Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
Hello, our vb program uses chilkat http to connect to our servers; from yesterday there's often the above response from chilkat:
IBS ErrEst1 & 27/10/2016 11:40:30 proc=TestIBproxy
ChilkatLog:
QuickGetStr:
DllDate: Jul 10 2013
ChilkatVersion: 9.4.1.26
UnlockPrefix: IBSSASHttp
Username: NB-FELTRING:Giuseppe.Feltrin
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
QuickReq:
url: https://www.ibs.ve.it/testproxy.html
QuickGetToOutput_OnExisting:
qGet_1:
simpleHttpRequest_3:
httpMethod: GET
requestUrl: https://www.ibs.ve.it/testproxy.html
Connecting to web server...
httpServer: www.ibs.ve.it
port: 443
Using HTTPS.
ConnectTimeoutMs_1: 30000
calling ConnectSocket2
IPV6 enabled connect with NO heartbeat.
connectingTo: www.ibs.ve.it
resolveHostname1:
Resolving domain name (IPV4) via gethostbyname
--resolveHostname1
GetHostByNameHB_ipv4: Elapsed time: 0 millisec
myIP_1: 10.30.4.145
myPort_1: 51720
connect successful (1)
clientHelloMajorMinorVersion: 3.1
buildClientHello:
majorVersion: 3
minorVersion: 1
numRandomBytes: 32
sessionIdSize: 0
numCipherSuites: 10
numCompressionMethods: 1
--buildClientHello
readIncomingTls_serverHello:
processTlsRecord:
processHandshake:
handshakeMessageType: ServerHello
handshakeMessageLen: 0x46
processHandshakeMessage:
MessageType: ServerHello
Processing ServerHello...
ServerHello:
MajorVersion: 3
MinorVersion: 1
SessionIdLen: 32
CipherSuite: RSA_WITH_AES_128_CBC_SHA
CipherSuite: 00,2f
CompressionMethod: 0
Queueing ServerHello message.
ServerHello is OK.
--ServerHello
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_serverHello
HandshakeQueue:
MessageType: ServerHello
--HandshakeQueue
Dequeued ServerHello message.
readIncomingTls_6:
processTlsRecord:
processHandshake:
handshakeMessageType: Certificate
handshakeMessageLen: 0x9a7
processHandshakeMessage:
MessageType: Certificate
ProcessCertificates:
Certificate:
derSize: 1288
certSubjectCN: sprint.ibs.ve.it
certSerial: 037C55025697C6800069F409C4A2A6AF6110
certIssuerCN: Let's Encrypt Authority X3
--Certificate
Certificate:
derSize: 1174
certSubjectCN: Let's Encrypt Authority X3
certSerial: 0A0141420000015385736A0B85ECA708
certIssuerCN: DST Root CA X3
--Certificate
NumCertificates: 2
Queueing Certificates message...
--ProcessCertificates
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_6
Dequeued Certificate message.
readIncomingTls_6:
processTlsRecord:
processHandshake:
handshakeMessageType: ServerHelloDone
handshakeMessageLen: 0x0
processHandshakeMessage:
MessageType: ServerHelloDone
Queueing HelloDone message.
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_6
DequeuedMessageType: ServerHelloDone
OK to ServerHelloDone!
No client certificate required by the server.
Encrypted pre-master secret with server certificate RSA public key is OK.
Sending ClientKeyExchange...
Sent ClientKeyExchange message.
Sending ChangeCipherSpec...
Sent ChangeCipherSpec message.
Derived keys.
Installed new outgoing security params.
Sending FINISHED message..
algorithm: aes
keyLength: 128
Sent FINISHED message..
readIncomingTls_changeCipherSpec2:
processTlsRecord:
processChangeCipherSpec:
ccsProtocolType: 1
--processChangeCipherSpec
--processTlsRecord
--readIncomingTls_changeCipherSpec2
readIncomingTls_handshakeFinished2:
processTlsRecord:
processHandshake:
handshakeMessageType: HandshakeFinished
handshakeMessageLen: 0xc
processHandshakeMessage:
MessageType: HandshakeFinished
FinishedMsgLen: 12
Queueing Finished message.
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_handshakeFinished2
Dequeue the FINISHED message...
Dequeued Finished message.
Handshake completed successfully.
Secure Channel Established.
connectElapsedMs: 172
-- BuildGetRequest --
Not auto-adding cookies.
sendElapsedMs: 0
tlsRecvAppData:
readIncomingTls_appData:
processTlsRecord:
processAlert:
TlsAlert:
level: fatal
descrip: handshake failure
--TlsAlert
Closing connection in response to fatal error.
--processAlert
--processTlsRecord
--readIncomingTls_appData
Failed to read SSL/TLS application messages.
--tlsRecvAppData
Failed to get response header
--simpleHttpRequest_3
--qGet_1
--QuickGetToOutput_OnExisting
--QuickReq
Failed.
--QuickGetStr
--ChilkatLog
We did non change anything both on server and client side; anyone has some idea about the error? We can't understand what is it. We checked server's log and it returns something like client failure, but no so sure. Thanks a lot!!!
Ok, it seems we found the solution: ssl cerficates will expire next monday (31/10); after renewal chilkat started again to work...did someone know if chilckat makes a some check on certs expire? If yes in which way?
You're using a very old version of Chilkat, and much has been added to TLS since 3 years ago.
Also... 3 years from now, I'm sure there will be servers with stringent requirements that won't accept this current October 2016 version of Chilkat, but given that Chilkat will keep up to date, the October 2019 version will be fine. In general, when there's a chance in the development schedule to update to a later version of Chilkat, it is wise to do so. The external world of servers and protocols is not stationary. You don't want to wait 3 years before updating. It's best to update on a more frequent schedule, even if once per year.