login about faq

Looking at the documentation for the TCP socket component, I see a list for the available SslAllowedCiphers. It seems that SHA384 is the highest level available. We have a client that wants to use SHA512 for their certificates. What are our options? Is SHA1512 supported?

asked May 06 at 12:50

dvc92's gravatar image

dvc92
1


Yes, SHA-512 is supported. I'll make sure the documentation is updated.

link

answered May 06 at 15:30

chilkat's gravatar image

chilkat ♦♦
11.8k316358420

It seems to work with v9.5.0.51, but with v9.5.0.56 we are receiving an error. The certificate that he is using is SHA512.

Failed to connect to 10.96.0.46
Reason: 100-Internal schannel error
(ChilkatLog:
Connect_Socket(218ms):
ChilkatVersion: 9.5.0.56
connectInner(202ms):
hostname: 10.96.0.46
port: 12480
tls: 1
maxWaitMs: 5000
socket2Connect(202ms):
connect2(202ms):
hostname: 10.96.0.46
port: 12480
ssl: 1
connectImplicitSsl(202ms):
Clearing TLS client certificates.
connectSocket:
domainOrIpAddress: 10.96.0.46
port: 12480
connectTimeoutMs: 5000
connect_ipv6_or_ipv4:
This is an IPV4 numeric address.
Domain to IP address resolution not needed.
connecting to IPV4 address...
ipAddress: 10.96.0.46
createSocket:
Setting SO_SNDBUF size
sendBufSize: 262144
Setting SO_RCVBUF size
recvBufSize: 4194304
--createSocket
connect:
Waiting for the connect to complete...
myIP: 10.96.0.46
myPort: 58814
socket connect successful.
--connect
--connect_ipv6_or_ipv4
--connectSocket
clientHandshake(202ms):
certChain:
subjectDN: O=Casey's General Store, CN=Internet Order
--certChain
cacheClientCerts:
Cached TLS client certificates.
certChain:
subjectDN: O=Casey's General Store, CN=Internet Order
--certChain
--cacheClientCerts
clientHandshake2(187ms):
readHandshakeMessages:
processHandshakeRecord:
processHandshakeMessage:
processServerHello:
negotiatedTlsVersion: TLS 1.2
negotiatedCipherSuite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
minAcceptableRsaKeySize: 1024
--processServerHello
--processHandshakeMessage
--processHandshakeRecord
--readHandshakeMessages
Sending client-side certificate(s)...
sendClientCertificates(16ms):
buildCertificatesMessage(16ms):
numCerts: 1
--buildCertificatesMessage
--sendClientCertificates
buildClientKeyExchange(16ms):
buildClientKeyExchangeECDHE(16ms):
verifyServerKeyExchange(16ms):
composeVerifyData:
Unsupported server key exchange hash algorithm
--composeVerifyData
--verifyServerKeyExchange
--buildClientKeyExchangeECDHE
--buildClientKeyExchange
Failed to build ClientKeyExchange
sendFatalAlert(46ms):
Turning on TCP_NODELAY.
passiveClose(15ms):
Passive socket closing complete.
--passiveClose
--sendFatalAlert
--clientHandshake2
--clientHandshake
Client handshake failed. (3)
--connectImplicitSsl
ConnectFailReason: 100
--connect2
--socket2Connect
Failed.
--connectInner
Failed.
--Connect_Socket
--ChilkatLog
)

link

answered May 06 at 15:52

dvc92's gravatar image

dvc92
1

Thanks, I'll have a look..

(May 06 at 15:54) chilkat ♦♦

This problem actually has nothing to do with the TLS cipher suites or the SslAllowedCipher property. (In other words, it's not a missing cipher suite.)

It has to do with a server key exchange option in TLS 1.2. In the older version of Chilkat, TLS 1.2 was not implemented, and this option does not exist in the older versions of the TLS protocol (TLS 1.0, 1.1), and that's why the problem does not occur. You can work around the problem by setting the SslProtocol property to "TLS 1.1" or "TLS 1.0".

I did add support just now for the SHA512 server key exchange hash algorithm. I can provide a new build, but I need to know exactly what to provide (programming language, operating system, .NET version, Visual Studio Version, or whatever might apply)

link

answered May 06 at 16:48

chilkat's gravatar image

chilkat ♦♦
11.8k316358420

This is the reason I recommend Chilkat to others! Great response on the rare occasion there is an issue.

We are currently using the 32 bit version of ChilkatDotNet4.dll with VB.net 2013

link

answered May 06 at 16:56

dvc92's gravatar image

dvc92
1

One question: Why would you use the .NET 4.0 Framework in VS 2013? I would think the .NET 4.5 Framework would be a more natural fit... I can go ahead and provide the ChilkatDotNet4.dll though..

(May 06 at 16:59) chilkat ♦♦

Some of our clients are slow to upgrade systems. We are trying to push them, but it is slow going.

(May 06 at 17:01) dvc92

Thanks, I just wanted to make sure you weren't inadvertently using it. Also, sometimes people think the license is only valid for a particular .NET Framework...

(May 06 at 17:04) chilkat ♦♦

Please try this new build:

32-bit Download: http://www.chilkatsoft.com/download/preRelease/ChilkatDotNet4-9.5.0-win32.zip

64-bit Download: http://www.chilkatsoft.com/download/preRelease/ChilkatDotNet4-9.5.0-x64.zip

I added the support for SHA512, which was simply to add a section of internal code that is identical to the case for SHA384. I haven't tested it yet -- I'll leave it to you since you can do that quickly.

link

answered May 06 at 17:08

chilkat's gravatar image

chilkat ♦♦
11.8k316358420

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×60
×56

Asked: May 06 at 12:50

Seen: 431 times

Last updated: May 06 at 17:08

powered by OSQA