EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Dealing with ERROR_SSL_HANDSHAKE_FAILURE

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#29554
Posted: 05/23/2014 19:48:43
by Luis Arenal (Standard support level)
Joined: 05/10/2006
Posts: 9

using D2007 + SBB 11.0.246

I get a PFX for secure connection and have no problems connecting to almost all the servers/services of this company.
I'm having problems connecting with one server in particular.

With HTTPGet sample, minor changes, checking headers, OnError...

Quote

Headers sent:
GET /ws HTTP/1.1
Host: ----------.com
User-Agent: SecureBlackbox
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

--- Client Error ---
ErrorCode: 75782 ERROR_SSL_HANDSHAKE_FAILURE
Fatal=True Remote=True
Exception: Connection lost (error code is 10058)

Connection works fine in IE, I asume PFX is fine since It works also with other server from the same company.
Quote

Headers sent:
GET /ws HTTP/1.1
Host: ----------.com
User-Agent: SecureBlackbox
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Headers received:
HTTP/1.1 200 OK
Server: nginx/1.0.15
Date: Sat, 24 May 2014 00:41:05 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Set-Cookie: JSESSIONID=tFpohrBvF2Ms9Gx3KqYepAA6; Path=/
Content-Length: 795

Reading from other posts, already tried to disable TLS1.1 and TLS1.2, did not worked.

I have no control over the server.

Any ideas?

TIA
#29557
Posted: 05/24/2014 00:49:18
by Eugene Mayevski (EldoS Corp.)

There are several things to modify and try besides TLS versions. They are used cipher suites (via CipherSuites property) and Renegotiation mode (via RenegotiationAttackPreventionMode property). Unfortunately there's no other way to diagnoze the problem other than trial-and-error because error 10058 is a Winsock that stands for "Connection reset", which means that the server didn't report an error code but just forcefully closed the connection.


Sincerely yours
Eugene Mayevski
#29561
Posted: 05/24/2014 13:33:38
by Luis Arenal (Standard support level)
Joined: 05/10/2006
Posts: 9

Will try that, thanks Eugene.
#29576
Posted: 05/26/2014 12:48:50
by Luis Arenal (Standard support level)
Joined: 05/10/2006
Posts: 9

RenegotiationAttackPreventionMode = rapmAuto

SSL2, SSL3 disabled
TLS1.x enabled

Worked! Thanks

Reply

Statistics

Topic viewed 739 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!