NetTalk Central

Author Topic: Error SSL 248  (Read 5687 times)

Alberto

  • Hero Member
  • *****
  • Posts: 1873
    • MSN Messenger - alberto-michelis@hotmail.com
    • View Profile
    • ARMi software solutions
    • Email
Error SSL 248
« on: February 19, 2019, 06:50:05 AM »
Hi, trying to connect to a WS, in test mode its http and in prod mode its https
When connecting http all is ok but when connecting to the https ws I get the error
Please see image
Im using:
!        These settings would be required if you were talkig to a SOAP server that only did SSL.
!        ws.SSLCertificateOptions.CertificateFile = ''
!        ws.SSLCertificateOptions.PrivateKeyFile = ''
        ws.SSLCertificateOptions.DontVerifyRemoteCertificateCommonName = 1
        ws.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = 1
!        ws.SSLCertificateOptions.CARootFile = '' !If https use a root cluster like '.\CA_Roots.pem'
-----------
Regards
Alberto

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11251
    • View Profile
Re: Error SSL 248
« Reply #1 on: February 19, 2019, 11:01:55 PM »

Alberto

  • Hero Member
  • *****
  • Posts: 1873
    • MSN Messenger - alberto-michelis@hotmail.com
    • View Profile
    • ARMi software solutions
    • Email
Re: Error SSL 248
« Reply #2 on: February 20, 2019, 05:53:07 AM »
The WS is not mine, Im trying to consume it and Im using my produccion box, I dont think I need it... or yes?
Weird thing ids Im consuming another https ws without problem.
-----------
Regards
Alberto

urayoan

  • Full Member
  • ***
  • Posts: 222
    • View Profile
    • AZ Rock Radio
Re: Error SSL 248
« Reply #3 on: February 20, 2019, 06:15:19 AM »
michelis, as far as i know, you need the libraries to consume or serve web services.

Alberto

  • Hero Member
  • *****
  • Posts: 1873
    • MSN Messenger - alberto-michelis@hotmail.com
    • View Profile
    • ARMi software solutions
    • Email
Re: Error SSL 248
« Reply #4 on: February 20, 2019, 11:21:31 AM »
All the dlls are ok in the app folder and still the same error.

Now I tried with NetDemo.exe and same error.

Attached goes the NetDemo.ini with which you can easily try, just copy it to the NetDemo folder , run NetDemo.exe and go to the Generic Post Tab and click Post.

Image attached. NetDemo.ini attached but renamed as netdemo.imc
-----------
Regards
Alberto

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11251
    • View Profile
Re: Error SSL 248
« Reply #5 on: February 20, 2019, 09:46:07 PM »
I get the same error here connecting to that address with NetDemo.
I'll dig a bit deeper...

cheers
Bruce

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11251
    • View Profile
Re: Error SSL 248
« Reply #6 on: February 20, 2019, 11:02:30 PM »
Hi Alberto,

It helps that you give the URL of the site you are connecting to, because the problem is on their side, not your side.
Using the URL I was able to duplicate in NetDemo and also determine the appropriate fix.

The site is pretty insecure. You can see this by going to
https://www.ssllabs.com/ssltest/analyze.html?d=www.siogranos.com.ar
As you can see there are all kinds of things wrong - the primary ones being only support for TLS 1.0 and the (very) limited number of weak, and insecure ciphers being supported.

To connect to a site like this you seen to set the ciper list to AES128-SHA and turn off the remote certificate ca root check.
(The site is using a certificate which we don't "trust".)

ThisWebClient.SSLCertificateOptions.CiphersAllowed = 'AES128-SHA'
ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = true

all the other settings can be left to default values.

Of course the above code will break when they do finally get around to securing the server, and then the AES cipher will no longer work.

Cheers
Bruce



Alberto

  • Hero Member
  • *****
  • Posts: 1873
    • MSN Messenger - alberto-michelis@hotmail.com
    • View Profile
    • ARMi software solutions
    • Email
Re: Error SSL 248
« Reply #7 on: February 22, 2019, 05:50:42 AM »
Thank you very very much.
You are THE man!
-----------
Regards
Alberto

Alberto

  • Hero Member
  • *****
  • Posts: 1873
    • MSN Messenger - alberto-michelis@hotmail.com
    • View Profile
    • ARMi software solutions
    • Email
Re: Error SSL 248
« Reply #8 on: February 22, 2019, 08:17:44 AM »
Is it possible that it doesnot work with NT10 ? same sln ok in NT11 and wrong in NT10.
-----------
Regards
Alberto