| Dart Home | PowerTCP Sockets for .NET | Custom Development | Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
| Author | Forum: PowerTCP Sockets for .NET (Secure and Standard) Topic: Object closed down in the middle of SSL handshake |
| zemackdaddy From: Salt Lake City, UT USA Posts: 6 Member Since: 03/07/03 |
posted March 7, 2003 12:14 PM My code and error message are below. I am just plain doing something dumb or is the opposite side (epayhipvar) the problem? Thank You This is the error message I am getting: Tcp.Connect(Gateway:epayhipvar.paymentech.net;Port:443): object closed down in the middle of SSL handshake Here is my code: Tcp tcp = new Tcp(); SslStream ssl = new SslStream(new TcpStream(tcp)); ssl.useAuthentication = false; tcp.Stream = new SegmentedStream(ssl); // get a Secure Socket Layer TCP connection try { tcp.Connect(ConfigurationSettings.AppSettings["Gateway"], ConfigurationSettings.AppSettings["Port"]); } catch (Exception Err) { LogError(GetRequestString("OrderID"), "Global.GetResponse(): Tcp.Connect(Gateway:" + ConfigurationSettings.AppSettings["Gateway"] + ";Port:" + ConfigurationSettings.AppSettings["Port"] + "): " + Err.Message, true); } |
K M Drake From: Utica, NY USA Posts: 3406 Member Since: 07/14/00 |
posted March 10, 2003 4:39 PM Hi, I assume you are doing this because you want to set the useAuthentication property? The code below should work. -ken Tcp tcp1 = new Tcp(); SslStream ssl = (SslStream)tcp1.Stream.CoreStream; ssl.useAuthentication = false; ssl.Protocol = SecureProtocol.Auto; tcp1.Connect("epayhipvar.paymentech.net", "443"); |
| zemackdaddy From: Salt Lake City, UT USA Posts: 6 Member Since: 03/07/03 |
posted March 10, 2003 5:02 PM Actually what ended up working late Friday was setting the ssl.protocol = SecureProtocol.SSL2 vs. using the default of Auto. |
| zemackdaddy From: Salt Lake City, UT USA Posts: 6 Member Since: 03/07/03 |
posted March 18, 2003 9:00 AM I am not using the useAuthentication. It is false in my code above. The company I am connecting to with SSL (Paymentech) tells me that they support Auto negotiation with OpenSSL/0.9.6g running in Apache 1.3.27. They think that Power TCP Sockets for .NET might be using a different cipher suite for SSL2 vs. SSL3. When I set the ssl.protocol to SSL2, I can connect to them. When I try Auto or SSL3, I cannot. |
| K M Drake From: Utica, NY USA Posts: 3406 Member Since: 07/14/00 |
posted March 19, 2003 11:02 AM Hi, This means the server only accepts SSLv2 for connection, and automatically rejects an SSLv3 request. Some servers will respond, telling us to use SSLv2 instead of closing. We use a library on your system for SSL negotiation that has a default setting for the version of SSL to use. This default will depend upon the version of the library on the runtime machine. It looks like that is SSLv3 on your system; it used to be SSLv2 on Windows 2000. This will vary. Regardless, Auto will work with most remote systems. It is unusual to reject a higher version of the protocol without requesting the lower version first. -ken |
| zemackdaddy From: Salt Lake City, UT USA Posts: 6 Member Since: 03/07/03 |
posted March 19, 2003 3:15 PM They swear left and right that they support SSL3 without a problem. What cipher suite does your stuff use? |
| K M Drake From: Utica, NY USA Posts: 3406 Member Since: 07/14/00 |
posted March 20, 2003 9:15 AM Hi, On the client-side, the cipher the server requests. See the following thread for more info: http://support.dart.com/postings?topicid=2619&search=1 -ken |
| zemackdaddy From: Salt Lake City, UT USA Posts: 6 Member Since: 03/07/03 |
