Microsoft provides best practices guidance for Transport Layer Security (TLS). This document describes registry keys that can enable or disable a specific…
I've got an OpenSSL generated X.509 certificate in PEM format and it's associated key file. This certificate is required for authentication when connecting to a prototype server. This works fine on Linux. I've been using the Microsoft SChannel API…
I call AcquireCredentialsHandle in a kernel driver, passing in SCHANNEL_CRED with the dwCredFormat set to SCH_CRED_FORMAT_CERT_HASH. It fails with SEC_E_NO_CREDENTIALS. Here is my code:
BYTE certHashBytes[20] = {…
I am working with a server using SChannel TLS. I use SCHANNEL_CRED and AcquireSecurityCredentials to create the security credentials that are then passed to AcceptSecurityContext. Everything seems to work ok, but SChannel will not send an…
In my company we have a Windows service developed in C# to process requests messages from clients using SSLStream with Tls12 and Server and Client certificates. Service have worked fine on Windows Server 2012, including Windows 10 PC, no matter if…
Environment:
Reporting Services running on a SQL Server 2008 R2 SP3 installation on a Windows 2008 server with .Net 4.6.1 installed and .Net 3.5 enabled as feature. IIS, database and reporting service all in the local machine (custom login URL in a…
I can implement HTTP using "win sockets" easily , but I've been struggling to implement HTTPS using "SChannel" which is pretty much poorly documented "at least for me". How can I establish a secure connection for HTTPS communication and is there any…
I'm working on a program for personal use that scrapes a few webpages periodically. One of them requires the use of SSL, and its main URL actually is a load balancer that redirects to a different domain each time, out of a list of a handful (not…
I'm experiencing connection negotiations failure while trying to establish two way authentication with .NET clients.
This happens after the remote server increased significantly the list of authorized CA.
While this issue can be easily resolved in…
I am trying to create a DTLS "connection" using Schannel under Windows (I am testing under recent Windows 10 version, so all DTLS versions supported by Schannel should be available)
I tried starting from working code to establish a regular TLS…
I'm trying to access an SSL URL from a Windows browser to another machine running Tomcat and I am seeing error 36887 from Schannel in the System event log on the Windows machine with this description:
The TLS protocol defined fatal alert code is…
When I try to execute this curl command :
curl -v --key some_key_file.key --cert certificate_file.pem --show-error --header "Content-Type: application/json;charset=UTF-8" https://some-api/service
I get the following error : curl: (35) schannel:…
I'm using .NET to download data from a URL. For most URLs it works no problem, but for one specific URL, I am getting a very weird error when I try to make the connection. Furthermore, the error only happens on the 2nd (and subsequent) attempts to…
Where can I find a definition of the Windows Schannel fatal alerts codes that show up in Event Viewer? For instance:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
A fatal alert was generated…
I'm trying to connect to the test server started with openssl (this limited ciphersuite combination is intended):
openssl s_server -accept 443 -www -tls1_2 -cipher ECDHE:DHE:EDH -cert selfsignedcert.pem -key sskey.pem
The code I use is similar to…
