#1 2023-02-16 11:15:01

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

TLS Error Problem

Hi Arnaud,

here i have 2 Log Entries one with Socket Client and one with WinHTTP Client
IgnoreSSLCertError is aktivated, also IgnoreTLSCertError.

https://postimg.cc/gallery/TKCBRS6

The Server uses a self signed certifikate only to encrypt (Internal Network)
The Client throws above Errors.

Very serious the WinHTTP Client throws error only on first connect. Subsequent Connects are successful

What can i do to connect ? Any Idea ?
Ty in advance


Rad Studio 12.1 Santorini

Offline

#2 2023-02-16 12:01:40

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,182
Website

Re: TLS Error Problem

Does the client work on a regular HTTPS website?
Which operating system do you use?
What is the self-signed certificate algorithm?

I have seen this error when the system is too old to support the TLS algorithms.
Try to enable old/deprecated TLS algorithms on the server, by setting TNetTlsContext.AllowDeprecatedTls := true.

Offline

#3 2023-02-16 12:55:52

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

Re: TLS Error Problem

The Client is Windows 10
The Server Windows 2019
The Client works with our https Website (Let's Encrypt) Certificate
algo - have to check
I'll try AllowDeprecatedTLS
ty

Last edited by itSDS (2023-02-16 12:56:14)


Rad Studio 12.1 Santorini

Offline

#4 2023-02-16 13:14:36

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

Re: TLS Error Problem

The Alghorithm is md5RSA


Rad Studio 12.1 Santorini

Offline

#5 2023-02-16 14:21:36

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

Re: TLS Error Problem

i dont think its a server problem. We have older server with older m2 Versoin running, but after updating the client to Versions newer than approx. mid 1/2023 we get the error.


Rad Studio 12.1 Santorini

Offline

#6 2023-02-16 18:23:59

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

Re: TLS Error Problem

I made some further testing (Turned on AllowDeprecatedTls on Client / On Server i don't know how - pls help)

Starting Client on same Windows Server 2019
The WinHTTP Client runs without error.
The Socket Client with same error as before ESChannel: SEC_E_INVALID_TOKEN/ERROR_INVALID_PARAMETER. As i know Win2019 supports TLS 1,1.1,1.2 as Default.

There Error comes requesting Timestamp. In Server Log is no entry concerning the connection request. Something is wrong with tls settings in Socket Client for Windows.


Rad Studio 12.1 Santorini

Offline

#7 2023-02-16 19:08:33

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

Re: TLS Error Problem

I testet it with a similar certificate on my Develop Computer and no Error ?!


Rad Studio 12.1 Santorini

Offline

#8 2023-02-17 08:28:17

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,182
Website

Re: TLS Error Problem

In your first post, you got a problem with both the mORMot client and the WinHttp Client....
So my guess is that it is more of a server problem... even if WinHttp was correct after a while.

What is the SSPI API call which triggers the error?
(you did not provide the stack trace in your screenshots)

Please try with https://github.com/synopse/mORMot2/commit/0705b978
(at least some more error context will be available)

If you can, try to use OpenSSL on the server side, to see if the issue come from it.
Define USE_OPENSSL;FORCE_OPENSSL conditionals on the server project, then supply a recent libcrypto-1_1.dll with the exe (do be downloaded from  http://wiki.overbyte.eu/wiki/index.php/ICS_Download e.g.)

But first please try with mORMot self-signed certificate, i.e. aSecurity = secTLSSelfSigned parameter.

Offline

#9 2023-02-17 12:14:12

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

Re: TLS Error Problem

Ty i test it this weekend


Rad Studio 12.1 Santorini

Offline

#10 2023-02-18 13:06:56

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

Re: TLS Error Problem

Here is a screenshot of the Log:

https://postimg.cc/zHft06SL


Rad Studio 12.1 Santorini

Offline

#11 2023-02-18 13:58:35

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

Re: TLS Error Problem

I tried now with secTLSSelfSigned - Same Error
USE_OPENSSL - Here the initialization with NewOpenSslNetTls is not called (Set breakpoint) Do i have to set some more parameter ?

One more info the self signed certificate on my develop computer uses sha256RSA


Rad Studio 12.1 Santorini

Offline

#12 2023-02-18 15:36:23

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,182
Website

Re: TLS Error Problem

You need to define both USE_OPENSSL;FORCE_OPENSSL conditionals, as I wrote above.

Offline

#13 2023-02-20 10:09:30

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 506

Re: TLS Error Problem

sry arnaud, I defined both what meens it did not work defining both defines in Projekt-Options.

Last edited by itSDS (2023-02-20 18:25:18)


Rad Studio 12.1 Santorini

Offline

Board footer

Powered by FluxBB