0

we have this web service client running on windows XP and windows 2003 built in .Net framework 1.1. However after poodle attack and strict PCI/DSS rules we have to disable the SSLv3 on servers all clients working in .net framework 2.0 still working fine but those clients which were running on .net fx 1.1 stopped working.

Therefore I created a sample application which just calls a function named "LinkTest" and built it with .net framework 1.1 and its not even running on my "Windows 7" machine. I rebuilt the same application in .net 2.0 and it works fine.

So apparently its not Windows which is blocking it but it has something to do with framework itself.

Update

Please remember we are not in position to upgrade .net 1.1 clients to .net 2.0 so that is not an option for us. Moreover as pointed out by Dia in comments i have already tried kb-907829 but still the same.

Just for the sake of completeness following is the error message we get on client. 

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Sample.SampleWebService.SampleWebServiceStub.LinkTest() in c:\dir\web references\samplewebapp\reference.cs:line 78
   at ParkbankServerQnDFx11.Form1.btnLinkTest_Click(Object sender, EventArgs e) in c:\dir\app\formname.cs:line 150

Update2

Yesterday I noticed that SSL handshake is working fine both parties are agreeing on ciphers and even one data message is being sent from client accepted by server and responding to as well and that message can also be seen in clear text on the server side. But somehow it ends up with above exception while receiving data. I already have tried to increase the timeout.

Update3

There is more progress on the topic I developed a small sample web service deployed it on windows 7 box on IIS7 and disabled SSLv3 and test it with other .net 1.1 test application and it worked fine.

Then We updated our actual servers which are running stunnel in linux box and change the cipher suite and added weaker ciphers and then test also went well. So apparently it seems to be the issue of ciphers. Now in previous update I mentioned that both parties seems to be agreed on cipher which seems a bit contradictory however we have a reason to believe that windows box might be agreed on the cipher but .net fx 1.1 may not support the strong ciphers which we are using on our servers.

Mubashar
  • 12,300
  • 11
  • 66
  • 95
  • I think this might be relevant: https://support.microsoft.com/en-us/kb/907829/ – Dai Mar 25 '15 at 00:06
  • That said, upgrading from .NET 1.1 to 2.0 (or even 3.5) is really easy, is there any reason you're still using 1.1? – Dai Mar 25 '15 at 00:07
  • @Dai: Thanks for KB it seems relevant I am contacting MS for that. And no! we don't have an option to upgrade to other .net versions – Mubashar Mar 25 '15 at 00:34
  • Why don't you have an option to upgrade? – Dai Mar 25 '15 at 00:40
  • Our dll gets loaded by another application which is made by 3rd party. They have given the new version but clients donot wish to pay for the upgrade that is exactly why – Mubashar Mar 25 '15 at 01:06
  • You have my sympathy, however please inform whoever controls the purse that Windows XP, Server 2003, and the .NET Framework 1.1 are no longer supported at all, and this leaves your system open to security issues, especially if you're exposed as you're running a web-service. – Dai Mar 25 '15 at 01:09
  • KB didn't work by the way. And with your suggestion we may loose client :) – Mubashar Mar 25 '15 at 01:11

0 Answers0