Archived Forum Post

Index of archived forum posts

Question:

Problem with SSL on Windows 8

Jul 10 '15 at 05:40

I have an application which Posts XML using an HTTP object PostXml method. Up until March 2015 everything was working beautifully on all Windows versions with your DLLs dated Sep 2 2009. Starting approx. April, on Windows 7, 8, apparently only on those which were automatically updated by Windows Update, application stopped working and is showing the following error after PostXml:

ChilkatLog:

PostXml:

DllDate: Sep 2 2009
UnLockPrefix: ANZASOHttp
Username: olek
Component: AxtiveX
url: https://test-bramka.edeklaracje.gov.pl/uslugi/dokumenty
charset: utf-8
xmlSizeInChars: 3070
httpConnect:
  hostname: test-bramka.edeklaracje.gov.pl
  port: 443
  ssl: 1
  protocol: default
  protocol: default
    The message received was unexpected or badly formatted.
    scRet: 0x80090326
    Aborting SSL client handshake because of fatal error
    Error performing handshake
    Failed to connect.
  Failed.

On Windows XP it still works flawlessly. Why is that happening? MS must have changed something in SSL that affects your DLLs on updated Windows 7, 8 but what? I tried many things and fixes but without success.

Ok., so I decided to upgrade old DLLs to your newest version 9.5.0. I work on Windows 7 64-bit last updated 14-01-2015 and on this computer my application works fine. I changed my code to connect to the new objects:

Chilkat_9_5_0.Http.1 instad of ChilkatHttp.ChilkatHttp.1

Chilkat_9_5_0.HttpRequest.1 instead of ChilkatHttp.ChilkatHttpRequest.1

Chilkat_9_5_0.HttpResponse.1 instead of ChilkatHttp.ChilkatHttpResponse.1

I removed ProxyPartialUrl = 1 setting which is not used in Chilkat_9_5_0

run the code and after PostXml now I get the following error:

ChilkatLog:

PostXml:

DllDate: Jun  3 2015
ChilkatVersion: 9.5.0.50
UnlockPrefix: ANZASOHttp
Username: DUO22:Andrzej
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
url: https://test-bramka.edeklaracje.gov.pl/uslugi/dokumenty
charset: utf-8
fullRequest:
  a_synchronousRequest:
    generateRequest:
      httpRequestGenStartLine:
        genStartLine:
          startLine: POST /uslugi/dokumenty HTTP/1.1
        --genStartLine
      --httpRequestGenStartLine
      addCookies:
        Not auto-adding cookies.
        sendCookies: 1
        cookieDir: 
      --addCookies
    --generateRequest
    fullHttpRequest:
      domain: test-bramka.edeklaracje.gov.pl
      port: 443
      ssl: 1
      openHttpConnection:
        Opening connection directly to HTTP server.
        httpHostname: test-bramka.edeklaracje.gov.pl
        httpPort: 443
        ssl: 1
        socket2Connect:
          connect2:
            connectImplicitSsl:
              clientHandshake:
                clientHandshake2:
                  readHandshakeMessages:
                    processAlert:
                      TlsAlert:
                        level: fatal
                        descrip: protocol version
                      --TlsAlert
                      Closing connection in response to fatal SSL/TLS alert.
                    --processAlert
                    Aborting handshake because of fatal alert.
                  --readHandshakeMessages
                --clientHandshake2
              --clientHandshake
              Client handshake failed. (3)
            --connectImplicitSsl
            ConnectFailReason: 0
          --connect2
        --socket2Connect
      --openHttpConnection
    --fullHttpRequest
    success: 0
  --a_synchronousRequest
  success: 0
--fullRequest
Failed.

--PostXml --ChilkatLog

If, in the very same code, I use old DLLs from 2009, then PostXml works like a charm again. Why is this upgrade to 9.5.0 not working? Why is the old code failing on updated Windows 7, 8? Please help...


Accepted Answer

Hi,

Windows 7 and 8 received updates to SSL to disable weak ciphers and fix issues with implementation issues. These updates did not apply to Windows XP as it is EOL and no longer receives any security fixes.

It's likely that your new code is failing because the URL you are trying to connect to is using an old SHA1 certificate signature rather than SHA2, and has a bunch of other issues. Try running an SSL test scan at https://www.ssllabs.com/ssltest/ for more details.

I'm not entirely familiar with the SSL changes in Chilkat, but see http://www.cknotes.com/category/release-notes/ and search for SSL to see all the changes that have occurred. It appears that the default is now to use TLS 1.2 if available which your test URL does not support, and also isn't available in Windows XP which would explain why that would still work with the new code. Also see the comments regarding the SSL FREAK issues earlier in the year http://www.chilkatforum.com/questions/7804/ftp2-ssltls-and-ssh-ciphers-freak-attack , you may have to manually add the appropriate ciphers to allow your application to connect to your test server.

Dan


Answer

AgeofStrife, thanks a lot for your answer, it solved the case. https://www.ssllabs.com/ssltest/ shows everything quite clearly. I used SslProtocol="TLS 1.0" in the newest version of the HTTP object and it works on all Windows versions again. Interestingly, setting SslProtocol="TLS 1.0 or higher" still doesn't work, and it might be fixed in the future release but at this point I am happy with what I have, Thanks a lot again!