NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: Alberto on February 19, 2019, 06:50:05 AM

Title: Error SSL 248
Post by: Alberto on February 19, 2019, 06:50:05 AM

Hi, trying to connect to a WS, in test mode its http and in prod mode its https
When connecting http all is ok but when connecting to the https ws I get the error
Please see image
Im using:
!        These settings would be required if you were talkig to a SOAP server that only did SSL.
!        ws.SSLCertificateOptions.CertificateFile = ''
!        ws.SSLCertificateOptions.PrivateKeyFile = ''
        ws.SSLCertificateOptions.DontVerifyRemoteCertificateCommonName = 1
        ws.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = 1
!        ws.SSLCertificateOptions.CARootFile = '' !If https use a root cluster like '.\CA_Roots.pem'

Title: Re: Error SSL 248
Post by: Bruce on February 19, 2019, 11:01:55 PM

did you install the Visual C runtime on the server?
http://www.capesoft.com/docs/NetTalk11/NetTalk.htm#DeployingAtlsClientOrServer

Title: Re: Error SSL 248
Post by: Alberto on February 20, 2019, 05:53:07 AM

The WS is not mine, Im trying to consume it and Im using my produccion box, I dont think I need it... or yes?
Weird thing ids Im consuming another https ws without problem.

Title: Re: Error SSL 248
Post by: urayoan on February 20, 2019, 06:15:19 AM

michelis, as far as i know, you need the libraries to consume or serve web services.

Title: Re: Error SSL 248
Post by: Alberto on February 20, 2019, 11:21:31 AM

All the dlls are ok in the app folder and still the same error.

Now I tried with NetDemo.exe and same error.

Attached goes the NetDemo.ini with which you can easily try, just copy it to the NetDemo folder , run NetDemo.exe and go to the Generic Post Tab and click Post.

Image attached. NetDemo.ini attached but renamed as netdemo.imc

Title: Re: Error SSL 248
Post by: Bruce on February 20, 2019, 09:46:07 PM

I get the same error here connecting to that address with NetDemo.
I'll dig a bit deeper...

cheers
Bruce

Title: Re: Error SSL 248
Post by: Bruce on February 20, 2019, 11:02:30 PM

Hi Alberto,

It helps that you give the URL of the site you are connecting to, because the problem is on their side, not your side.
Using the URL I was able to duplicate in NetDemo and also determine the appropriate fix.

The site is pretty insecure. You can see this by going to
https://www.ssllabs.com/ssltest/analyze.html?d=www.siogranos.com.ar
As you can see there are all kinds of things wrong - the primary ones being only support for TLS 1.0 and the (very) limited number of weak, and insecure ciphers being supported.

To connect to a site like this you seen to set the ciper list to AES128-SHA and turn off the remote certificate ca root check.
(The site is using a certificate which we don't "trust".)

ThisWebClient.SSLCertificateOptions.CiphersAllowed = 'AES128-SHA'
ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = true

all the other settings can be left to default values.

Of course the above code will break when they do finally get around to securing the server, and then the AES cipher will no longer work.

Cheers
Bruce

Title: Re: Error SSL 248
Post by: Alberto on February 22, 2019, 05:50:42 AM

Thank you very very much.
You are THE man!

Title: Re: Error SSL 248
Post by: Alberto on February 22, 2019, 08:17:44 AM

Is it possible that it doesnot work with NT10 ? same sln ok in NT11 and wrong in NT10.