All geek questions in one place

The client and server cannot communicate because they do not have a common algorithm in Windows Server 2008 Web

I am working on an ASP.Net WebForms application. We use the PayFort launch API for the payment process. The application works fine on our local machine (Windows 10), but if we fail, we try to make a payment using our API on our deployment server (Windows Server Web 2008).

The client and server cannot communicate, because they do not possess a common algorithm.

The documentation on their web page ( PayFort Start and SSL / TLS ) states that they use TLS1.2 for communication. Their API already contains code for using Tls1.2 as a security protocol.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

We created the application on .Net framework 4.5, because it Tls1.2is only supported with .Net 4.5 or later. Of course, .NET Framework 4.5 is installed on our server.

We also added registry values ​​for Tls1.1 and Tls1.2 to the Windows registry

Using SSL Labs Tool , we also confirmed that at least two Cipher sets are supported by both servers (our server and PayFort API Server) ( https: // api .start.payfort.com )

Encryption supported by the PayFort API server Cipher suites supported by PayFort API Server (Green indicates the ones that are common with our server)

Cipher Suites supported by our server I also used Nartac IIS cryptographic softwareCipher Suites supported by our server

and showed the following information as I'm not sure if it has anything to do with the problem or not, but here are the details of the SSL certificate installed on our server. Someone can indicate what we are doing wrong and what we should do to get in touch. server and make payment from an application deployed on our server, since we work perfectly on our local machine.Best Practices Nartac IIS Cryptographic Data


SSL Certificate Information

+4
source share
3 answers

. Windows Server 2008, , OS . .NET Framework 4.5, ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;, Tls1.2 ( ), , , , , ,
tl; dr; Windows Server 2012 , ( )

+1

Payfort Start. , . , API (, HTTPS) TLS1.2. API , TLS1.2 .

, WebRequest TLS 1.1 1.2, . .

, TLS1.2, GET https://www.howsmyssl.com/a/check .

cURL:

> curl -X GET https://www.howsmyssl.com/a/check

:

{
  given_cipher_suites: [
    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
    "TLS_RSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
    "TLS_RSA_WITH_RC4_128_SHA",
    "TLS_RSA_WITH_RC4_128_MD5",
    "TLS_RSA_WITH_AES_128_CBC_SHA",
    "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
    "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
  ],
  ephemeral_keys_supported: true,
  session_ticket_supported: true,
  tls_compression_supported: false,
  unknown_cipher_suite_supported: false,
  beast_vuln: false,
  able_to_detect_n_minus_one_splitting: false,
  insecure_cipher_suites: {
    "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA": [
      "uses keys smaller than 128 bits in its encryption"
    ]
  },
  tls_version: "TLS 1.2",
  rating: "Bad"
}

tls_version .

+1

, :

1 , .net 4.5 ( ).

TLS 1.2 4.5+. .NET Framework, : https://msdn.microsoft.com/en-us/library/system.environment.version(v=vs.110).aspx

2 TLS 1.2 Windows.

TLS 1.2 ,

+1
source

Source: https://habr.com/ru/post/1625819/

More articles:


All Articles