Clever Geek Handbook

Error https request on winXP

I have a C # console application that uses a webservice (public government web service). To do this, I added a Webservice reference in my C # -Project, called the appropriate methods and everything works fine. Except for one PC.

This is a Windows XP SP2 PC, I have installed .NET Framework 4 (which is the target environment of my application). When I call the same command line tool, I always get an error. 100% percent the same tool with the same parameters works great on all other clients (Windows 7, Windows 8, Windows 8.1 and even other Windows XP computers)!?!?!?

Error message:

Unhandled Exception: System.ServiceModel.CommunicationException: An error occurred while executing an HTTP request https://adress.com/services/TheServiceWSI .

This could be because the server certificate is not configured correctly with HTTP.SYS in the case of HTTPS. It can also be caused by a mismatch in the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred while sending. ---> System.IO.IOException: Unexpected EOF or 0 bytes received from a transport stream.

I tried:

  • deactivate firewall
  • reinstalling .net framwork 4
  • deactivation of antvir software
  • install all windows updates

but without success ...

Anyone can figure out what might be the problem here?

Thanks in advance!

+3


source to share


2 answers


TL; DR; Make sure XP installations are fully patched with SP3 and all security fixes. Many SSL / TLS vulnerabilities have been fixed.

I recognize this issue, it could be related to BEAST vulnerability mitigation (although it could be one of the other vulnerabilities mentioned in another answer as well). After Apple implemented mitigation with them using Mavericks, I had similar errors when talking to older Windows services. The reason was because the packages were fragmented, which caused bugs in implementations that did not exactly match the specification (apparently Microsoft not before, but they are now).

Either way, you need to reset SP2 and make sure you are running SP3.



If you have control over the server, you can try turning off BEAST mitigation . According to this article, XP SP3 should run with BEAST minified, so this is probably more of an academic interest. Disabling security fixes in a production environment is probably unwise.

As you probably know, Windows XP ended extended support a long time ago and has been going away without security patches for over a year.

+1


source


Here are some simple features that you could learn pretty quickly:



  • This question says the machine is using XP SP2, but all Windows updates have been applied. Are the XP work computers SP2 or SP3? .NET 4.0 was designed to run on SP3, so if possible in your environment and if you haven't already, this would be a sensible upgrade for many reasons.
  • Due to POODLE vulnerabilities at the end of last year, many servers dropped support for SSL 3.0 (and below) and now require TLS 1.0 or above. You can check Control Panel / Internet Properties / Advanced / Security to see a list of SSL versions installed and enabled on the problem machine and make sure TLS 1.0 is installed and verified.
  • Make sure the system time on the problem machine is about the same as the other machines (which is not too much).
+1


source






More articles:


All Articles