My website connects with JavaScript to a JavaServer Websocket (Tomcat 7.0.76). I use Secure Websocket (wss) and all works as expected on Chrome (Windows/Linux), Android and older iOS devices, but on newer iOS devices, I get the following error:
WebSocket connection to 'wss://****' failed: Error during WebSocket handshake: 'Connection' header value is not 'Upgrade'
But my SSL certificate is accepted by new iOS, I have no security warnings/problems navigating through the website via https.
Also, the websocket connection works over ws:// (by navigating to the site over http).
I think I have to modify the http header sent from the server, but no idea how to do that.
I am very grateful for any advice.
Related
I am using Indy 10.6.2 (current version from SVN) server components in Delphi 2007 and client components in Delphi 6 application, and of course OpenSSL.
I am receiving "Error connecting with SSL. EOF was observed that violates the protocol" in the client application.
As far as I have found on the web, this arises from the server socket closing its connection, e.g., due to mismatch of SSL versions or ciphers between HTTP client and server. It sounds quite logical.
I would like to debug (introduce more reporting in the server side about this mismatch), but where is the code located in the Indy libraries (System, Core, Protocols) that checks and closes the server connection (that rejects client request) when any incompatibilities are observed?
The answer to my question can solve "Error connecting with SSL. EOF was observed that violates the protocol", but it can also help in the future to resolve any problems during handshake, i.e., if I implement more extensive logging about rejected connections.
where is the code located in the Indy libraries (System, Core, Protocols) that checks and closes the server connection (that rejects client request) when any incompatibilities are observed?
Nowhere, because it is not Indy that is doing the checks. It is OpenSSL itself doing the checks internally while it is handling the SSL handshake. OpenSSL has the socket handle. When it detects a problem with the handshake, it closes the socket connection immediately and returns an error to Indy, which then closes the socket handle.
I am trying to enable http2 protocol on a Azure Web app, MVC application without any luck. The tutorial is simple just activate the 2.0 in Application settings of the portal, Http2 online tests states that the http2 protocol is enabled, no requests is on http2.
Https is enabled, minimum tls version set to 1.2... any ideas on what can go wrong?
It seems that an antivirus on my computer was the root cause for all the requests still being on the http. After i disabled it the requests were, as expected on http2.
I tried to send some soap requests using: nlapiRequestURL ( url , data, headers, null , 'POST') ;
When I send it to server like: http://www.dneonline.com/calculator.asmx I receive status code 200, but when I try to do with e.g. https://sprawdz-status-vat.mf.gov.pl I get an error: SSS_INVALID_HOST_CERT
Why? Do Netsuite Have some certificate or safe url list?
https://sprawdz-status-vat.mf.gov.pl does not support TLS 1.2 (you can run a test at https://www.ssllabs.com/ssltest/ to verify this).
NetSuite has deprecated support for TLS 1.0 and 1.1, so any server you try to connect to from NetSuite needs to support TLS 1.2 to work.
See below excerpt from SuiteAnswer 70534:
SuiteScript
SuiteScript can be affected when the user is trying to connect to an external resource using SuiteScript Navigation APIs (for example, nlapiRequestURL() ).
See the following examples of errors that might be encountered.
· SSS_CONNECTION_CLOSED : usually occurs when the server associated with the URL is unresponsive.
· SSS_INVALID_HOST_CERT : usually occurs when the client and server could negotiate the desired level of security. The connection is no longer usable.
· Suggested resolution:
Review the URL to which the script is trying to connect to determine whether it is capable of secure communications using TLS 1.2. The URLs can be verified using an external TLS Checker. Once verified, contact the third-party owner of the URL to update their servers to use for TLS 1.2.
See the following examples of external sites to verify your external links:
· https://www.ssllabs.com/ssltest/- Can test the security settings of a URL or web page
· https://www.howsmyssl.com/s/api.html- a public API that can be called for testing TLS versions and security settings
For more information, see FAQ: Transport Layer Security (TLS) Deprecations (SuiteAnswers ID: 49076).
The site's certificate might be outdated or not trusted. This is form the NetSuite Help center:
Web service were working fine. All of a sudden webservice started throwing NSURLErrorDomain Code=-999 "cancelled".
We tried to get the response in POSTMAN and response was same. We disabled the SSL certificate option in POSTMAN and server started responding. Android uses the same web services and its working fine with them. iOS we have integrated AFNetwroking to get consume web service. I have googled around and it set the "self.securityPolicy.allowInvalidCertificates = YES;""
However still the response from server to iOS device is NSURLErrorDomain Code=-999 "cancelled.
Is there anyway where we don't allow the webservice to validate with SSL certificate.
I am trying to write up an HTTP proxy server in node.js, and I have successfully managed to route unsecure HTTP connections through it. But when applications (on my iOS device) use HTTPS for APIs 'n such, it always throws an error, and the attempted HTTPS connection never hits the server. So there are a few explanations of what could possibly be happening:
iOS chooses not to send HTTPS connections over the proxy for security reasons
iOS is looking for an HTTPS connection at the server on a different port, but can't find one
Basically what I am asking is: What does iOS do with HTTPS connections when an HTTP proxy is configured?
Please ask for any details or further questions in the comments. Thanks.