Solved

third party  disabled support of SSLv3 due to the POODLE security

Posted on 2014-12-22
6
451 Views
Last Modified: 2014-12-28
Hello,

We have an application which calls third party Webservice to fetch documents and update status.

It was working all correct up to last month . The third party  disabled support of SSLv3 due to the POODLE security vulnerability and advised that carriers remove any HTTPs:// connections using SSLv3 and upgrade to at least TLS 1.0.

 Since then whenevr our applictaion tries to send request to the third party service we get below error

System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://xxx This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Received an unexpected EOF or 0 bytes from the transport stream.

We are running Windows 2008 R2. I used Wireshark and I confirm that TLS 1.0 is used. What can cause this issue?

Thanks for help
Salim
0
Comment
Question by:slimard01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 40512885
The 3rd party should be able to advise, shouldn't it? I would like to see what they say, first.
0
 

Author Comment

by:slimard01
ID: 40512901
This is what I think as well but it is ping pong game. So any advice on how to fix this, is welcome
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40512925
A ping pong game? So instead of telling you how to work with their new setup they invite you to play ping pong? They must have said at least somthing useful - what was it?
0
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

 
LVL 58

Expert Comment

by:Gary
ID: 40513392
You need to specify the SSL type in your app to use only TLS else it will default to SSL

http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.securityprotocol.aspx
0
 

Accepted Solution

by:
slimard01 earned 0 total points
ID: 40514995
The solution was to upgrade the .NET client to version 4.5.1. It was running .NET 4 extended.

It is now working fine
0
 

Author Closing Comment

by:slimard01
ID: 40520297
The solution was to upgrade the .NET client to version 4.5.1. It was running .NET 4 extended.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is banking over coffee-shop wifi SAFE? 16 236
Where to get a legit or non-tampered version TrueCrypt 4 98
Header of docx file 17 145
Bitlocker request key after every windows update 11 105
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question