I have strange issue when i post to sage pay from my vb.net application
objHttpRequest = HttpWebRequest.Create(objUri)
objHttpRequest.KeepAlive = False
objHttpRequest.Method = "POST"
objHttpRequest.ProtocolVersion = HttpVersion.Version10
objHttpRequest.ContentType = "application/x-www-form-urlencoded"
arrRequest = objUTFEncode.GetBytes(postValues)
objHttpRequest.ContentLength = arrRequest.Length
objStreamReq = objHttpRequest.GetRequestStream()
objStreamReq.Write(arrRequest, 0, arrRequest.Length)
objStreamReq.Close()
objStreamReq = objHttpRequest.GetRequestStream()
At this line exception is thrown as "The underlying connection was closed: An unexpected error occurred on a send".
When i debug, the connection object is nothing. But i dont know whether it was there before.
It was successfully posted before and i didnt change anything.
I copied the inputs and posted to sage pay with POSTMAN and it succeeds.
Can somebody help me to find this please.
Are you using the test server? TLS 1.0 and 1.1 were disabled on it last month so any connections other than TLS 1.2 will fail in that way. The live servers still support 1.0/1.1 until March 31st 2018, so you will need to ensure the client supports TLS 1.2.
You can use TLS 1.2 on .NET 4.0 IF the OS has .NET 4.5+ installed and you manually set the protocol:
https://blogs.perficient.com/microsoft/2016/04/tsl-1-2-and-net-support/
Related
I am unable to connect to an HTTPS server (TLS 1.3) using WebRequest because of this error message:
The request was aborted: Could not create SSL/TLS secure channel.
The previous TLS version was 1.2 and with below code I could GET the page properly but as the page ssl upgraded to TLS 1.3 I got the error and also I cannot find any solution about it:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
In fact, I think it should be something like below:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
but there is not.
It looks like TLS13 is supported now as part of the 4.8 .Net Framework
https://learn.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netframework-4.8
However it is only supported on newer Window's OS versions (windows 11 and server 2022+), see here for full support details.
I'm porting a vb.net HTTPS client application on WinCE60 CF35: bsically it needs to send HTTPS REST requests to a server.
I started development on a Win10 desktop and there I have no problems (VS2015 - NET35).
When I run on WinCE I receive an exception when I send the webrequest: the system says that it does not have the error message, but I see the status = 10 = SecureChannelFailure.
The code is the following:
Private Function SendGetRequest(cmd As String) As Boolean
Dim request As WebRequest = WebRequest.Create(m_baseUrl + cmd)
request.Method = "GET"
request.Timeout = m_timeout
request.Headers.Add("Authorization", "Basic " + m_authInfo)
'
Dim dataStream As Stream
'
Try
Dim response As WebResponse = request.GetResponse()
m_statusCode = CType(response, HttpWebResponse).StatusCode
dataStream = response.GetResponseStream()
...
On the server side I don't receive anything. So, I tryed to sniff using Wireshark and I see the following:
In my understanding the client (.113) sends a RESET, but I don't know why ..
PS: if I build a HTTP request I receive response.
Multiple potential issues here:
Based on the error message, the most likely problem: The CE device may be missing a root certificate, or the root certificate may be expired or revoked, and therefore Windows CE is unable to verify the server certificate. If your CE device has a UI, open the Certificates applet in the Control Panel to verify that the required root certificate is installed and valid
.NET CF does not support SHA-2 based certificates (see answers here). Mentioning this because it's the next problem you are likely to run into, once the root cert is in place
Windows CE often sends RST to close TCP connections. Not pretty, but probably unrelated to the HTTPS problem you're seeing (as far as I understand the rationale is this is faster than having both sides send FIN/ACK)
We recently migrated to Spring boot 1.3.1 from the traditional spring project.
Our existing clients use Tyrus 1.12 as a websocket client.
After the upgrade, we found that the clients no longer connect and throws AuthenticationException. Strangely, they are able to connect for the first time since server restart and soon after throws AuthenticationException.
Digging a bit more, I found that Tyrus receives a 401 initially and passes on credentials subsequently. The server logs indicate the same behaviour, by first assigning ROLE_ANONYMOUS and then the correct role, ROLE_GUEST there after.
It seems like after the negotiation, the server closes connection and disconnects.
I observed the same behaviour when using spring stomp websocket client with Tyrus.
ClientManager container = ClientManager.createClient();
container.getProperties().put("org.glassfish.tyrus.client.sharedContainer", true);
container.getProperties().put(ClientProperties.CREDENTIALS, new Credentials("guest", "guest"));
StandardWebSocketClient webSocketClient = new StandardWebSocketClient(container);
final CountDownLatch messageLatch = new CountDownLatch(10);
WebSocketStompClient stompClient = new WebSocketStompClient(webSocketClient);
This same server setup works fine when the credentials are sent in the header.
stompClient.connect(url, getHandshakeHeaders("guest", "guest"), handler);
And this will NOT work since the credentials are not in the header
ListenableFuture<StompSession>session = stompClient.connect(url, handler, "localhost", "8080");
I am not understanding why it is working one way and not the other.
After upgrading to spring-boot, our software is no longer backwards compatible and will have to ask all our external clients to inject the authorization in the header before receiving a 401.
