Graphics
Intel® graphics drivers and software, compatibility, troubleshooting, performance, and optimization
20495 Discussions

Intel DSA "21.4.29.8" no longer compatible with Windows 8.1 or 7, but not disclosed

win8tlsciphmismatch
769 Views

Since version 21.4.29.8 Intel DSA uses a new URL to check for updates: " https://dsadata.intel.com/data/en ", but the following results on  Windows 8.1:

Exception while starting session: Intel.DSA.CommonCore.Models.NoInternetExceptionhttps://dsadata.intel.com/data/en ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
 
TLS connection being aborted by Intel server:
win8tlsciphmismatch_0-1628030160228.png
Ciphers being supported by Windows 8.1 Schannel:
win8tlsciphmismatch_1-1628030218178.png

 

 
The reason for this is:
  1. the Microsoft Schannel library is being used by Intel DSA software to connect
  2. https://dsadata.intel.com/data/en does not have any overlapping SSL ciphers with Windows 8.1 Schannel.
    Intel's server only wants to use TLS_ECDHE_RSA_AES_GCM_[128/256]_SHA[256/384], neither of which are supported by Microsoft Schannel.
    See TLS Cipher Suites in Windows 8.1 - Win32 apps | Microsoft Docs . Only Windows 10 supports those ciphers.
 
Consequence: Intel DSA is unusable on Windows 7 and 8.1. It is impossible to get it working, even though Intel claims Windows 8.1 is supported.
 
Solution: at least one of the ciphers supported by Windows Schannel on Windows 8.1 (see Microsoft's documentation TLS Cipher Suites in Windows 8.1 - Win32 apps | Microsoft Docs ) should be enabled on the Intel server at " https://dsadata.intel.com/data/en ":
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
0 Kudos
3 Replies
Monique_Intel
Moderator
729 Views

@win8tlsciphmismatch  Thank you for bringing this to our attention.  I am the Intel Project Manager for the Intel DSA application so I've provided this information to our developers to investigate.

Thank you,

Monique with Intel Corporation

0 Kudos
Monique_Intel
Moderator
698 Views

@win8tlsciphmismatch   This issue has been resolved.  Please confirm if you are able to successfully scan with IDSA on your Win 7 or Win 8.1 system.

Thanks for your patience,

Monique with Intel Corporation

MrGreg
Beginner
683 Views

Thanks for fixing that little glitch.  Eventually I'll try to roll this Compal NBLB3 over to Win10....  Hope that's before MS drops support for it.

0 Kudos
Reply