posted March 31, 2003 12:50 PM I had Paymentech watch my SSL3 request come through and here is what they said: Per our conversation, we have researched your connection problems from our side in terms of the Apache Log files. We do, in fact, see these failed connections. Here’s what we see in our log files: “mod_ssl: SSL handshake timed out (client 204.246.137.26, server serverNameHere:443)” There is no more information, but I will take a stab at two alternatives: · The cipher strength is different between V2 and V3 and your server is taking too long to complete SSL Negotiation, such as reg step Change cipher Suite is not being returned in time. · There is a bug in your library for V3 that causes the completion of the SSL negotiation to stop in the middle. I am using the exact same code and system (changing the protocol) to do both SSL2 & 3. 2 Works. Does Dart have any thoughts on this? |
| K M Drake From: Utica, NY USA Posts: 3406 Member Since: 07/14/00 |
posted April 2, 2003 10:36 AM Hi, Yes, our development staff would like to know a) if TLS (SSL v3.1) works? And b) if our ActiveX product works using Auto or version 3? (You can use the included Tcp Client sample to test). http://www.dart.com/powertcp/secure.asp Thanks, -ken |
| swhedbee From: Alachua, FL USA Posts: 1 Member Since: 04/15/03 |
posted April 15, 2003 9:55 AM Hi, I'm getting an "object closed down in the middle of SSL handshake" with our C# windows forms based client application. The server is a java application running on Java 1.3 with JSSE 1.0.3 (Java Secure Socket Environment). When I set the debug system property for SSL (-Djavax.net.debug=ssl,handshake,data,trustmanager) the output shows that JSSE is decrypting the first part of my message. The tail part seems to be garbled. The client does a stream.Flush() after writing the request message to the socket. When we remove the stream.Flush() then this "object closed down..." exception does not occur. There appears to be something funky with tcp.Stream.Flush(). We were using the www.mentalis.org free SecureSocket library which works fine from a local workstation install, however it causes the client application to randomly exit sometimes when used with a .NET internet deployment. We downloaded the 30day eval of the dart product to see if it was more stable. Thanks, -Sam Below is the relevant debug output from JSSE. I couldn't post the entire output because of the length limit of message posts. length = 56 %% Cached server session: [Session-1, SSL_RSA_WITH_RC4_128_MD5] Worker for 127.0.0.1, READ: SSL v3.0 Application Data, length = 20 Plaintext after DECRYPTION: len = 20 0000: 38 39 0D 0A 9E F8 91 A8 A6 D2 9F 1C D4 20 37 57 89........... 7W 0010: 1A 77 A9 48 .w.H Worker for 127.0.0.1, READ: SSL v3.0 Application Data, length = 105 Plaintext after DECRYPTION: len = 105 0000: 72 65 71 75 65 73 74 3D 56 61 6C 69 64 61 74 65 request=Validate 0010: 55 73 65 72 0D 0A 75 6C 74 69 61 50 61 73 73 77 User..ultiaPassw 0020: 6F 72 64 3D 64 65 6D 6F 0D 0A 75 6C 74 69 61 55 ord=demo..ultiaU 0030: 73 65 72 3D 64 66 0D 0A 72 65 71 75 65 73 74 56 ser=df..requestV 0040: 65 72 73 69 6F 6E 3D 33 2E 32 0D 0A 75 73 65 72 ersion=3.2..user 0050: 55 6E 69 71 75 65 3D 0D 0A 97 B6 66 3A 24 23 45 Unique=....f:$#E 0060: 0F 7E 29 A2 CB 39 28 19 DE ..)..9(.. Worker for 127.0.0.1, READ: SSL v3.0 Alert, length = 18 Plaintext after DECRYPTION: len = 18 0000: 01 00 97 B3 4E 32 FA 86 A6 F8 AE FC 6C B4 48 24 ....N2......l.H$ 0010: 47 06 G. Worker for 127.0.0.1, RECV SSLv3 ALERT: warning, close_notify Worker for 127.0.0.1, SEND SSL v3.0 ALERT: warning, description = close_notify Plaintext before ENCRYPTION: len = 18 0000: 01 00 8C 6F 83 21 62 21 4C C5 35 FF FF EC F4 80 ...o.!b!L.5..... 0010: 9E 04 .. Worker for 127.0.0.1, WRITE: SSL v3.0 Alert, length = 18 |
| K M Drake From: Utica, NY USA Posts: 3406 Member Since: 07/14/00 |
posted April 16, 2003 1:18 PM Hi, In response to this post, please email directly to support@dart.com. So if you do not flush the stream, it works as expected? Can this be reproduced with other servers? Why is it necessary for you to make the call to Flush? Thanks, -ken |
| Reply | PowerTCP Sockets for .NET (Secure and Standard) Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|