Can someone please help?
My earlier post with stacktrace
The Server I am connecting to requires TLS 1.1. My attempts fail. I am on a Windows Server 2008 R2 Standard SP1 64bit machine using Classic ASP.
Here is my code:
const WinHttpRequestOption_SecureProtocols = 9
const SecureProtocol_TLS1_1 = 512
dim objHTTP
set objHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
No error:
objHTTP.Option(9) = 128
'No error:
objHTTP.Option(9) = &H80
'Errors right here:
objHTTP.Option(WinHttpRequestOption_SecureProtocols) = SecureProtocol_TLS1_1
'Errors right here:
objHTTP.Option(9) = 512
'Errors right here:
objHTTP.Option(9) = &H200
It does not matter where in the code I place this line, I still get this error as it tries to execute:
Microsoft VBScript runtime error '800a0005'
Invalid procedure call or argument: 'Option'
My Server's Browser was IE8, so I installed IE11 hoping for better results. Same error.
I have the Internet options of IE11 set to
(Unchecked) Use SSL 2.0
(Unchecked) Use SSL 3.0
(Unchecked) Use TLS 1.0
(Checked) Use TLS 1.1
(Checked) Use TLS 1.2
In the Registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
I have TLS 1.1 and 1.2 set at enabled=1 and DisabledByDefault=0
All the rest are set opposite.
I did the same at /ControlSet001/ and /ControlSet002/
Why can't I set objHTTP.Option(9) = 512?
Bonus question: Why is WinHttp insisting on TLS 1.0 regardless of my Server's settings?
This option means TLS 1.0:
objHTTP.Option(9) = 128
And winhttp.dll library on Windows 2008 R2 has reference only to this value.
That's why you don't have any error with it.
Next option means TLS 1.1:
objHTTP.Option(9) = 512
But only Windows 2012 and newer knows this value.
That's why you have errors on Windows 2008 R2
So you have to upgrade your Windows in order to use this setting.
Or there is another approach using registry fix exists.
Because Windows uses this value in case it is not specified in your code.
This approach works without changing any line of code.
In general:
Register protocol TLS 1.1 or even 1.2 is better (or both) in next section
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Tell winhttp.dll to use one of those protocols by default with value "DefaultSecureProtocols" in next sections
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
See more details in my answer here:
Classic ASP Outbound TLS 1.2
If you open the winhttp.dll in visual studio object browser, the version in Windows Server 2008 does not contain the constants for TLS1.1 and TLS1.2 under WinHttpRequestSecureProtocols enum.
If you do the same for Windows Server 2012, you'll find that the constants for TLS1.1 and TLS1.2 do appear.
I don't see an update available for Win 2008 to upgrade winhttp. If one exists I'd like to know. I haven't tried copying the Win 2012 version to Win 2008. I don't know if that would cause issues or not.
We updated our SSL certificate to SHA2, but the intermediate certificate was SHA1. Chrome and other browsers have decided that the entire chain must be SHA2. Our customers were calling concerned about the yellow caution in the address bar. Rumor has it that in a few months Chrome and other browsers will replace the mildly unobtrusive caution with a stop screen. We certainly don't want that!
...
So we reissued the certificate and the new one is signed by the SHA2 intermediate. When we use that certificate to encrypt the traffic on our server, our applications that are using MSXML2.ServerXMLHTTP (running on Windows Server 2003) to access remote web services on that server can no longer connect.
After researching, we applied these two hotfixes that looked like they might could have addressed the issue:
https://support.microsoft.com/kb/938397/en-us
https://support.microsoft.com/kb/968730/en-us
But the problem persists. Switch the cert back to the SHA2 with SHA1 intermediate and we have no issues.
We have installed the intermediate SHA2 certificate in the trusted store but the problem persists.
We have tried specifying all versions of the MSXML2.ServerXMLHTTP and all fail.
ASP code :
function query(xml)
dim xmlhttp, xmlDoc, url
url = application("component_url")
set xmlhttp = server.createobject("MSXML2.ServerXMLHttp")
call xmlhttp.open ("POST", url, false)
call xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
on error resume next
err.clear
call xmlhttp.send(xml)
if err.number <> 0 then
call sendAlert("An error has occurred while trying to send your request", message)
else
dim rt
rt = ConvertUtf8BytesToString(xmlhttp.responseBody)
set xmlDoc = server.createobject("MSXML2.DomDocument")
xmlDoc.loadXml(rt)
end if
on error goto 0
set query = xmlDoc
set xmlHttp = nothing
set xmlDoc = nothing
end function
Your situation is very likely same as this post, specially the last answer as you mention the script has been running for 10+ years.
Quoting the last answer in full:
I know it is an old question. This issue could be because of
unsupported cipher suites. Try adding - TLS_RSA_WITH_AES_128_CBC_SHA
AES128-SHA - TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
That means you have to follow this kb:
http://support.microsoft.com/kb/948963 This update is also interesting
if you are still using windows 2003. Which will allow connecting to
site using SHA2 - http://support.microsoft.com/kb/968730
Please note that Windows Server 2003 support is ending July 14, 2015
If the code is running on a Windows Server 2003, I suggest you try it on a newer machine, maybe a laptop with Windows 7 for a quick test.