I have an application which Posts XML using an HTTP object PostXml method. Up until March 2015 everything was working beautifully on all Windows versions with your DLLs dated Sep 2 2009. Starting approx. April, on Windows 7, 8, apparently only on those which were automatically updated by Windows Update, application stopped working and is showing the following error after PostXml:
DllDate: Sep 2 2009 UnLockPrefix: ANZASOHttp Username: olek Component: AxtiveX url: https://test-bramka.edeklaracje.gov.pl/uslugi/dokumenty charset: utf-8 xmlSizeInChars: 3070 httpConnect: hostname: test-bramka.edeklaracje.gov.pl port: 443 ssl: 1 protocol: default protocol: default The message received was unexpected or badly formatted. scRet: 0x80090326 Aborting SSL client handshake because of fatal error Error performing handshake Failed to connect. Failed.
On Windows XP it still works flawlessly. Why is that happening? MS must have changed something in SSL that affects your DLLs on updated Windows 7, 8 but what? I tried many things and fixes but without success.
Ok., so I decided to upgrade old DLLs to your newest version 9.5.0. I work on Windows 7 64-bit last updated 14-01-2015 and on this computer my application works fine. I changed my code to connect to the new objects:
Chilkat_9_5_0.Http.1 instad of ChilkatHttp.ChilkatHttp.1
Chilkat_9_5_0.HttpRequest.1 instead of ChilkatHttp.ChilkatHttpRequest.1
Chilkat_9_5_0.HttpResponse.1 instead of ChilkatHttp.ChilkatHttpResponse.1
I removed ProxyPartialUrl = 1 setting which is not used in Chilkat_9_5_0
run the code and after PostXml now I get the following error:
DllDate: Jun 3 2015 ChilkatVersion: 18.104.22.168 UnlockPrefix: ANZASOHttp Username: DUO22:Andrzej Architecture: Little Endian; 32-bit Language: ActiveX VerboseLogging: 0 url: https://test-bramka.edeklaracje.gov.pl/uslugi/dokumenty charset: utf-8 fullRequest: a_synchronousRequest: generateRequest: httpRequestGenStartLine: genStartLine: startLine: POST /uslugi/dokumenty HTTP/1.1 --genStartLine --httpRequestGenStartLine addCookies: Not auto-adding cookies. sendCookies: 1 cookieDir: --addCookies --generateRequest fullHttpRequest: domain: test-bramka.edeklaracje.gov.pl port: 443 ssl: 1 openHttpConnection: Opening connection directly to HTTP server. httpHostname: test-bramka.edeklaracje.gov.pl httpPort: 443 ssl: 1 socket2Connect: connect2: connectImplicitSsl: clientHandshake: clientHandshake2: readHandshakeMessages: processAlert: TlsAlert: level: fatal descrip: protocol version --TlsAlert Closing connection in response to fatal SSL/TLS alert. --processAlert Aborting handshake because of fatal alert. --readHandshakeMessages --clientHandshake2 --clientHandshake Client handshake failed. (3) --connectImplicitSsl ConnectFailReason: 0 --connect2 --socket2Connect --openHttpConnection --fullHttpRequest success: 0 --a_synchronousRequest success: 0 --fullRequest Failed.
If, in the very same code, I use old DLLs from 2009, then PostXml works like a charm again. Why is this upgrade to 9.5.0 not working? Why is the old code failing on updated Windows 7, 8? Please help...
Windows 7 and 8 received updates to SSL to disable weak ciphers and fix issues with implementation issues. These updates did not apply to Windows XP as it is EOL and no longer receives any security fixes.
It's likely that your new code is failing because the URL you are trying to connect to is using an old SHA1 certificate signature rather than SHA2, and has a bunch of other issues. Try running an SSL test scan at https://www.ssllabs.com/ssltest/ for more details.
I'm not entirely familiar with the SSL changes in Chilkat, but see http://www.cknotes.com/category/release-notes/ and search for SSL to see all the changes that have occurred. It appears that the default is now to use TLS 1.2 if available which your test URL does not support, and also isn't available in Windows XP which would explain why that would still work with the new code. Also see the comments regarding the SSL FREAK issues earlier in the year http://www.chilkatforum.com/questions/7804/ftp2-ssltls-and-ssh-ciphers-freak-attack , you may have to manually add the appropriate ciphers to allow your application to connect to your test server.
AgeofStrife, thanks a lot for your answer, it solved the case. https://www.ssllabs.com/ssltest/ shows everything quite clearly. I used SslProtocol="TLS 1.0" in the newest version of the HTTP object and it works on all Windows versions again. Interestingly, setting SslProtocol="TLS 1.0 or higher" still doesn't work, and it might be fixed in the future release but at this point I am happy with what I have, Thanks a lot again!