Graphics
Intel® graphics drivers and software, compatibility, troubleshooting, performance, and optimization
19502 Discussions

Intel DSA "21.4.29.8" no longer compatible with Windows 8.1 or 7, but not disclosed

win8tlsciphmismatch
Beginner
‎08-03-2021 03:27 PM
532 Views

Since version 21.4.29.8 Intel DSA uses a new URL to check for updates: " https://dsadata.intel.com/data/en ", but the following results on  Windows 8.1:

Exception while starting session: Intel.DSA.CommonCore.Models.NoInternetExceptionhttps://dsadata.intel.com/data/en ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
 
TLS connection being aborted by Intel server:
win8tlsciphmismatch_0-1628030160228.png
Ciphers being supported by Windows 8.1 Schannel:
win8tlsciphmismatch_1-1628030218178.png

 

 
The reason for this is:
  1. the Microsoft Schannel library is being used by Intel DSA software to connect
  2. https://dsadata.intel.com/data/en does not have any overlapping SSL ciphers with Windows 8.1 Schannel.
    Intel's server only wants to use TLS_ECDHE_RSA_AES_GCM_[128/256]_SHA[256/384], neither of which are supported by Microsoft Schannel.
    See TLS Cipher Suites in Windows 8.1 - Win32 apps | Microsoft Docs . Only Windows 10 supports those ciphers.
 
Consequence: Intel DSA is unusable on Windows 7 and 8.1. It is impossible to get it working, even though Intel claims Windows 8.1 is supported.
 
Solution: at least one of the ciphers supported by Windows Schannel on Windows 8.1 (see Microsoft's documentation TLS Cipher Suites in Windows 8.1 - Win32 apps | Microsoft Docs ) should be enabled on the Intel server at " https://dsadata.intel.com/data/en ":
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
0 Kudos

Link Copied

3 Replies
Monique_Intel
Moderator
‎08-06-2021 12:46 PM
492 Views

@win8tlsciphmismatch  Thank you for bringing this to our attention.  I am the Intel Project Manager for the Intel DSA application so I've provided this information to our developers to investigate.

Thank you,

Monique with Intel Corporation

0 Kudos
Copy link
Monique_Intel
Moderator
‎08-10-2021 10:05 AM
461 Views

@win8tlsciphmismatch   This issue has been resolved.  Please confirm if you are able to successfully scan with IDSA on your Win 7 or Win 8.1 system.

Thanks for your patience,

Monique with Intel Corporation

Copy link
MrGreg
Beginner
‎08-10-2021 04:54 PM
446 Views
In response to Monique_Intel

Thanks for fixing that little glitch.  Eventually I'll try to roll this Compal NBLB3 over to Win10....  Hope that's before MS drops support for it.

In response to Monique_Intel
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.