Showing posts with label TLS. Show all posts
Showing posts with label TLS. Show all posts

Friday, June 08, 2018

Quicknote: install stunnel as service

stunnel is an open-source multi-platform application used to provide universal TLS/SSL tunneling service. stunnel is used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.

Installing and setting up is pretty standard and configuration is derived form stunnel.config file, Here is how you can setup and configure stunnel in windows

For setting up stunnel service as automatic run this command from command prompt: “stunnel.exe -install  -quiet" and start it.

This will install stunnel as service, open the service and set service as automatic and start service.

stunnel

Tuesday, May 01, 2018

TLS 1.2 and .NET Support: How to Avoid Connection Errors

I recently ran into an interesting issue when developing we are connecting to a third-party Carrier API. When trying to connect to the API endpoint, I received the following error message:

“An error occurred while making the HTTP request to https://<API endpoint>. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.” Inner exception was “Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.”

With data security in place lot of API providers are ending TLS 1.0 support. This can be overcomed by adding a line of code in .NET by setting TLS 1.1 or above
The default System.Net.ServicePointManager.SecurityProtocol in both .NET 4.0/4.5 is SecurityProtocolType.Tls|SecurityProtocolType.Ssl3.

.NET 4.0 supports up to TLS 1.0 while .NET 4.5 supports up to TLS 1.2

However, an application targeting .NET 4.0 can still support up to TLS 1.2 if .NET 4.5 is installed in the same environment. .NET 4.5 installs on top of .NET 4.0, replacing System.dll

Adding below one line of code will help you to avoid above error.

ServicePointManager.SecurityProtocol = (SecurityProtocolType)192 |
(SecurityProtocolType)768 | (SecurityProtocolType)3072;

Reference:

namespace System.Net
{
    [System.Flags]
    public enum SecurityProtocolType
    {
       Ssl3 = 48,
       Tls = 192,
       Tls11 = 768,
       Tls12 = 3072,
    }
}