A client we are connecting to are upgrading to make their platform SHA-2/TLS1.2 compliant.
In accordance with this I am trying to test to ensure that we're able to connect this way in the above version. The docs indicate that the connection will negotiate with the server for the highest version available and use that.
How ever it's unclear which SSL protocols this version of the chilkat.http module support, and we are receiving the following error:
ChilkatLog: SynchronousRequest: DllDate: Dec 12 2012 UnlockPrefix: redacted Username: redacted Architecture: Little Endian; 32-bit Language: ActiveX VerboseLogging: 0 domain: redacted port: 443 ssl: 1 RequestData: HttpVersion: 1.1 Verb: POST Path: redacted Charset: utf-8 SendCharset: 0 MimeHeader: Content-Type: text/xml --RequestData ReadTimeout: 30 ConnectTimeout: 30 httpConnect: hostname: redacted port: 443 ssl: 1 Need to establish connection to the HTTP server... ConnectTimeoutMs_1: 30000 calling ConnectSocket2 IPV6 enabled connect with NO heartbeat. connectingTo: redacted resolveHostname1: dnsCacheLookup: redacted dnsCacheHit: redacted --resolveHostname1 GetHostByNameHB_ipv4: Elapsed time: 0 millisec myIP_1: redacted myPort_1: 53298 connect successful (1) cacheClientCerts: Reached the root cert.. Finished caching client certs. --cacheClientCerts clientHelloMajorMinorVersion: 3.1 buildClientHello: majorVersion: 3 minorVersion: 1 numRandomBytes: 32 sessionIdSize: 0 numCipherSuites: 10 numCompressionMethods: 1 --buildClientHello readIncomingTls_serverHello: readTlsRecord: numBytesRequested: 5 Connection closed by connected peer. Failed to read beginning of SSL/TLS record. --readTlsRecord --readIncomingTls_serverHello Failed to read incoming handshake messages. (1) Client handshake failed. (3) Failed to connect. --httpConnect connectTime1: Elapsed time: 109 millisec totalTime: Elapsed time: 109 millisec Failed. --SynchronousRequest --ChilkatLog
Gateway.S3Ssl is set to true. (docs note: If True, Chilkat uses TLS 1.2) Gateway.SslProtocol is set to default. Gateway.SetSslClientCertPem returns true also.
Can anyone advise why we are failing to read beginning of SSL/TLS record and if this is even related to TLS version?
You're using a very old version of Chilkat. The solution is to update to the latest version.
If the server finds all of the options (protocol version, cipher suites, etc.) listed in the ClientHello as unacceptable, then it will (likely) immediately disconnect. You're using a very old version of Chilkat, and much has been added to TLS since 4 years ago.
Also... 4 years from now, I'm sure there will be servers with stringent requirements that won't accept this current October 2016 version of Chilkat, but given that Chilkat will keep up to date, the October 2020 version will be fine. In general, when there's a chance in the development schedule to update to a later version of Chilkat, it is wise to do so. The external world of servers and protocols is not stationary. You don't want to wait 4 years before updating. It's best to update on a more frequent schedule, even if once per year.