Not logged in. · Lost password · Register
Forum: MatriX RSS
Avatar
mstief #1
Member since May 2017 · 2 posts
Group memberships: Members
Show profile · Link to this post
Subject: TLS Connection Issue (I think)
Hello,

The XMPPClient connection was working for Cisco 11.5 and then when the server was updated to Cisco 11.5(1) the connection failed. We are using a secured Bosh connection. The Cisco 11.5(1) did remove support for TLS 1.0 which I wouldn't have thought would have broke things but looks like the culprit at the moment. The Cisco Server does support TLS 1.1 and TLS 1.2. Here is a link to the Cisco doc for reference: http://www.cisco.com/c/en/us/support/docs/customer-collabo…

The version of the Matrix.dll we have in our production code is 1.6.0.6 and I tried version 2.1.0.2 on the site to see if it made a difference and it didn't. I also found out is was a self signed cert and tied into the cert event to accept the cert and that didn't make a difference. The cert did work prior to the upgrade but I figured I would give it a shot.

Is there something I am missing to help with the TLS negotiation?

Here is the logged error for the failed connection for reference.

Matrix.Net.BoshException: BoshException ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
   at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at #=qjt567rtYXN6bnkVuq4oq6Z5I0j5BRlldZtQ2jeIWFRo=.#=qRbmYAjbRkQePoflAPiVvmA==(IAsyncResult #=qmXVKcTHOWLZj_zNsqbUL1g==)
   --- End of inner exception stack trace ---

I can share the connection code if that is helpful.

Thank you for your time.

Mike
Avatar
Alex #2
Member since Feb 2003 · 4296 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
When you are on BOSH MatriX is using .NET WebRequests.

Did you try to set the TLS version in the ServicepointManager?

  1. ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

or

  1. ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls10;
Avatar
mstief #3
Member since May 2017 · 2 posts
Group memberships: Members
Show profile · Link to this post
That was it. I flaked out on keeping in mind this was a .Net 4.5 app and I needed to configure that.

Thanks,

Mike
Avatar
Alex #4
Member since Feb 2003 · 4296 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Yes, those enum values were introduced with NET 4.5.
No idea why latest TLS versions are not enabled by default these days where everyone turns off old protocols which don't meet today's security requirements anymore.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Forum: MatriX RSS