I'm working with SChannel at the moment for an async (IOCP) based server and I've got most things working fine but I'm having a problem with renegotiation. Specifically, when peer A sends peer B a request to renegotiate and peer B responds with an…
I am trying to re-order/remove cipher suites due to compliance reasons (I want to use 256 bit AES and ephemeral keys) in .Net. However, using WCF TCP Transport Security, I cede all control over the security to Windows' TLS implementation and its…
I have to implement an TLS handshake process using the SSPI interface.
My app implements the client side, and as I saw from here the general flow is:
InitializeSecurityContext - first call return a pointer to a SecBufferDesc structure.
Call to…
I'm seeing the following pair of errors in eventvwr on Windows Server 2008 R2:
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the…
I am considering overriding the default certificate verification procedure with one that uses the Windows system store (via SSL_CTX_set_cert_verify_callback). The application is a web client and I need to accept company-wide self-signed certificates…
The question pertains to some specs (FIPS) that require the SChannel modules used for TLS perform a self test prior to use to validate that they have not been compromised. FIPS is one example. In the Open source libraries there are self tests built…
I have built Poco 1.11 and am unable to get secure SMTP connections, or HTTPS connections in general, to work, with the NetSSL_Win module (i.e. using Windows Schannel rather than OpenSSL). There is a sample in the distribution at…
When using the EncryptMessage (SChannel) from the win32 API with a valid context, I am supplying the four buffers in the correct order I get the SEC_E_INVALID_TOKEN response which according to the documentation is No SECBUFFER_DATA type buffer was…
I want to see a microsoft sample that demonstrate using of SSPI with Schannel.
As I see here there is a such sample, but I cannot succeed to find it :(
Can anyone please help me to find it?
Thanks in advance!
I want to establish TLS connection using by Win SSPI(Schannel) interface.
I am at the stage of encrypt- decrypt process, and I find myself really confused - who is responsible to manage the memory allocations? :
When I want to send a data packet to…
I recently came across an issue with Windows 2003 (apparently it also exists in other versions too), where if an SSL/TLS server is requesting client certificate authentication and it has more than 16KB of trusted certificate DNs, Internet Explorer…
This is tharun_atturu, I am trying to use the ACM certificates by importing them from the .pfx file. I get the desired result when the application is run with system privileges but when I try the console application with admin privileges I am…
I am trying to setup a 2-Way SSL with PEM certificate key pair on windows using .Net SSLstream. However I keep getting the followinng SChannel error: "A fatal error occurred while creating a TLS client credential. The internal error state is…
on the way to use the Windows Key Store for OpenSSL and Client Certificates I found this article:
https://anexdev.blogspot.com/2018/10/how-to-send-client-certificate-with.html
Apart from some typos in the given code, the example inspired me to write…
I have implemented (Windows 10.0.17763.0/VS2017/C++) a client/server app which does secure communication using schannel. Now the requirement is to use only a set of cipher suites for the communication between certain clients and servers.
Using…
