EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Why can connection to the SSL/TLS (HTTPS, FTPS, SMTP/S, POP3/S) server be closed without any error indication right after connecting?

Some servers close connection immediately when they receive client's data packet which they can't parse or don't understand. This is usually either a flaw of the server not capable to handle unknown parameters properly, or misconfiguration of the server. For example, most versions of OpenSSL (before 1.0) failed when getting TLS 1.1 request.

If you come across such server, the first thing to do is disable TLS 1.1 and TLS 1.2 (disabling SSL 2 is also a good idea).

Next, some servers, including stock installation of IIS 7 require Renegotiation Attack Prevention to be enabled. This requires use of TLS 1.0+ and special extension. This extension is enabled when you set RenegotiationAttackPreventionMode property in SecureBlackbox components to rapmAuto or rapmStrict (default value is rapmCompatible) AND enable TLS 1.x and disable SSL 2 and SSL 3.

Finally, some servers handle certain cipher suites incorrectly. Unfortunately the only remedy for this situation is to disable all cipher suites using CipherSuites property and then enable them one by one and try to connect.

Some servers are generous enough to report an error before disconnecting. Such error is dispatched to the client using OnError (or OnSSLError) event of the SSL-enabled components. You can handle this event to get information about error.

Return to the list


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!