login about faq

A client we are connecting to are upgrading to make their platform SHA-2/TLS1.2 compliant.

In accordance with this I am trying to test to ensure that we're able to connect this way in the above version. The docs indicate that the connection will negotiate with the server for the highest version available and use that.

How ever it's unclear which SSL protocols this version of the chilkat.http module support, and we are receiving the following error:

ChilkatLog:
  SynchronousRequest:
    DllDate: Dec 12 2012
    UnlockPrefix: redacted
    Username: redacted
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    VerboseLogging: 0
    domain: redacted
    port: 443
    ssl: 1
    RequestData:
      HttpVersion: 1.1
      Verb: POST
      Path: redacted
      Charset: utf-8
      SendCharset: 0
      MimeHeader: Content-Type: text/xml
    --RequestData
    ReadTimeout: 30
    ConnectTimeout: 30
    httpConnect:
      hostname: redacted
      port: 443
      ssl: 1
      Need to establish connection to the HTTP server...
      ConnectTimeoutMs_1: 30000
      calling ConnectSocket2
      IPV6 enabled connect with NO heartbeat.
      connectingTo: redacted
      resolveHostname1:
        dnsCacheLookup: redacted
        dnsCacheHit: redacted
      --resolveHostname1
      GetHostByNameHB_ipv4: Elapsed time: 0 millisec
      myIP_1: redacted
      myPort_1: 53298
      connect successful (1)
      cacheClientCerts:
        Reached the root cert..
        Finished caching client certs.
      --cacheClientCerts
      clientHelloMajorMinorVersion: 3.1
      buildClientHello:
        majorVersion: 3
        minorVersion: 1
        numRandomBytes: 32
        sessionIdSize: 0
        numCipherSuites: 10
        numCompressionMethods: 1
      --buildClientHello
      readIncomingTls_serverHello:
        readTlsRecord:
          numBytesRequested: 5
          Connection closed by connected peer.
          Failed to read beginning of SSL/TLS record.
        --readTlsRecord
      --readIncomingTls_serverHello
      Failed to read incoming handshake messages. (1)
      Client handshake failed. (3)
      Failed to connect.
    --httpConnect
    connectTime1: Elapsed time: 109 millisec
    totalTime: Elapsed time: 109 millisec
    Failed.
  --SynchronousRequest
--ChilkatLog

Gateway.S3Ssl is set to true. (docs note: If True, Chilkat uses TLS 1.2) Gateway.SslProtocol is set to default. Gateway.SetSslClientCertPem returns true also.

Can anyone advise why we are failing to read beginning of SSL/TLS record and if this is even related to TLS version?

Kind regards,

Gavin.

asked Oct 25 at 12:04

gallmond's gravatar image

gallmond
32

I think our problem might mirror the one here:

http://www.chilkatforum.com/questions/9563/http-ssltls-connect-failure

However I still can't find the valid cipher-suites for our version anywhere. We're looking at running both new and old versions concurrently at the moment.

(Oct 25 at 12:52) gallmond

You're using a very old version of Chilkat. The solution is to update to the latest version.

If the server finds all of the options (protocol version, cipher suites, etc.) listed in the ClientHello as unacceptable, then it will (likely) immediately disconnect. You're using a very old version of Chilkat, and much has been added to TLS since 4 years ago.

Also... 4 years from now, I'm sure there will be servers with stringent requirements that won't accept this current October 2016 version of Chilkat, but given that Chilkat will keep up to date, the October 2020 version will be fine. In general, when there's a chance in the development schedule to update to a later version of Chilkat, it is wise to do so. The external world of servers and protocols is not stationary. You don't want to wait 4 years before updating. It's best to update on a more frequent schedule, even if once per year.

link

answered Oct 26 at 09:37

chilkat's gravatar image

chilkat ♦♦
11.8k316358420

Many thanks. I did get the impression this was the problem.

As a short term solution we've for v 9.5 running concurrently with 9.4 for the sake of the immediate changes needed but I've put in a request to roll it out everywhere to future proof us for a while.

(Oct 26 at 09:54) gallmond
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×56
×35
×32
×7
×4

Asked: Oct 25 at 12:04

Seen: 113 times

Last updated: Oct 26 at 09:54

powered by OSQA