|
Forums -> Security Library Forum
Exception in WebServer sample |
|
|
by Aaron posted on 2003/08/26 |
|
This also throws an exception in my own web server. The certificate I'm using works fine in IIS. For some reason, the localMac and remoteMac don't match in UnwrapMessage. Haven't really dug deep into it to see what the cause is. Here's the exceptions connecting with IE 6:
Receiving HTTP request...
Error while receiving data from client [An error occurred during the decryptionand verification process.].
Org.Mentalis.Security.Ssl.Shared.SslException: An error occurred during the decryption and verification process.
at Org.Mentalis.Security.Ssl.SecureSocket.EndReceive(IAsyncResult asyncResult) in f:\mentalis\seclib\security\ssl\securesocket.cs:line 492
at Org.Mentalis.Security.Ssl.SecureSocket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) in f:\mentalis\seclib\security\ssl\securesocket.cs:line 439
at WebServer.StartServer(IPEndPoint ep, SecureProtocol sp, Certificate cert)
Waiting for another connection...
Incoming socket accepted.
Receiving HTTP request...
Error while receiving data from client [The server hello message uses a protocol that was not recognized.].
Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message uses a protocol that was not recognized.
at Org.Mentalis.Security.Ssl.SecureSocket.EndReceive(IAsyncResult asyncResult) in f:\mentalis\seclib\security\ssl\securesocket.cs:line 492
at Org.Mentalis.Security.Ssl.SecureSocket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) in f:\mentalis\seclib\security\ssl\securesocket.cs:line 439
at WebServer.StartServer(IPEndPoint ep, SecureProtocol sp, Certificate cert)
|
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/08/26 |
|
I just tested the webserver example again, and it appears to work fine on my computer [using IE6 as the client].
I only managed to reproduce the "The server hello message uses a protocol that was not recognized" by either
- connecting to the server using HTTP instead of HTTPS, and
- adjusting the IE settings so that it only allows SSL2 connections [which is not supported in the current version of the library]
However, I don't think either of these cases apply to you.
Could you check some things for me?
- can the certificate find the associated private key? [you can check this by calling the Certificate.HasPrivateKey method]
- if possible, can you try to connect to the server using another client [Mozilla, etc]. Do you get the same problems
- can you try to adjust the IE security settings, for instance allowing it to only use TLS1 or SSL3 [security settings can be found at: Tools -> Internet Options -> Advanced -> Security] |
by Aaron posted on 2003/08/27 |
|
- It does have a private key
- Using Netscape 7.1, I get the same error.
- Turning off SSL2 and turning on TLS1 in internet options gives me a "List of certificates is empty" error. Enabling only SSL3 gives me the original error.
The certificate I'm using is a test certificate from Verisign if that helps. |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/08/27 |
|
Aaron,
I just uploaded a new version of the library [v1.0.13.672] that fixes a bug in the SSL library. The bug in question caused an unhandled ArgumentOutOfRange exception in the SSL2 client hello code.
Can you download the new version and see if it works now? Thanks |
by Aaron posted on 2003/08/27 |
|
Tried the new version and all combinations of SSL2, SSL3, and TLS1 enabled or not and still get the AsyncException of {"An error occurred during the decryption and verification process." } though the exception thrown shows the new message of "An error occurs while communicating with the remote host."
I'm at a loss since I don't know that much about the internals of the Security library. Guess it's time to bone up. Is there something else I can do to give you more info?
|
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/08/27 |
|
Hmm. If you have time, could you test some other things to?
First of all, could you use the server certificate that is shipped with the security library? It's a file called "server.pfx" and it's included in the "\Samples\RegressionTests\certs" directory. This is just to make sure it's not a certificate problem.
Secondly, after running the WebServer example, can you try to connect to it using the WebClient example?
Also, what operating system are you running? If you are running Windows 2000, have you tried installing the Microsoft High Encryption pack?
[http://www.microsoft.com/windows/ie/downloads/recommended/128bit/default.asp] |
by Aaron posted on 2003/08/28 |
|
Looks like Verisign's test certificate is the problem. Using server.pfx, both the sample and my web server work fine.
Here's another question. Is there a way to require the client connections already have a certificate? |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/08/28 |
|
Ok, that's good to hear. I'll request my own Verisign test certificate to find out what the problem was.
In order to require clients to present a client certificate when connecting to the server, you should specify the SecurityFlags.MutualAuthentication constant in your SecurityOptions instance. |
|
|