making changes to the gmail account security.
That's what Dahua need to correct.
Here is the evidence :

Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Cipher Suite: TLS_FALLBACK_SCSV (0x5600)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 81
Extension: ec_point_formats (len=4)
Extension: supported_groups (len=28)
Extension: signature_algorithms (len=32)
Extension: heartbeat (len=1)

Since it isn't a fallback connection, it shouldn't include TLS_FALLBACK_SCSV.

Here's the wireshark TLS error returned by Google:

Transport Layer Security
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Inappropriate Fallback)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Length: 2
Alert Message
Level: Fatal (2)
Description: Inappropriate Fallback (86)

 

[Barboots]

Can someone confirm that a Yahoo account will work without issues?

Working fine, though the increased delay in mail handling is noticeable.

 

[Aajjoo]

Working fine, though the increased delay in mail handling is noticeable.

The choice is easy between a delay and not working at all


Skickat från min iPhone med Tapatalk

 

[Dahua GZ]

Working fine, though the increased delay in mail handling is noticeable.

I have the same issues with Gmail and have just now created Hotmail and Yahoo accounts. I've tested both ports 465 and 587 as well in all combinations with SSL and TLS however I keep getting "Test Failed." in my Dahua NVR. No success.

 

[Aajjoo]

I have the same issues with Gmail and have just now created Hotmail and Yahoo accounts. I've tested both ports 465 and 587 as well in all combinations with SSL and TLS however I keep getting "Test Failed." in my Dahua NVR. No success.

Hey,

These are the Yahoo settings that (at least right now) are working for me:

Skickat från min iPhone med Tapatalk

 

[Dahua GZ]

Hey,

These are the Yahoo settings that (at least right now) are working for me:

Skickat från min iPhone med Tapatalk

I was just able to get it working with Yahoo, but I had to enable in Yahoo Security settings to allow less secure apps to use the mail account. So success at last! Thank you!

 

[Aajjoo]

I was just able to get it working with Yahoo, but I had to enable in Yahoo Security settings to allow less secure apps to use the mail account. So success at last! Thank you!

Sorry buddy, I forgot that little detail
Great that you got it working, let’s cross fingers and hope Yahoo doesn’t mess it up for us


Skickat från min iPhone med Tapatalk

 

[ad24]

Sorry buddy, I forgot that little detail
Great that you got it working, let’s cross fingers and hope Yahoo doesn’t mess it up for us


Skickat från min iPhone med Tapatalk

Ohw yeah! working here also
THANKS for the notify

 

[Betsy]

I just found this thread and think it is relevant to the issue I'm seeing. I have a lorex NVR and just upgraded firmware thinking the issue would be resolved but it is not.

The Client Hello message specifies protocol TLS 1.2 with cipher TLS_FALLBACK_SCSV and gmai is using TLS 1.3. Per the RFC, the client should not be sending the TLS_FALLBACK_SCSV cipher when it is already advertising the higher TLS/SSL version is supports so this is broken in the client (surveillance system) software.

When will it be fixed? The only way this will work is when the server doesn't have a higher protocol version enabled and today, most servers are running TLS 1.3 due to security risks of running lower protocols.

 

[alastairstevenson]

Fortunately, @EMPIRETECANDY has a channel to Dahua on behalf of the forum, and will keep us updated on developments.

When firmware updates to fix this bug come out - it's going to throw up some difficult choices about the risks of updating.
There will be fallout.

 

[JulieD]

It will be even higher fallout if it isn’t fixed- sooner or later all email services will be upgraded meaning the Dahua hardware won’t work for email, not to mention gmail is probably the biggest email service in the world.

 

[Betsy]

I don't understand why this is a hard thing to fix. The firmware is clearly in error, it is sending its highest supported protocol level with TLS_FALLBACK_SCSV cipher. According to the RFC (7507) section 4: "If a client sets ClientHello.client_version to its highest supported protocol version, it MUST NOT include TLS_FALLBACK_SCSV in ClientHello.cipher_suites."

To fix, simply do not add the TLS_FALLBACK_SCSV cipher when sending the ClientHello.

 

[alastairstevenson]

I don't understand why this is a hard thing to fix.

It probably isn't - but there will be beta testing to do, documentation to update, release candidate testing to do, internal reviews and approvals to take place, release to production, website updates etc etc.
This is a professional company that will have required procedures to follow.

To fix, simply do not add the TLS_FALLBACK_SCSV cipher when sending the ClientHello.

I'm tempted to see how easy it would be to just hack the app (presumably Sofia).

 

[usaf_pride]

I too was having email problems. I hadn't update my NVR-5216 firmware to the most recent, but after doing so, my gmail alerts are back working again. This is the only change to my system.

 

[EMPIRETECANDY]

Right now we get some update from dahua for the email notify failed issue, will have more releasing soon .

Here is the 1st new firmware for this bug, when other models come out, i will post here .
Email Bug fixed for DH_IPC-HX8XXX-Nova2_EngSpnFrn_PN_Stream3_V2.622.0000000.7.R.190619.zip

 

[EMPIRETECANDY]

I just get all new firmwares for this bug, will post on IPCT soon for the urgent fixing up. For the hacked models/Original english models, please don't use these firmware to make any upgrade, or else your cams will be burned or language will be change back into Chinese.