TLS Error Problem

itSDS · 2023-02-16 11:15:01

Hi Arnaud,

here i have 2 Log Entries one with Socket Client and one with WinHTTP Client
IgnoreSSLCertError is aktivated, also IgnoreTLSCertError.

https://postimg.cc/gallery/TKCBRS6

The Server uses a self signed certifikate only to encrypt (Internal Network)
The Client throws above Errors.

Very serious the WinHTTP Client throws error only on first connect. Subsequent Connects are successful

What can i do to connect ? Any Idea ?
Ty in advance

ab · 2023-02-16 12:01:40

Does the client work on a regular HTTPS website?
Which operating system do you use?
What is the self-signed certificate algorithm?

I have seen this error when the system is too old to support the TLS algorithms.
Try to enable old/deprecated TLS algorithms on the server, by setting TNetTlsContext.AllowDeprecatedTls := true.

itSDS · 2023-02-16 12:55:52

The Client is Windows 10
The Server Windows 2019
The Client works with our https Website (Let's Encrypt) Certificate
algo - have to check
I'll try AllowDeprecatedTLS
ty

Last edited by itSDS (2023-02-16 12:56:14)

itSDS · 2023-02-16 13:14:36

The Alghorithm is md5RSA

itSDS · 2023-02-16 14:21:36

i dont think its a server problem. We have older server with older m2 Versoin running, but after updating the client to Versions newer than approx. mid 1/2023 we get the error.

itSDS · 2023-02-16 18:23:59

I made some further testing (Turned on AllowDeprecatedTls on Client / On Server i don't know how - pls help)

Starting Client on same Windows Server 2019
The WinHTTP Client runs without error.
The Socket Client with same error as before ESChannel: SEC_E_INVALID_TOKEN/ERROR_INVALID_PARAMETER. As i know Win2019 supports TLS 1,1.1,1.2 as Default.

There Error comes requesting Timestamp. In Server Log is no entry concerning the connection request. Something is wrong with tls settings in Socket Client for Windows.

itSDS · 2023-02-16 19:08:33

I testet it with a similar certificate on my Develop Computer and no Error ?!

ab · 2023-02-17 08:28:17

In your first post, you got a problem with both the mORMot client and the WinHttp Client....
So my guess is that it is more of a server problem... even if WinHttp was correct after a while.

What is the SSPI API call which triggers the error?
(you did not provide the stack trace in your screenshots)

Please try with https://github.com/synopse/mORMot2/commit/0705b978
(at least some more error context will be available)

If you can, try to use OpenSSL on the server side, to see if the issue come from it.
Define USE_OPENSSL;FORCE_OPENSSL conditionals on the server project, then supply a recent libcrypto-1_1.dll with the exe (do be downloaded from http://wiki.overbyte.eu/wiki/index.php/ICS_Download e.g.)

But first please try with mORMot self-signed certificate, i.e. aSecurity = secTLSSelfSigned parameter.

itSDS · 2023-02-17 12:14:12

Ty i test it this weekend

itSDS · 2023-02-18 13:06:56

Here is a screenshot of the Log:

https://postimg.cc/zHft06SL

itSDS · 2023-02-18 13:58:35

I tried now with secTLSSelfSigned - Same Error
USE_OPENSSL - Here the initialization with NewOpenSslNetTls is not called (Set breakpoint) Do i have to set some more parameter ?

One more info the self signed certificate on my develop computer uses sha256RSA

ab · 2023-02-18 15:36:23

You need to define both USE_OPENSSL;FORCE_OPENSSL conditionals, as I wrote above.

itSDS · 2023-02-20 10:09:30

sry arnaud, I defined both what meens it did not work defining both defines in Projekt-Options.

Last edited by itSDS (2023-02-20 18:25:18)

mORMot Open Source

#1 2023-02-16 11:15:01

TLS Error Problem

#2 2023-02-16 12:01:40

Re: TLS Error Problem

#3 2023-02-16 12:55:52

Re: TLS Error Problem

#4 2023-02-16 13:14:36

Re: TLS Error Problem

#5 2023-02-16 14:21:36

Re: TLS Error Problem

#6 2023-02-16 18:23:59

Re: TLS Error Problem

#7 2023-02-16 19:08:33

Re: TLS Error Problem

#8 2023-02-17 08:28:17

Re: TLS Error Problem

#9 2023-02-17 12:14:12

Re: TLS Error Problem

#10 2023-02-18 13:06:56

Re: TLS Error Problem

#11 2023-02-18 13:58:35

Re: TLS Error Problem

#12 2023-02-18 15:36:23

Re: TLS Error Problem

#13 2023-02-20 10:09:30

Re: TLS Error Problem

Board footer