Roon Security update 31 May [Update Complete]

Your Mac and iPad will continue to work just fine, but it’s likely that your Windows 8 PC will be affected. The simplest and safest path forward is to install Windows 10, but you can also try updating TLS with the instructions in this article.

The email I received appear to indicate that migrating to nucleus core is an alternative to updating to windows 10:

To continue using Roon from May 31, your operating systems must support TLS 1.2 at a minimum. It may be possible to update TLS under Windows 7 and 8 following the instructions in articles like this…Alternatively, you could upgrade your operating system to Windows 10 to remain secure, or migrate to a new Roon Core device with these instructions: Roon Core Migration

The email seems to presume that you are using Windows on a Core whereas @kevin’s response indicates the issue also arises where Windows is on a Remote (meaning a PC that points to a Core on another computer).

With an affected Remote you will need to upgrade either the version of TLS or to Windows 10. Migrating to a Nucleus or NUC/ROCK relates only to Cores.

I’m using Ubuntu 20.04 LTS (Long Term Support) aka Focal Fossa, which was a pretty simple installation. You can find other online guides and videos about installing it alongside Windows. This runs Roon Server quite happily. Use the Easy Installer instructions here.

I am also using Jussi Laako’s low latency native DSD kernel published here but that is very much an optional extra for those who want to delve deeper into Linux.

In case you are wondering about the Ubuntu version names they follow an [adjective][animal] form because:

So, what’s with the “Funky Fairy” naming system?
Many sensible people have wondered why we chose this naming scheme. It came about as a joke on a ferry between Circular Quay and somewhere else, in Sydney, Australia:
lifeless: how long before we make a first release?
sabdfl: it would need to be punchy. six months max.
lifeless: six months! thats not a lot of time for polish.
sabdfl: so we’ll have to nickname it the warty warthog release.

And voila, the name stuck. The first mailing list for the Ubuntu team was called “warthogs”, and we used to hang out on #warthogs on irc.freenode.net. For subsequent releases we wanted to stick with the “hog” names, so we had Hoary Hedgehog, and Grumpy Groundhog. But “Grumpy” just didn’t sound right, for a release that was looking really good, and had fantastic community participation. So we looked around and came up with “Breezy Badger”. We will still use “Grumpy Groundhog”, but those plans are still a surprise to be announced… For those of you who think the chosen names could be improved, you might be relieved to know that the “Breezy Badger” was originally going to be the “Bendy Badger” (I still think that rocked). There were others… For all of our sanity we are going to try to keep these names alphabetical after Breezy. We might skip a few letters, and we’ll have to wrap eventually. But the naming convention is here for a while longer, at least. The possibilities are endless. Gregarious Gnu? Antsy Aardvark? Phlegmatic Pheasant? You send 'em, we’ll consider 'em.

1 Like

Im somewhat stuck using Windows 7 as the operating system as we are using windows mediacenter throughout the house for satellite tv. But I’m glad to see using the method above that the standard Internet Explorer browser already supports TLS 1.2, so I assume Ill have no issue continue running Roon on that server, right?

The Digitimber page referred to in the email does not mention Windows 8.1 being affected. Nor are there any windows patches (KB3140245) for Windows 8.1 or Windows 8 (other than the embedded version of 8).

I’ve checked Internet Explorer on my old NUC PC that’s running Windows 8.1 and it transfers pages over TLS 1.2. Patch KB3140245 hasn’t been installed on this machine either. Perhaps 8.1 shipped with TLS 1.2, or the update was included in some other patch.

So, it seems that if you’re running Windows 8.1, and possibly Windows 8, you shouldn’t have to do anything.

roonlabs, please confirm whether Windows 8 must be updated, and clarify your email to users if needs be:

It may be possible to update TLS under Windows 7 and 8 following the instructions in articles like this one.

On the other hand, if

  • you’re running Windows 7;
  • Windows 8.1 has TLS 1.2 out of the box or by some other patch;
  • your machine is too old or slow to run Windows 10; and
  • you can find installation media for Windows 8.1,

you could update an old Windows 7 PC to 8.1 instead.

Does this problem affect non-TLS 1.2 versions of windows that are only serving as endpoints with roon bridge? Or as remotes with roon remote? Or is it only roon core that talks to your services?

It is worth pointing out that if you use Roon Server then an alternative OS such as flavours of Linux or ROCK will have the same functionality. But if you use the full Roon desktop variety for control purposes then Linux and ROCK cannot offer you that. Windows 10 is then your best option unless the suggested TLS updates work for you.

2 Likes

Is it ok to check for the required TLS 1.2 support here? https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

Yes SSL Labs run a good browser and server testing service. We test all our sites through them

No it won’t, win7 still supports TLS 1.2 as long as you kept it updated and apply the easy fix.

You can set your win7 OS to use TLS 1.2 by default so it won’t have any conflicts with Roon cloud servers

https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392

1 Like

Focal fossa? I am a doctor, so this is more like an anatomical term :slight_smile: What kind of an animal is a fossa?
My laptop is not young, Ubuntu may be a bit fancy. I am thinking of Linux Mint for it. Can I use Xfce flavor?

I am running two laptops in my Roon setup with Win7. One is for core, other one in other room as an endpoint. I’ll try the fix on the endpoint, but I will upgrade the os on core machine. I am not a big fan of windows, so I am willing to switch. Nice opportunity to learn new stuff. Thank you.

Thanks Kevin. Finances are in covid mode, so no new hardware in horizon. I’ll hope Linux Mint will Rock for me.
Long live rock’n roll.

1 Like

If you’re not familiar with Linux I’d go with Ubuntu desktop as I can guarantee any question or problem you have will already be answered or fixed on the internet given the number of users.

An old i3 laptop with 2GB RAM will run Ubuntu quite easily.

1 Like

Google tells me it’s a cat like mammal in Madagascar related to the mongoose.

The desktop flavour is immaterial because Roon Server has no desktop interface. You configure it through a Control device.

1 Like

Thanks. I was afraid maybe one comes with necessary drivers but other lacks them and you need to do techy stuff, etc.

Installing Ubuntu is a breeze. Good recommendation.

After checking with the devs I understand all devices that are running Windows 7 or 8, whether as Core, Remote or Output should be checked and, if possible, updated to TLS 1.2 or later. Remotes, for example, directly fetch artwork for Tidal/Qobuz from Roon’s cloud services.

Thanks to your valuable help, I was able to solve the issues. On my core machine, where I was using Roon Server on Win7, I upgraded to Linux Mint Mate. On my Win7 endpoint machine, I upgraded to Win10. Both are performing nicely. Recommended if you are in a similar situation. My remaining endpoints are either on Apple hardware or work through airplay (not a HQ solution, but they are not for critical listening.)

When Win10 was first launched, I gave it a try and found it to be too cumbersome. Since my Windows needs were basic, I reverted to Win7. Now I was forced to try Win10 again. To my surprise, the OS has become much faster and migration was a breeze. I am relieved.

Being a grumpy oldish man, I find that my dislike of Microsoft is still greater than my dislike of Apple. Anyway, it is nice to have a community. Thanks folks.

Thank you for telling me that the option to upgrade from 7 to 10 is still open (ahem). You saved my day.

1 Like